Working closely with the rest of our product engineering teams, you and your team will be responsible to ensure that Spotify is able to continue to safely and securely ship highly scalable products as quickly and frictionlessly as feasible. You will protect our customer and company information and secure our IT infrastructure, both internally and in the cloud. You will nurture and protect a healthy culture of security awareness by supporting and enabling risk analysis and strong security practises throughout the company. You will provide leadership in developing Spotify’s security policy, standards and practices for the entire company and ensure that Spotify is in compliance with all applicable laws, directives, and policies regarding the securing of information. You will drive implementation of security plans, including incident response, and manage the operational processes for monitoring and maintaining security and compliance.
Additionally, working closely with company Board of Directors, Executive Officers, Senior Management, Legal and the company’s Internal Audit team, you will ensure alignment between Security and privacy policies, training, and practices across the company. The Head of Security reports to the VP, Technology Platform, and is open in Stockholm or NYC.
What you’ll do:
- Develop and drive implementation of near- and long-term security strategy and goals in alignment with Spotify’s business objectives and culture.
- Attract and retain world class security talent across engineering, product management, and operational roles, enabling our security team to scale rapidly and effectively. Lead the development of the Security organization and enable it to scale and support our rapidly growing company.
- Advocate for all company security-related issues, across our global presence. Determine Spotify-wide security resource requirements including budget, staff, training needs and resource allocation. Work with senior stakeholders where appropriate to embed security expertise in other functional areas.
- Provide expert counsel and guidance to senior leadership (including the board of directors) on security and its impact across business strategy, programs, products/services, and operations.
- Lead the team to develop security policies, standards, frameworks, procedures and guidelines and ensure that they are aligned with the strategy and compliance programs like GDPR, SOX, and PCI DSS. Partner closely with Legal, our Data Protection Officer, Internal Audit/Controls, and HR on security-related topics.
- Oversee and continuously improve the governance and management of security to reflect changing technology, threat landscapes, regulatory requirements, and industry best practices.
- Develop and drive risk analysis, mitigation and remediation plans. Plan for and manage large-scale security incident response and recovery efforts.
- Evolve Spotify’s capability to monitor threats and vulnerabilities as well as detect, investigate, respond to and recover from incidents.
What you need to succeed:
- A breadth of senior leadership experience in security, engineering, or IT management.
- Substantial experience working with C-Level executives and other senior stakeholders.
- Significant experience managing a global technology security function, preferably in a broadly scaled consumer facing software/high technology industry.
- Deep knowledge and application of software development and quality assurance methodologies to application and infrastructure delivery.
- Experience in leading engineering culture in an agile & devops environment, and you are able to foster and grow the culture in existing teams.
- Demonstrated strong leadership and management skills and the ability to secure results through others.
- Significant experience working with Software/Infrastructure/Platform-as-a-Service (SIPaaS) solutions and architectures.
- Excellent communication skills, especially the ability to communicate security and risk-related concepts to technical and non-technical audiences.
- Ability to understand the business context and technology challenges and manage uncertainty and apply appropriate security solutions in response to multiple risks and needs.
- Knowledge of relevant security and compliance frameworks, standards and regulations (such as SOC2, Cloud Security Alliance (CSA), NIST, COBIT, PCI-DSS, GDPR, DPA, ISO270xx).<span style=""
We are proud to foster a workplace free from discrimination. We truly believe that diversity of experience, perspectives, and background will lead to a better environment for our employees and a better product for our users and our creators. This is something we value deeply and we encourage everyone to come be a part of changing the way the world listens to music.
Welcome with your application.