Join us on our mission to make a better world of work.
Culture Amp revolutionizes how over 25 million employees across 6,000 companies create a better world of work. As the global platform leader for employee experience, Culture Amp empowers companies of all sizes and industries to transform employee engagement, develop high performing teams, and retain talent via cutting-edge research, powerful technology, and the largest employee dataset in the world. The most innovative companies across the globe, such as Salesforce, PwC, KIND, SoulCycle, Celonis and BigCommerce depend on Culture Amp every day.
Culture Amp is backed by 10 years of innovation, leading capital venture funds, and offices in the U.S, U.K, Germany and Australia. Culture Amp is recognized as one of the world’s top private cloud companies by Forbes and one of the most innovative workplace companies by Fast Company.
Learn more about how Culture Amp can help you create a better world of work at cultureamp.com.
How you can help make a better world of work
Culture Amp is looking for a unique and talented Security Architecture & Solutions Planning Lead to join the Security & Risk Team.
Culture Amp is on an exciting journey of growth that involves embracing a distributed architecture. To help us do this in an effective, efficient, and high-quality way, we are seeking an Security Architecture & Solutions Practice Lead.
This role is heavily focused on establishing a guiding security vision, sensible defaults, security patterns and techniques that enable our business to leverage leading edge technologies and support our product & engineering teams as they develop innovative software solutions for our customers. Importantly you will own the security reference architecture and support decisions around the best of breed security solutions for our business.
To be truly successful in this role, Culture Amp teams will need to feel heard and supported as they grapple with their current challenges. You will help teams evolve their existing solutions through the creation of security best practice(s) and you’ll also guide new work with proven security patterns to maximise success. This is a hands-on role where we expect you to understand the details because you get in weeds with the teams and “security by design” is your passion.
We expect this role to have strong opinions about what we need to do as a growing tech company. You should be able to draw on leading practice, industry standards, data and your experience to make a compelling case. We are looking for someone who ‘gets the job done’ with a bit of flair and creativity to help embed security in all that we do.You champion diversity of thought, and know when to draw the discussion to a close and move forward with a decision. When decisions don’t go “all of security’s way”, you commit to the new decision as if it was your own and move for the win-win.
To do all this, you will be able to foster a community which brings together different areas of our business and can work together through collaboration, education and support.
Reporting to the VP of Security & Risk, this role will need to be commercially aware and across the business & product strategies at all times, so that we can adapt and continually shape how we apply security as Culture Amp grows.
- Establish and lead a Security Architecture Practice
- Develop and maintain the organisational cyber security strategy, roadmap, and reference architecture.
- Align with the Enterprise Architecture and Engineering team(s) on security standards, principles and practices that best support the business.
- Support the development of security policies, processes, application references models, guidelines, and artifacts.
- Develop security tooling strategies for cyber security services in support of the security reference architecture.
- Create a reusable and repeatable approach to conduct security reviews of SaaS and other technologies to support the overarching security supply chain process.
- Guide and streamline our architectural best practices for Culture Amp. This includes providing sensible defaults, guides, templates, tools, examples, feedback on solution previews, providing constraints, making decisions, coaching, and training others.
- Define a process for informing and then handing over security gaps, issues, concerns, or findings and outcomes to business owners, security operations, risk management and other key stakeholders for operational management.
- Share your expertise to help guide campers on the best ways to embed cyber security controls into their solutions and projects.
- Promote security and take a proactive approach to engaging across Product, Engineering, and our business to help ensure security is considered as a default requirement in projects and business solutions.
- Cultivate, establish and actively manage effective working relationships with Campers at all levels across practices, ensuring collaborative alignment and a win-win approach to achieve outcomes.
- Report and provide feedback to the VP of Security & Risk on any key learnings across the business.
- Strong domain expertise of cloud infrastructure compute, network and storage as well as the cloud control plane familiarity with compliance & security standards across the enterprise IT landscape
- Experience working with cloud security and governance tools and cloud access security brokers (CASBs).
- Strong technical understanding of controls associated with web applications and associated infrastructure
- Capable of building security reference architecture for all-in cloud deployment scenarios
- Familiarity with enterprise security solutions such as WAF, IPS, Anti-DDOS, DLP, EDR, and SIEM.
- Strong compliance & security standards across the enterprise IT landscape
- Experience with various security frameworks and accreditations like ISO 27,000, NIST, Mitre, CSA, and SOC2
- Understanding of enterprise risk management methods and techniques to drive successful outcomes in globally distributed environment
- Growth mindset who is passionate to learn and use new/emerging technologies
- Must work well independently and with others as part of larger team and be able to collaborate on cross-functional teams
- Documenting/diagramming skills (e.g. for documenting security architectures / security system interaction diagrams / user flow diagrams) using tools such as Miro, Lucid Chart.
- You have significant experience working in software and infrastructure-as-code environments, with a track record of producing high quality outcomes. A background in security architectures or security design principles would be highly desirable.
- Collaborative, like to work on shared problems, and you ask all the questions others might not to get a deeper level of understanding
- You are able to clearly communicate a compelling plan and the reasoning behind your decisions, ensuring campers with varying degrees of experience and context can understand your message and approach.
- Always seeking the win-win with those you are working with and you share insights and knowledge in the way that you influence
- Someone who proactively seeks input and actionable feedback from diverse stakeholders and partners, proactively identifying issues, and you create mutually respectful and supportive relationships
- A lateral thinker with a keen eye for detail and you naturally analyze assumptions
- A driver, you get things done and you like to roll up your sleeves and get to work, pushing a number of initiatives forward simultaneously.
- Comfortable in ambiguity and like to help others to navigate diverse and ambiguous environments for business success.
- You make clear and timely decisions in the face of many nuanced trade offs and varied opinions.
- You always make time to coach and teach all those around you. This includes your practice, peers and those you report to.
We believe that inclusive businesses are better, not just for “company results”, but for the world. We have a strong commitment to Anti-Racism, and endeavor to lead by example. Every step we make as a business towards anti-racism is another step we can take to support our customers in making a better world (of work). You can see our current commitments to Anti-Racism here.
We ensure you have the tools you need to thrive both in and out of work:
MacBooks for you to do your best work
Share Options - it’s important to us that everyone is an owner and can share in our success
Excellent parental leave and in work support programme, - for those families to be
Flexible working schedule - where we can, let’s make work, work for you
Fun and inclusive digital, and in-person events
Most importantly, an opportunity to really make a difference in people’s lives.
Please keep reading...
Research shows that candidates from underrepresented backgrounds often don't apply for roles if they don't meet all the criteria – unlike majority candidates meeting significantly fewer requirements.
We strongly encourage you to apply if you’re interested: we'd love to know how you can amplify our team with your unique experience!
Thank you for taking the time to read this advert. If you decide to apply, as part of your application, we will ask you to complete voluntary diversity questions (excluding Germany). Please watch this video from our amazing DEI Leader, Aubrey Blanche to share more on why we collect the data and how we will use it.