Senior Cloud Security Engineer
Climb Channel Solutions NA
AWSAzureCloudCyber SecurityGoogle Cloud Platform
Chief Information Security Officer
Cengage Group
full-time
Posted on:
Location Type: Remote
Location: Remote • Massachusetts • 🇺🇸 United States
Visit company websiteSalary
💰 $250,200 - $308,000 per year
Job Level
Lead
Tech Stack
AWSAzureCloudCyber SecurityFirewallsGoogle Cloud PlatformSwift
About the role
- Define and deliver the enterprise information security strategy, aligned with business priorities, digital transformation initiatives, and the company's risk tolerance in a PE-backed environment preparing for liquidity events.
- Lead the development and implementation of comprehensive security programs encompassing cyber defense, data protection, identity and access management, security operations, and threat intelligence.
- Conduct enterprise-wide risk assessments, identify vulnerabilities across the technology estate, and prioritize remediation efforts to reduce risk exposure while enabling business agility.
- Serve as the primary cybersecurity advisor to the CIO, executive leadership team, and board of directors, translating technical risks into business impact and providing strategic recommendations on security investments.
- Drive security architecture decisions that balance protection with performance, cost efficiency, and user experience across cloud, on-premises, and hybrid environments.
- Oversee security incident detection, response, and recovery programs, ensuring swift identification and mitigation of potential breaches with minimal business disruption.
- Manage the security architecture, tools, and technologies deployed across the organization's IT infrastructure, including firewalls, intrusion detection/prevention systems, SIEMs, endpoint protection, and encryption protocols.
- Lead security operations center (SOC), threat hunting capabilities, and vulnerability management programs that proactively identify and remediate security weaknesses.
- Develop and maintain incident response playbooks, disaster recovery plans, and business continuity protocols that ensure organizational resilience against emerging threats.
- Monitor security metrics, threat landscape trends, and attack patterns to continuously evolve defensive capabilities and inform executive decision-making on security posture.
- Ensure compliance with industry standards, regulatory requirements, and data protection laws including GDPR, CCPA, FERPA, SOC 2, ISO 27001, and other relevant frameworks for the education technology sector.
- Coordinate with legal, compliance, privacy, and regulatory teams to maintain certifications, manage audits, and respond to regulatory inquiries with appropriate documentation and evidence.
- Develop and enforce security policies, procedures, standards, and protocols that align with business goals, regulatory obligations, and industry guidelines.
- Be responsible for data classification, data loss prevention (DLP), and privacy programs that protect sensitive student, employee, and company information across all systems and geographies.
- Manage security audits, compliance assessments, and third-party risk evaluations, ensuring vendors and partners meet security requirements and contractual obligations.
- Serve as a trusted partner to business executives, ensuring security investments and controls enable business innovation while appropriately managing risk.
- Collaborate with product, engineering, and DevOps teams to integrate security measures into software development lifecycles through DevSecOps practices and secure-by-design principles.
- Partner with IT leadership on technology modernization initiatives including cloud migration, digital transformation, and AI/ML adoption, ensuring security is embedded from inception.
- Communicate security value and risk posture at the executive and board levels, linking security investments to business outcomes including revenue protection, regulatory compliance, and competitive differentiation.
- Champion security awareness and cultural transformation across the enterprise, promoting shared responsibility for security rather than viewing it as solely an IT function.
- Lead and inspire a global security team including security architects, security engineers, SOC analysts, governance/risk/compliance specialists, and security operations professionals.
- Establish career pathways, competencies, and training programs that elevate security capability and develop next-generation cybersecurity leaders.
- Champion a culture of accountability, collaboration, continuous learning, and innovation within the security organization.
- Act as an executive sponsor for security awareness training programs for employees at all levels, promoting a culture of cybersecurity across the organization.
- Build strategic relationships with peer CISOs, industry groups, law enforcement, and threat intelligence communities to stay ahead of emerging threats and share best practices.
Requirements
- 15+ years of progressive leadership in information security, cybersecurity, or risk management, with 5+ years in senior director, VP, or CISO roles.
- Proven track record developing and implementing enterprise security programs in global, complex organizations, preferably in education technology, SaaS, or regulated industries.
- Extensive knowledge of information security principles, cybersecurity frameworks (NIST, ISO 27001, CIS Controls), and risk management practices with demonstrable success reducing organizational risk.
- Deep expertise in security technologies including firewalls, intrusion detection/prevention systems, SIEMs, identity and access management (IAM), cloud security platforms, and encryption protocols.
- Solid understanding of data privacy regulations (GDPR, CCPA, FERPA) and compliance requirements with experience managing audits and regulatory relationships.
- Experience securing cloud infrastructure (AWS, Azure, GCP) and implementing cloud-native security architectures in multi-cloud and hybrid environments.
- Demonstrated ability to lead incident response programs, manage security breaches, and coordinate with legal, communications, and executive teams during crisis situations.
- Exceptional leadership skills with a history of developing high-performing, distributed security teams across multiple disciplines and geographies.
- Strong business sense and communication skills, with the ability to influence C-suite leaders and board members by translating technical security concepts into business risk and value propositions.
- Experience working in PE-backed technology companies preferred, with understanding of security requirements for M&A due diligence, integration, and preparing for liquidity events.
- Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or equivalent strongly preferred.
- Familiarity with DevSecOps practices, secure software development, ethical hacking, and penetration testing techniques valued.
- Understanding of artificial intelligence and machine learning applications in security, including emerging threats and defensive capabilities in AI-powered systems.
Benefits
- Comprehensive and rewarding Total Rewards package designed to support and empower our employees
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
information securitycybersecurityrisk managementincident responsedata protectionidentity and access managementcloud securityencryption protocolsvulnerability managementsecurity architecture
Soft skills
leadershipcommunicationcollaborationinfluencestrategic thinkingproblem-solvingteam developmentbusiness acumencultural transformationaccountability
Certifications
Certified Information Systems Security Professional (CISSP)Certified Information Security Manager (CISM)Certified Information Systems Auditor (CISA)
