MongoDB is the leading modern, general purpose database platform, designed to unleash the power of software and data for developers and the applications they build. Headquartered in New York, with offices across North America, Europe, and Asia-Pacific, MongoDB has more than 7,000 customers in over 100 countries. MongoDB Atlas, the company’s multi-cloud database as a service launched two years ago, is available in over 50 regions across AWS, Azure, and GCP.

We are seeking an experienced Chief Security Officer to lead our company-wide security and compliance efforts. This leader will build and manage a world-class security organization focused on driving a holistic approach to corporate and product security, as well as ensuring compliance with industry and regulatory policies.

Responsibilities

  • Lead MongoDB’s Corporate Security Program with responsibility for identifying, evaluating, reporting and mitigating information security risks
  • Manage and develop Security team skills to own all corporate security efforts that drive improvements to not only stay ahead of increasing security threats, and also contribute to a reduction in overall infrastructure and personnel risk exposure. Oversee the planning, scheduling, assignment of staff, budget and resources of the Corporate Security team
  • Build, manage, and maintain a robust Security Compliance Program for MongoDB that includes certifications such as SOC2 Type II, HIPAA, ISO27001, PCI, and FedRAMP
  • Drive external thought leadership via conference talks, blog posts, media interviews, etc. to elevate MongoDB’s brand recognition as a security leader
  • Collaborate with product and engineering teams on building market leading technical security capabilities across MongoDB’s product lines
  • Generate regular formal  updates on corporate security, compliance, and risks including quarterly reports to executive staff and Audit Committee
  • Drive continuous improvement in application and network security activities, leveraging internal and third-party penetration testing and vulnerability assessment at a global level
  • Manage security operations monitoring, including response team plans and execution for incidents that impact company or platform
  • Proactively identify security issues and potential threats and continuously build processes, design systems or work with vendors/partners to watch for and protect against incidents
  • Educate the organization in security awareness  and implement infrastructure, personnel and product threat protection measures at a global level
  • Advocate for secure application, organization and infrastructure best practices

Requirements

  • 7-10 years of relevant experience in progressive leadership of  information security operations and management, preferably with both large and small, high-growth companies
  • Experience building and managing a high performing security and compliance team
  • Deep expertise in cloud security, platforms and services, including understanding of current security offerings from leading cloud service providers (e.g. AWS), and their applicability to securing a SaaS for enterprise security requirements
  • Experience designing and implementing cloud-based security technologies, including but not limited to data loss prevention, log management and alerting, and vulnerability scanners
  • Significant experience in the management of internal and external security audits to international standards and audit remediation
  • Deep knowledge of networking and network security
  • Strong understanding and experience with Secure SDLC and security automation
  • Ability to work under pressure across multiple stakeholders
  • Excellent written and communication skills and ability to communicate across all levels of an organization

Success Measures:

  • Conduct a thorough evaluation of MongoDB’s security needs, priorities and opportunities in order to develop and promote short and long term security plans
  • Lead, manage and maintain our information security and compliance programs, achieving certification with projected timelines
  • Hire technical security and audit/compliance staff to accelerate and grow MongoDB’s security and compliance programs
  • Establish trust within the organization and with our customers as a security thought leader and domain expert