As the Director of Information Security at Weedmaps, you will have the opportunity to re-think our overall security practice. We are doubling down on our security as we scale the organization exponentially and invest in a high-performance team specifically focused on securing all aspects of the Weedmaps infrastructure and application portfolio given the large scale and scope of the organization. The Weedmaps ecosystem is unique, challenging and an exciting operating environment to work in. Weedmaps is the leading technology platform for all things cannabis. We proudly maintain the largest cannabis community in the world by connecting consumers, retailers, doctors, and brands in a safe and legal ecosystem. We are not just observers in the community, we are loyal members and advocates.
The impact you'll make:
- Gain an understanding of the Weedmaps ecosystem, infrastructure, applications, business products and operational practices and procedures.
- Analyze the state of security practices within Weedmaps and develop, communicate, execute and optimize a security roadmap to address gaps and continually improve the security posture of the company.
- Build and oversee a team to ensure the overarching Weedmaps product portfolio, application build pipelines, network infrastructure, Linux, Windows, Mac systems, AWS ecosystem, databases, private and public cloud environments and all of our data are highly secure and compliant.
- Oversee application and infrastructure architecture to ensure operational and development security best practices are being embedded in the foundation of the way Weedmaps delivers its products and services.
- Promote a culture of security and compliance with both our developers as well as our corporate users.
- Drive compliance programs and processes (GDPR, SOX, PCI, etc) from a technology perspective.
- Keep abreast of emerging security threats and ensure remediation plans are in place.
- Drive adoption and a culture of security champions using your influence to drive practical solutions and implementations in a complex and diverse application and product stack.
What you've accomplished:
- Bachelor’s degree in computer science or related technology degree, or equivalent experience in related field required
- 10+ years of experience in an IT environment, with experience leading enterprise security architecture teams and managing and providing technical leadership for complex enterprise security projects.
- Prior experience with agile SaaS companies, especially newly public ones
- In-depth internal control knowledge of core IT technologies and processes (e.g., network systems, operating systems databases, change control tools and processes, computer system operations, application and system development, help desk and monitoring, information security, data backup/retention/recovery, IT vendor management, asset management, disaster recovery, etc.)
- Advanced technical capabilities in a wide array of platforms and systems (e.g., VMware, Windows, UNIX, SQL, etc.).
- Knowledge of IT infrastructure, platform and data security architectures, and best practices;
- Knowledge on threat landscape, security threat and vulnerability management, as well as security monitoring and analytics;
- Knowledge in compliance frameworks and requirements such as HITRUST, PCI, HIPAA, SOX, etc.
- Proficiency working with recognized IT and Information Security-related standards and technologies.
- Knowledge of industry business drivers and direction for a wide range of technologies
- Demonstrated ability to perform a risk-based approach to securing applications, databases, or infrastructure
- Demonstrated ‘big picture’ thinking – the ability to see how parts interact with the whole while retaining the ability to focus on security domain capabilities;
- Deep familiarity with PCI/DSS, SSAE16, SOX, and GDPR compliance
- Experience completing level 1 PCI audit compliance
- Familiarity with network segmentation, NAT/PAT translations, DMZ zoning
- Experience balancing Administrative access controls against functional management requirements
- Familiarity with CI/CD pipelines and their use for secure production access control
- Understanding of vulnerability scanning in a dynamically scaling environment
- Understanding of security implications of containers and container orchestration
- Foundational background in either Systems Engineering or Network Engineering
- 100% paid employee monthly Medical, Dental and Vision premiums AND 80% paid dependent monthly premiums
- HMO (California residents only) and PPO option offered through United Healthcare
- Company-paid $50,000 in Basic Life/AD&D (Accidental Death and Dismemberment) coverage
- 401(k) Retirement Plan: 100% match on the first 1%. 50% match from 2-6% of employee contributions
- 3 weeks PTO (accrued) and 5 sick days (immediate)
- Supplemental, voluntary benefits
- Kindbody (family planning/fertility) including up to $10,000 towards cash-pay services
- Goodly (Student Loan Repayment/529 Education Savings) including a company contribution of up to $1,000/year
- Flexible Spending Accounts (Medical, Dependent, Transit and Parking)
- Voluntary Life Insurance
- Critical Illness
- Accident Insurance
- Short- and long-term disability
- Pet Insurance
- Paid parental leave
- During current work-from-home:
- Reimbursements for home office setup and monthly WiFi
- 11 company-paid holidays
- Catered lunch and snacks provided when working in the office
- Snack boxes sent straight to your door when you work-from-home
- Casual work environment, read no fancy clothes required, but you are free to dress to the nines!
- Monthly virtual happy hours
- Quarterly all-hands meetings
Weedmaps is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, protected veteran status, or any other basis protected by applicable law, and will not be discriminated against on the basis of disability. We are looking for the smartest and most passionate people who want to join our team and develop the services, systems, and marketplaces that will serve the marijuana industry in the decades to come. Our company uses E-Verify to confirm the employment eligibility of all newly hired employees. To learn more about E-Verify, including your rights and responsibilities, please visit www.dhs.gov/E-Verify.
Founded in 2008, Weedmaps is a leading technology and software infrastructure provider to the cannabis industry. Our suite of cloud-based software and data solutions includes point of sale, logistics and ordering solutions that enable customers to scale their businesses while complying with the complex and disparate regulations applicable to the cannabis industry. In addition, our platform provides consumers with information regarding cannabis products across web and mobile platforms, including listing local retailers and brands, facilitating product discovery and allowing consumers to educate themselves on cannabis and its history, uses and legal status. Headquartered in Irvine, California, Weedmaps employs more than 400 professionals around the world, with offices including Barcelona, Denver, and Toronto.
So what are you waiting for? Join the Weedmaps family!