Changing how the world schedules
The nature of work is changing and we’re at the center of it all. Since 2013, Calendly has been on a mission to take the work out of connecting so that our customers can accomplish more.
We’re obsessed with providing an elegant, delightful experience for our customers across industries like sales, recruiting, customer success and education. This shapes how we develop, design, market, sell, support and work as a team. We treat each other with respect and understanding, put first things first and never settle. While we’re results driven, we always make time to learn, grow and have fun celebrating our accomplishments.
With our highly disruptive business model, we’re experiencing exciting growth. We’re looking for more people to join our team and help shape a product used by more than a million people worldwide.
About the opportunity
Calendly is looking for a Head of Security + Compliance to join our fast growing team. This person will report to the Head of Business Operations and work alongside multiple departments. This role will own Calendly’s security policies, security auditing and testing programs and other key security initiatives. Our ideal candidate will be comfortable in a fast-paced startup environment.
Some challenges you’ll get to tackle
- Stay ahead of the global threat landscape and the technologies used to defend Calendly’s corporate assets
- Track the latest technical security innovations and stay up to date with the latest cyber security technologies
- Drive change projects and build new capabilities that support a secure environment
- Effectively communicate and educate Calendly employees from all functions on the purpose and vision of our security strategies
- Work with leaders across all departments to help navigate through security control compliance standards (such as SOC2 and GDPR)
- Respond to and help build efficient processes around security and legal related requests, contracts and questionnaires from existing customers and prospects
- Create and implement a strategy for the development of information security technologies, policies and practices to secure protected and sensitive data while ensuring information security and compliance with applicable regulations
- Write and test internal security related policies and procedures
- Establish and iterate on system safeguards by directing disaster preparedness development as well as conducting preparedness tests
- Advise senior leadership by identifying critical security issues and recommending risk-reduction solutions
- Represent Calendly during third party audits
- Participate and represent Calendly in security and compliance related questions from prospective customers
- Assess risks associated with current and prospective third party products and vendors
- Work with engineering on developing a process for risk assessments and prioritizing security vulnerabilities
- Develop and roll out practical, effective internal training programs around security and compliance across the company
- Create and manage secure onboarding and offboarding processes
- Collaborate with marketing on how to best share Calendly security policies externally
- Evaluate and manage vendors and programs that help improve Calendly’s security and compliance posture
About You
You should apply if you have:
- Been a key member in a compliance program for a SaaS company in frameworks such as SOC2, HIPAA, GDPR, PCI, ISO 27001
- Minimum of 7 years of experience in a combination of risk management, information security and information technology fields.
- Able to communicate and collaborate with leadership as the subject matter expert in security, while putting threats and incidents into business context
- Significant experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of the business
- Experience in dealing with internal / external auditors
- Ability to create effective, practical, and ethical policies and procedures that address compliance controls
- Self-driven and high attention to detail
- Familiarity with SaaS, PaaS, IaaS providers and their impact and challenges from a compliance perspective
- Fantastic written and verbal communication skills
- Ability to operate in and maintain a fast pace and cadence
- US Citizen or Permanent Resident (we do not sponsor at this time)
What you’ll enjoy about joining our team
Our team members well-being is just as important to us as their work. We offer competitive salary, unlimited paid time off and flexible remote work options to help maintain work-life balance. We also provide commuter benefits, snacks, happy hours, team-building events and so many other perks!
Join a diverse workforce, leading the way in scheduling automation.