About the role
ABOUT THE ROLE
As the Senior Manager, Information Security, you aren't just checking compliance boxes. You are the architect of FreshBooks' security compliance program, risk register, and governance processes. In this planner-and-operator leadership role, you will hold real authority to shape our multi-year security roadmap and drive cross-functional execution across Engineering, IT, Product, and Legal. You will serve as a trusted, analytical advisor on risk management, ensuring we scale securely by protecting our customers' data while strengthening the robust compliance frameworks that protect our users' trust. You view information security as a true business partner, employing your experience and creativity to enable FreshBooks' innovation in the most scalable, safest ways possible. This is an impactful role offering direct exposure to the Senior Leadership Team and Board as you safeguard our global operations.
Beyond the considerable impact of this role and the opportunity to truly shape one of our most fundamental programs, you believe in small business owners. You are motivated by FreshBooks' mission to make running a small service-based business easy, and have a strong desire to alleviate one of the stressors these business owners face.
Work location: This role can be worked remotely from within Canada. Posting duration: To account for the Canada Day holiday 🇨🇦, we will accept applications until July 10 and will connect with successful applicants the following week. Thank you for your interest!
WHAT YOU'LL DO
- Drive Strategy and Roadmap: Own FreshBooks’ multi-year security strategy and roadmap, running it with strict program discipline to prioritize initiatives based on business impact.
- Lead Compliance and Risk: Oversee the PCI DSS and SOC 2 compliance programs to maintain clean attestations, while operating the enterprise risk register to guide remediation versus acceptance decisions.
- Govern AI and Emerging Tech: Lead and formalize our cross-functional AI Governance Council, defining the review framework for cutting-edge AI use cases and reporting on compliance KPIs.
- Optimize and Scale the Service Queue: Turn raw ticket data into strategic insights by designing a highly efficient operating model with strict SLAs, reading queue trends to proactively steer our security strategy.
- Influence at the Board Level: Own the security metrics program from end-to-end, translating complex operational data into high-leverage, business-framed dashboards for our Senior Leadership Team and the Board.
- Lead and Develop Talent: Manage, coach, and build the Information Security team while designing staffing plans that balance internal headcount with external specialists during peak audit cycles.
- Steer Security Committees: Staff and lead the Security Steering Committee to drive critical organizational decisions regarding prioritization, resourcing, and policy approvals.
WHAT YOU'LL BRING
- Craft Experience: 8+ years of experience in information security, with a strong focus on compliance, GRC, or security program management.
- People Leadership: 3+ years of direct people management experience with a proven track record of developing talent and building cohesive teams.
- Deep Compliance Audit Expertise: Hands-on experience successfully navigating and owning PCI DSS and SOC 2 Type II audit cycles.
- Risk and Roadmap Management: Proven ability to operate an enterprise risk register and translate those risks into a prioritized Engineering and IT roadmap.
- Program Discipline: Strong project and program management skills with a meticulous focus on driving accountability across Engineering, IT, Product, and Legal teams.
- Resource and Vendor Management: Experience managing external specialists and consultants for point-in-time assessments or audit peak periods.
YOU'LL STAND OUT IF YOU HAVE
- Emerging Tech Fluency: Experience or a strong foundational grasp of managing AI governance frameworks and emerging technology risks.
- Security Program Execution: Experience designing and executing incident response tabletop exercises alongside security awareness programs.
- Professional Credentials: An active security certification (such as CISSP, CISM, CRISC, or equivalent) or an undergraduate degree in Computer Science, Cybersecurity, Business, or a related field.
#LI-SR1 #LI-Remot
Similar Jobs
About the role
ABOUT THE ROLE
As the Senior Manager, Information Security, you aren't just checking compliance boxes. You are the architect of FreshBooks' security compliance program, risk register, and governance processes. In this planner-and-operator leadership role, you will hold real authority to shape our multi-year security roadmap and drive cross-functional execution across Engineering, IT, Product, and Legal. You will serve as a trusted, analytical advisor on risk management, ensuring we scale securely by protecting our customers' data while strengthening the robust compliance frameworks that protect our users' trust. You view information security as a true business partner, employing your experience and creativity to enable FreshBooks' innovation in the most scalable, safest ways possible. This is an impactful role offering direct exposure to the Senior Leadership Team and Board as you safeguard our global operations.
Beyond the considerable impact of this role and the opportunity to truly shape one of our most fundamental programs, you believe in small business owners. You are motivated by FreshBooks' mission to make running a small service-based business easy, and have a strong desire to alleviate one of the stressors these business owners face.
Work location: This role can be worked remotely from within Canada. Posting duration: To account for the Canada Day holiday 🇨🇦, we will accept applications until July 10 and will connect with successful applicants the following week. Thank you for your interest!
WHAT YOU'LL DO
- Drive Strategy and Roadmap: Own FreshBooks’ multi-year security strategy and roadmap, running it with strict program discipline to prioritize initiatives based on business impact.
- Lead Compliance and Risk: Oversee the PCI DSS and SOC 2 compliance programs to maintain clean attestations, while operating the enterprise risk register to guide remediation versus acceptance decisions.
- Govern AI and Emerging Tech: Lead and formalize our cross-functional AI Governance Council, defining the review framework for cutting-edge AI use cases and reporting on compliance KPIs.
- Optimize and Scale the Service Queue: Turn raw ticket data into strategic insights by designing a highly efficient operating model with strict SLAs, reading queue trends to proactively steer our security strategy.
- Influence at the Board Level: Own the security metrics program from end-to-end, translating complex operational data into high-leverage, business-framed dashboards for our Senior Leadership Team and the Board.
- Lead and Develop Talent: Manage, coach, and build the Information Security team while designing staffing plans that balance internal headcount with external specialists during peak audit cycles.
- Steer Security Committees: Staff and lead the Security Steering Committee to drive critical organizational decisions regarding prioritization, resourcing, and policy approvals.
WHAT YOU'LL BRING
- Craft Experience: 8+ years of experience in information security, with a strong focus on compliance, GRC, or security program management.
- People Leadership: 3+ years of direct people management experience with a proven track record of developing talent and building cohesive teams.
- Deep Compliance Audit Expertise: Hands-on experience successfully navigating and owning PCI DSS and SOC 2 Type II audit cycles.
- Risk and Roadmap Management: Proven ability to operate an enterprise risk register and translate those risks into a prioritized Engineering and IT roadmap.
- Program Discipline: Strong project and program management skills with a meticulous focus on driving accountability across Engineering, IT, Product, and Legal teams.
- Resource and Vendor Management: Experience managing external specialists and consultants for point-in-time assessments or audit peak periods.
YOU'LL STAND OUT IF YOU HAVE
- Emerging Tech Fluency: Experience or a strong foundational grasp of managing AI governance frameworks and emerging technology risks.
- Security Program Execution: Experience designing and executing incident response tabletop exercises alongside security awareness programs.
- Professional Credentials: An active security certification (such as CISSP, CISM, CRISC, or equivalent) or an undergraduate degree in Computer Science, Cybersecurity, Business, or a related field.
#LI-SR1 #LI-Remot