Head of Information Security & IT

The Head of Information Security & IT at Passthrough is responsible for overseeing all security, compliance, and IT aspects of the company. Key duties include managing certifications like ISO 27001 and SOC II, ensuring compliance with GDPR, and implementing IT policies. Additionally, the position involves device management, providing tech support, secure configuration of third-party vendors such as Salesforce, and collaborating with the engineering team to enhance the application’s infrastructure.

To qualify for the Head of Information Security & IT role at Passthrough, candidates should have experience with SOC 2 and ISO 27001 frameworks, management of IT and InfoSec policies, and expertise in deploying devices with JAMF or similar tools. Additionally, certifications like CISSP, CISA, or CISM are preferred, along with the ability to write scripts in Bash and Python. Strong communication skills and adaptability are essential.

As the Head of Information Security & IT at Passthrough, you'll work with technologies including JAMF, Apple Business Manager, MacOS, Linux, Python, and Google Cloud Platform. Familiarity with these tools is critical in managing device security and supporting internal tech functionalities effectively.

The Head of Information Security & IT at Passthrough will significantly contribute to the company's growth by ensuring that our tech infrastructure is robust and secure. By implementing effective security policies, managing compliance, and optimizing IT systems, you'll help build trust with our clients and partners, ultimately enabling us to facilitate larger investments and streamline the investor onboarding process.

The hiring process for the Head of Information Security & IT at Passthrough consists of an initial screening to understand your background, a technical interview covering device management and IT security, followed by on-site interviews with key team members. The process is designed to provide the best match for both candidates and the company, ensuring transparency and equity.

When implementing IT policies at Passthrough, I would start by assessing the current setup and understanding the unique needs of the organization. Collaborating with different departments to gather input will be essential. Furthermore, I would prioritize compliance requirements, establish clear communication channels, and ensure that training resources are available to facilitate smooth adoption.

Throughout my career, I have gained extensive experience in implementing ISO 27001 standards by developing frameworks to safeguard data. This experience equips me to oversee our compliance initiatives at Passthrough, ensuring that all security controls are in place to protect sensitive investor information while adhering to industry best practices.

Device management in a tech-driven environment like Passthrough requires a structured approach. Utilizing tools such as JAMF and Apple Business Manager, I would ensure secure onboarding and continuous monitoring of devices. I would establish protocols for regular updates, compliance checks, and offer support to employees for any challenges related to device security.

To ensure compliance with GDPR at Passthrough, I would first conduct a thorough review of our data handling practices and ensure that consent mechanisms are in place for data collection. Training employees about GDPR policies and monitoring compliance would follow, coupled with regular audits to maintain data integrity and address any potential issues promptly.

Collaboration with the engineering team would involve regular meetings to discuss potential security vulnerabilities and develop solutions proactively. I would ensure we implement security measures during the software development lifecycle and conduct regular penetration testing to identify areas for improvement while maintaining clear communication throughout.

My experience with SOC II compliance involves managing the entire process, from setting control objectives to executing audit preparations. At Passthrough, I would conduct risk assessments to establish necessary controls, oversee compliance training for staff, and coordinate with auditors to ensure a seamless audit process while continuously refining practices based on feedback.

In the event of a security incident at Passthrough, I would activate our incident response plan, ensuring immediate containment of the breach. Following that, I would conduct a thorough investigation, identifying the cause and impact before communicating transparently with stakeholders. Finally, I'd implement measures to prevent future incidents and adjust our policies accordingly.

Clear communication skills are vital for the Head of Information Security & IT position as they facilitate effective collaboration with cross-functional teams, ensure that everyone understands security protocols, and convey complex information in simple terms. This clarity fosters a security-minded culture at Passthrough and builds trust among stakeholders.

When handling multiple IT projects, I prioritize tasks based on the company's strategic goals and compliance requirements. I would utilize project management tools to track progress and deadlines while factoring in resource availability, ensuring critical projects that affect security and compliance receive attention first.

My approach to tech support would include creating a clear support process for employees, utilizing ticketing systems for tracking issues, and ensuring timely responses. Additionally, I would offer regular training sessions to empower employees on basic troubleshooting and best security practices, fostering a culture of security awareness while minimizing helpdesk overload.