Descartes Labs is a geospatial intelligence company with science and technology at its core. Launching out of Los Alamos National Laboratory in 2014, we build models of the earth to power the analysis of the world's largest physical systems. Our data science and software solutions create new sources of operational advantage for Agriculture, Consumer Packaged Goods, Mining, and Government.
Descartes Labs is proud to be a remote-first, deliberately distributed organization that recognizes that people have different needs and motivations for building a life and career that matters and works for them. For this reason, we are open to our employees working from any location, in a way that enhances their well-being, productivity, and role. We focus on helping our employees produce positive outcomes and we recognize that the path to getting there will look different for different people.
The Security Officer for Descartes Labs will be responsible for all aspects of Information Security, including data privacy and security policies and practices, and strategic prioritization of security initiatives. You will lead development, implementation and maintenance of information security infrastructure and processes that align with Descartes Labs’ security and data privacy needs. This role reports to the Chief Administrative Officer.
- Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization
- Develop, maintain and publish up-to-date information security policies, standards and guidelines
- Oversee the approval, training and dissemination of security policies and practices
- Work directly with business leaders to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of risk
- Ensure that security programs are in compliance with relevant laws, regulations and policies such GDPR and various federal government compliance requirements
- Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation
- Manage and maintain third party certifications such as ISO27001
What You Bring
- Applied experience in a combination of enterprise architecture, risk management, information security and IT jobs and history of increasing levels of responsibility, both in commercial and government environments.
- Knowledge and understanding of relevant legal and regulatory requirements, including FedRamp
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
- Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
- Knowledge and understanding of relevant legal and regulatory requirements.
- Degree in business or technology field, or equivalent work- or education-related experience.
- Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is desired.
- Knowledge of common information security management frameworks, such as ISO/IEC 27001
Who You Are
- Curious. You are always exploring and experimenting, interested in why and how, seeking not only to understand but to make work and the world better. You enthusiastically share your learning with others and actively seek information and knowledge.
- Conscientious. You are determined, always keep your promises, and are forward thinking. Principled and integrous, you take your commitments seriously.
- Humble. Unpretentious and self-aware, you cultivate compassion for others and take responsibility for your mistakes. Egoes are barriers to doing the best work and always learning.
- Open and Inclusive. You are receptive and interested in new ideas and perspectives, even when those perspectives don’t agree with your views. You value and respect difference and create ways for all people to contribute to the organization.
- Collaborative. You know it takes a team to get anything accomplished and you actively and inclusively work across the organization. You listen intently and openly and are always focused first on creating the best results.
- Adaptable. You are able to navigate changing circumstances and environments with ease and approach uncertainty with enthusiasm, while inspiring others towards effective goal setting and accomplishment.
Top Reasons to Work at Descartes Labs
- We pride collaboration over ownership, iteration over perfection, principles over rules, and discussion over directives
- We’re using the world’s top technology to solve the world’s largest problems with a strong focus on sustainability, environment, and impact science
- We look at Descartes Labs as a work environment where people are included, treat their colleagues with professional regard and respect, and thrive as a result
- We’re a highly collaborative company that constantly promotes success through teamwork
- We strongly encourage and enjoy a flexible work environment
- Descartes Labs offers a generous compensation package including competitive salary; choice of medical plan; dental, life, and disability insurance; a 401K plan; paid holidays and paid time off
You belong here! Nobody checks every box and if your experience and interests match some of the above, we want you to apply.
Descartes Labs is committed to building a diverse community, where employees feel they belong, even if they are different. Scientific discovery is in our DNA and the more inclusive we are, the better our work will be; diversity fuels innovation!
Accommodations will be provided as requested by candidates during all aspects of our interview process.