Head of Information Security
New York, NY /
Engineering – Security /
Spotify listeners, creators and employees trust us to provide a safe digital platform that protects any sensitive information they share with us. Spotify Security is a distributed team that champions and delivers on initiatives with Spotify’s autonomous teams to ensure that our organization keeps information security appropriately prioritized and that the trust we have with these stakeholders is well-deserved. We focus on raising security awareness, providing security intelligence and building tools to enable these teams to feel a shared sense of responsibility for security and privacy concerns. We aim to constantly improve the security posture of our organization by iterating on our tooling and process.
The Head of Information Security is the top technology leadership role responsible for establishing the security strategy and direction for Spotify. As our top information security leader, you will have the opportunity to drive and implement the security strategy in a fast growing company with over 286M users! Demonstrating your vision, domain expertise, and strong leadership skills, you will help take Spotify securely into the next phase of our company’s success.
Working closely with the rest of our product engineering teams, you and your team will be responsible to ensure that Spotify is able to continue to safely and securely ship highly scalable products as quickly and frictionlessly as feasible. You will protect our customer and company information and secure our IT infrastructure. You will nurture and protect a balanced culture of security awareness by supporting and enabling risk analysis and strong security practises throughout the company. You will provide leadership in maintaining Spotify’s security policy, standards and practices for the entire company and ensure that Spotify is in compliance with all applicable laws, directives, and policies regarding the securing of information. You will drive implementation of security plans, including incident response, and lead the operational processes for monitoring and maintaining security and compliance.
Additionally, working closely with the company Board of Directors, Executive Officers, Senior Management, Legal and the company's Internal Audit team, you will ensure alignment between Security and privacy policies, training, and practices across the company. The Head of Security reports to the VP, Technology Platform, and is open in Stockholm or NYC.
What you will do
- Develop and drive implementation of near- and long-term security strategy and goals in alignment with Spotify’s business objectives and culture.
- Attract and retain extraordinary security talent across engineering, product management, and operational roles, enabling our security team to scale rapidly and effectively. Lead the development of the Security organization and enable it to scale and support our rapidly growing company.
- Advocate for all company security-related issues, across our global presence. Resolve Spotify-wide security resource requirements including budget, staff, training needs and prioritization. Work with senior stakeholders where appropriate to embed security expertise in other functions.
- Provide expert counsel and mentorship to senior leadership (including the board of directors) on security and its impact across business strategy, programs, products/services, and operations.
- Lead the team to maintain security policies, standards, frameworks, procedures and guidelines and ensure that they are aligned with the strategy and compliance programs like GDPR, SOX, and PCI DSS. Partner closely with Legal, our Data Protection Officer, Internal Audit/Controls, and HR on security-related topics.
- Lead all aspects of and continuously improve the governance and management of security to reflect changing technology, threat landscapes, regulatory requirements, and industry standard methodologies.
- Develop and drive risk analysis, mitigation and remediation plans. Plan for and lead large-scale security incident response and recovery efforts.
- Evolve Spotify's capability to monitor threats and vulnerabilities as well as detect, investigate, respond to and recover from incidents.
What you need to succeed
- A breadth of senior leadership experience in security, engineering, or IT management.
- Experience working with C-Level executives and other senior partners.
- Significant experience running a global technology security function, preferably in a broadly scaled consumer facing software/high technology industry.
- Deep knowledge and application of software development and quality assurance methodologies to application and infrastructure delivery.
- Experience in leading engineering culture in an agile & devops environment, and you are able to cultivate and grow the culture in existing teams.
- Proven strong leadership and management skills and the ability to secure results through others.
- Significant experience working with Software/Infrastructure/Platform-as-a-Service (SIPaaS) solutions and architectures.
- Excellent communication skills, especially the ability to communicate security and risk-related concepts to technical and non-technical audiences.
- Ability to understand the business context and technology challenges and handle uncertainty and apply appropriate security solutions in response to multiple risks and needs.
- Knowledge of relevant security and compliance frameworks, standards and regulations (such as SOC2, Cloud Security Alliance (CSA), NIST, COBIT, PCI-DSS, GDPR, DPA, ISO270xx).
What we value
- We value people as much as technology and our shared values of innovation, partnership, transparency, passion and playfulness guide our behavior and our decisions. We believe an effective security organization begins with building a positive security culture that enables the business. We’re looking for someone who understands this and will help craft it as it evolves.
You are welcome at Spotify for who you are, no matter where you come from, what you look like, or what’s playing in your headphones. Our platform is for everyone, and so is our workplace. The more voices we have represented and amplified in our business, the more we will all thrive, contribute, and be brilliant. So bring us your personal experience, your perspectives, and your background. It's in our differences that we will find the power to keep revolutionizing the way the world listens.
Spotify transformed music listening forever when we launched in 2008. Our mission is to unlock the potential of human creativity by giving a million creative artists the opportunity to live off their art and billions of fans the opportunity to enjoy and be inspired by these creators. Everything we do is driven by our love for music and podcasting. Today, we are the world’s most popular audio streaming subscription service with a community of more than 286 million users.