AI Technical Evangelist

About Quilt Software

Quilt LLC is PSG Equity's latest vertical software and integrated payments platform, similar to their successful EverCommerce investment which recently went public. Quilt provides specialty inventory and POS software through a family of vertically focused, independently managed subsidiaries. See www.quiltsoftware.com for more information. 

Quilt Software is becoming a market leader in point-of-sale (POS) software, offering specialty vertical-specific inventory management solutions for high SKU businesses with complex requirements. We offer an integrated payments solutions to manage to process a high volume of payments flowing through the software at a retail or wholesale level. 

We are backed by PSG Equity. PSG was founded in 2014 and has raised over $10 billion in capital. PSG has invested in dozens of vertical software and integrated payments companies and facilitated hundreds of add-on acquisitions. To learn more about PSG, visit www.psgequity.com 

About the Role:

The Director of Information Security is a hands-on position, working with VPs and Executives familiar with creating and supporting PCI DSS Level 1, FedRamp and SOC 2 for SaaS based solutions.  You will work with leadership to take over the existing compliant systems and audits, improve and expand controls based on your feedback and expertise, and introduce new best practices and processes to service a fast-growing SaaS organization.  You will have strong internal support and buy-in for this new role, with access to humans who will have allocated time to help you navigate and the budget available for tools to help you succeed.

The ideal candidate will be able to demonstrate expertise with the hosted infrastructure security and policies (AWS, Azure), software development security tools and best practices, compliance and data privacy / information security needs for a commercially growing software company.  The job will be best served by a candidate with strong technical skills and acumen, relying on tools and instrumentation vs. someone with a strong management and documentation background.  While we value the latter, we feel the former will yield more personal and organizational success.  

This is a remote position. 

What You Will Do:

• Compliance and Certification
• Response for existing PCI DSS Level 1 certification controls and annual audit, as well as ensuring compliance with newly onboarded entities
• Responsible CCPA, GDPR and general PII product level guidance and policies and procedures
• Responsible for potential future ISO 27001 / SOC 2 compliance, leveraging existing PCI controls into the desired program
• IT and General Information Security Programs
• Demonstrates an understanding of comprehensive regional /global security programs, including technologies and tools, architectures and network and application design, and policies / business aspects of risk
• Develops, implements, manages, advises, surveys, or audits all IT related security programs, policies, and procedures
• Work with HR to ensure employee management, handbooks and training are properly managed and audited
• Managing of Incident Response and IT Risk / Security assessments while maintaining and enhancing policies and procedures for same
• Familiarity with recent AI / ChatGPT related compliance and protection of internal IP
• Familiarity with implementing zero trust and password-less environments
• Engineering and SaaS Hosting Infrastructure
• Works with Hosting and Engineering teams to recommend and deploy best practices, infrastructure, logging and monitoring tools to ensure a strong security posture
• Develops, implements, manages, advises, surveys, or audits all IT related security programs, policies, and procedures
• Acts as lead or technical support for major incident investigations involving security related issues
• Other
• Responsible for the selection and deployment of the tools needed to make this job successful (budget exists)
• Develops metrics to measure the effectiveness and efficiency of all security programs and personnel
• Ensures adherence to protocols for 24x7x365 response and notifications for alarms, emergencies, or critical incidents

Preferred Experience and Background:

• At least 5 - 7 years’ experience working in a progressive information security operations or engineering group
• Bachelor’s or Advanced degree in Security Engineering, Computer Science, or related field
• Strong knowledge of application architectures, enterprise architecture, release methodologies, project management, technical support, production support, client/server applications, internet/ intranet applications, and SaaS computing
• Outstanding collaboration and team building skills. Strong written and verbal communication skills
• Hands-on experience with cloud infrastructures, end point monitoring and mitigation of attack surfaces for SaaS based solutions
• Experience leading and successfully completing security audits such as PCI, FedRamp, SOC 2, ISO 27001
• Experience deploying and monitoring product throughout the lifecycle – static code analysis, staging based vulnerability detection (DAST, other) though to cloud endpoint-based monitoring, logging and detection
• Cloud security and administration experience
• Splunk or similar logging aggregator reporting experience
• Tenable or similar platform security tool experience
• CISSP certification preferred

 What We Offer:

• Unlimited PTO 
• Generous Medical, Dental, and Vision 
• Life Insurance 
• 401k  
• Fully Remote  

Salary: $140,000, depending on experience