: Director of Cybersecurity
20 Guest Street
Brighton, MA 02135

Video

Who We Are

ButcherBox is a fast-paced, rapidly-growing company headquartered in Brighton, MA. At ButcherBox, we believe in better. That’s why we deliver 100% grass-fed, grass-finished beef, free-range organic chicken, heritage-breed pork, and wild-caught Alaskan salmon directly to our members’ doors. All of our products are humanely raised or wild-caught and never given antibiotics or added hormones ever. 

We’re working to build a world that’s better for all, and we’re inviting everyone to come along. For us, better means treating our planet with respect. It means improving the lives of animals and the livelihoods of farmers. It means never cutting corners when it comes to doing business. Ultimately, it means better meals, enjoyed together. Our team is made up of people who collaborate and support one another. We’re always looking for outstanding people to join our mission!

About the Role

Our mission compels us to maintain a high level of security so that our members can trust us with their information. The Director of Cybersecurity will be an authority of both security and privacy functions. This critical role has overall responsibility for information security & privacy posture! You will work with all business areas to build, enact, and innovate upon a leading class security posture. You will report directly to ButcherBox’s Chief Financial Officer.

What You'll Do

  • Be responsible for strategic thought leadership around all of ButcherBox’s cybersecurity and privacy initiatives, establish program strategy to support ButcherBox’s mission, and prioritize a set of initiatives to accomplish 
  • Establish, measure, and maintain security & privacy standard methodologies and policies throughout our organization (for end users, engineers, etc.) that meet customer expectations and regulatory compliance
  • Act as a trusted security & privacy adviser for the ButcherBox Executive Team 
  • Be a security leader with vision in Cloud space
  • Collaborate with internal legal counsel and business leaders as it relates to security of proposed and new applications and software
  • Set priorities, drive implementation, and relentlessly improve our vulnerability management, information security monitoring/security operations, physical device security, offensive security, and threat intelligence programs
  • Collaborate with Engineering and Tech teams on the cybersecurity review process for product releases with authority to hold release if security targets are not met
  • Deploy and implement a Secure Development Lifecycle program
  • Own security & privacy incident processes – be the primary person, find root cause of issues and establish standard methodologies to reduce future risks
  • Be knowledgeable of new and changing US cybersecurity standards and regulations, use this knowledge to guide the direction of ButcherBox, prepare the business to ensure compliance 
  • Build partnerships with peers across Product, Engineering, Legal, Privacy, and others to accomplish joint projects
  • Conduct annual Risk Assessment and continuous cyber threat and risk assessments
  • Lead security & privacy training and awareness

Requirements

  • Professional certifications; CIPP, CISSP, CISM, CISA or other information security credentials
  • 7+ years of hands-on experience in Information Security space spanning network security, application security, cryptography, SDLC security tools/practices, threat management, pen testing, abuse, fraud, security compliance, incident response, etc.
  • Experience leading and performing network penetration testing and the successful exploitation of vulnerabilities. Exploit development is a plus.
  • Relatively recent “hands-on” experience with security technologies in a cloud environment 
  • Excellent analytical, interpersonal and project management skills
  • Understanding and working knowledge of common security frameworks (e.g., CIS CSC, NIST CSF, PCI Data Security Standards)
  • Experience testing web applications for common security vulnerabilities as referenced by OWASP, including, but not limited to, input validation vulnerabilities, broken access controls, session management vulnerabilities, cross-site scripting issues, SQL injection and web server configuration issues
  • Lead cybersecurity assessments of partners and technology providers
  • Personal integrity, and the ability to deftly handle confidential matters and exude the appropriate level of judgment and maturity

Benefits

  • A very supportive team, a culture of "do your job" autonomy, and access to all levels of the organization
  • Health insurance (including medical, dental, vision, LTD, STD, and life insurance)
  • 401(k) with generous employer match
  • Employee stock options
  • Subsidized gym and commuter benefits
  • Unlimited time off policy
  • Professional development opportunities
  • Free ButcherBox each month

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Full-time