C3.ai, Inc. (NYSE:AI) is a leading provider of Enterprise AI software for
accelerating digital transformation. The proven C3 AI Platform provides
comprehensive services to build enterprise-scale AI applications more
efficiently and cost-effectively than alternative approaches. The core of the
C3 AI offering is an open, data-driven AI architecture that dramatically
simplifies data science and application development. Learn more at: C3 AI
C3 AI is seeking an Information Security expert to own and lead the
information security program at C3 AI. As the Head of Information Security,
you will be responsible for protecting the organization's assets,
applications, systems, and technology while enabling and advancing business
Security Architecture & Strategy
Develop, implement, and monitor comprehensive enterprise cybersecurity and
IT risk management program leveraging secure processes, procedures and
systems used to prevent, detect, mitigate, and recover from cyberattacks.
Build and drive a cybersecurity strategy and framework, with initiatives
to secure the organization's cyber, information and technology assets
while providing leadership to the enterprise's information security
Formulate best practices and set security standards, while preparing and
documenting information security policies, procedures and protocols.
Lead security assessment processes of internal assets, encompassing
penetration testing, vulnerability management, and secure software
Analyze the costs, value, and risks of cybersecurity activities and
recommend actions within a budget
Threat Management & Mitigation
Continuously evaluate and manage the cyber and technology risk posture of
Proactively spot security issues and threats, devising robust processes
and systems to safeguard against them.
Manage a robust incident management process.
Convey information security and data privacy operational goals, relaying
their impact to stakeholders.
Keep ahead of security needs by implementing programs or projects that
Ensure that all internally written code is cyber secure by performing
regular application security and penetrations tests.
Conduct real-time analysis of immediate threats, triage and remediate as
Lead cybersecurity operations and implement disaster recovery protocols
and business continuity plans with business resiliency in mind.
Make sure that data and intellectual property is safe from external and
Lead security incident investigations and forensic data collection
activities during a security breach and conduct post-mortem exercises to
Act as the focal point for security incident response planning and cyber
security breach remediation.
Security Operations and Awareness
Lead the effort for conducting vulnerability scans, reviews, and
remediation activities to ensure a secure environment and to ensure that
the products and services that C3.ai develops are secure.
Manage the ongoing security awareness training and education program for
Provide leadership and fostering a culture of cybersecurity awareness and
ensuring continued training and development.
Implement and manage the cyber governance, risk, and compliance frameworks
Lead compliance endeavors, including external audits, regulatory
compliance initiatives, and overarching security evaluations.
Collaborate with the Security Committee to develop and implement
information security policies, standards, procedures, and guidelines.
Interact with related disciplines through committees to ensure the
consistent application of policies and standards across all technology
projects, systems, and services.
Partner with business stakeholders across the company to raise awareness
of risk management concerns and assist with business technology planning.
Conduct and lead information security risk assessments, support audits
(SOC 2, HIPAA, ISO 27001/27017, Cyber Essentials), and select controls
to mitigate risks.
Work with the legal/privacy teams to ensure compliance with privacy
Stakeholder & External Communication
Report on Cybersecurity by providing the business leaders, board of
directors or senior executives in area of cybersecurity risk profile and
posture of organization, notable cybersecurity incident and improvement
Engage with outside stakeholders, including customers, vendors, partners,
compliance bodies, and other legal/regulatory authorities.
Deliver strategic risk guidance, evaluating and suggesting technical
standards and controls.
Work with executive leadership to determine acceptable levels of risk for
Work with the most senior levels or the organization to liaise with
external agencies, such as law enforcement and other advisory bodies, as
necessary, to ensure that the organization maintains a strong security
Communicate with executive leadership on IT risk issues and the security
Bachelor's degree in computer science, Information Management Systems,
Cybersecurity or related field. Advanced degree preferred.
Certified Information Systems Security Professional (CISSP), Certified
Information Security Manager (CISM), Certified Information Systems
Auditor (CISA) or other similar credentials. CCNA, CEH, ISO27001 auditor
or implementer experience is a plus.
Minimum 10 years of experience in information security management
Significant experience in leading an information security program with a
deep understanding of information security and compliance frameworks such
as COBIT, ISO27001/27017, NIST, SOC 2, HIPAA, etc. Knowledge of
government-related security frameworks such as FedRAMP and CMMC is a plus.
Knowledge of privacy regulations/legislation such as GDPR, CCPA/CPRA.
Experience with contract and vendor negotiations and management including
Knowledge of cybersecurity and privacy principles used to manage risks
related to the use, processing, storage, and transmission of information
Excellent written and verbal communication skills, interpersonal and
collaborative skills, and the ability to communicate information security
and risk-related concepts to technical and nontechnical audiences at
various levels in the company.
Strong leadership abilities, with the capacity to articulate and implement
a strategic vision for the organization's security posture.
Proficiency in cyber security tools, especially endpoint security
solutions, intrusion prevention systems, data loss prevention systems.
Experience with and understanding of vulnerability assessment, application
security testing and penetration testing tools and services.
Proficient in leading security incident investigation and response.
Well-versed in cloud technology and security, including GCP, Azure and AWS
security, Office 365 security, cloud DLP.
Knowledge in industry standard software development practices
Hands-on experience in security assessment, cloud architecture, threat
modeling, and policy writing.
In-depth comprehension of secure SDLC, DevSecOps, or security automation.
Ability to communicate effectively with customers and other external
information security and privacy professionals.
Candidates must be authorized to work in the United States without the need
for current or future company sponsorship.
C3 AI provides excellent benefits, a competitive compensation package and
generous equity plan.
California Pay Range
C3 AI is proud to be an Equal Opportunity and Affirmative Action Employer. We
do not discriminate on the basis of any legally protected characteristics,
including disabled and veteran status.