Head of Information Security

Job Summary

Math Works has a hybrid work model that enables staff members to split their time between office and home. The hybrid model provides the advantage of having both in‑person time with colleagues and flexible at‑home life optimizations. Learn More:

Responsible for the strategic and technical leadership and direct management of Math Works’ Information Security team, overseeing the company’s corporate security. Provides operational direction to ensure protection of data, infrastructure, and physical assets, while maintaining compliance with industry regulations and internal standards.

Partners closely with Product Security team to align strategies, share expertise, and collectively meet Math Works’ overarching security and compliance objectives. Collaborate with senior leadership to define acceptable risk levels and implement practices to meet cybersecurity policies and standards. Must possess deep technical expertise and be hands‑on in defining, selecting, and validating security technologies and architectures.

Math Works nurtures growth, appreciates inclusivity, encourages initiative, values teamwork, shares success, and rewards excellence.

• Develop and implement a cybersecurity vision and strategy aligned with business objectives and regulatory requirements.
• Lead a comprehensive cybersecurity program for confidentiality, integrity, availability, safety, privacy, reliability, and resilience of information assets.
• Identify and mitigate risks related to non‑IT‑managed technology (“citizen IT”) and ensure clear ownership of any residual risk.
• Evolve and enforce corporate security policies, best practices, and modern architecture (e.g., Zero Trust, remote work strategies, automated vulnerability management).
• Manage and maintain modern security architectures (e.g., ZTNA, identity‑centric access control, cloud‑native defenses, vulnerability, and patch management automation).
• Provide strategic guidance on security technology investments, architecture reviews, and risk mitigation initiatives.
• Lead or guide responses to cybersecurity incidents.

• Chair the Security Risk Review Board, overseeing evaluation, prioritization, and mitigation of security risks.
• Lead decision‑making on acceptance of residual risks and communicate strategies to senior leadership.
• Facilitate cybersecurity risk assessment and empower business units to make decisions within risk appetite.
• Manage the organization’s incident response and threat hunting capabilities by leading cross‑functional teams, implementing playbooks, and continuously improving detection and response effectiveness.

• Lead the design, implementation, and continuous improvement of technical security controls across IT, cloud, and development environments.
• Collaborate and develop enterprise‑wide standards for identity and access management, network segmentation, endpoint protection, encryption, logging, and monitoring.
• Collaborate with software engineering and infrastructure teams to embed security principles and controls into architectures, systems, and development processes (“secure by design”).
• Partner with Engineering, IT, and business leaders to embed “shift‑left” security into infrastructure, CI/CD pipelines, and operations.

• Ensure compliance with global security and data privacy regulations (GDPR, CCPA, ISO 27001).
• Provide regular reporting on cybersecurity programs and compliance status to senior leadership.
• Maintain external partnerships with industry peers, agencies, and law enforcement to stay ahead of emerging threats.

• Direct creation of targeted cybersecurity awareness training for all employees, contractors, and system users.
• Establish metrics to measure training effectiveness, and ensure employees, contractors, and system users.

• A bachelor's degree and 20 years of professional work experience (or equivalent experience) is required. 8 years management experience is required.

• Bachelor’s degree in computer science, Engineering, or related field.
• Experience leading risk…