About Vendr

Vendr is forever changing how companies buy and renew SaaS. With over $550+ million in SaaS purchases across 1,200+ suppliers, the Vendr SaaS buying platform enables the world’s fastest-growing companies to purchase SaaS, without friction and at a fair price. Headquartered in Boston with a second location in Charleston and over 130+ employees, we are building a team that can take us to the future state of frictionless buying. Some customers include HubSpot, The Washington Post, and DraftKings.

In March 2021 we announced that we raised $60 million at a $600 million valuation for our Series A, backed by Tiger Global (2021), Craft Ventures (David Sacks), Sound Ventures (Ashton Kutcher & Guy Oseary), Y Combinator, and others.

Since 2018, we have:

- Managed $550M+ in software spend

- Saved $99M+ for our customers

- Given our customers thousands of hours back to focus on the important parts of their job

And we’re just getting started. This is your chance to join as we enter hyper-growth and make a massive impact, forever changing the way people buy and sell B2B SaaS. 

We count some of the world’s best companies among our customers, and you’ll own the security program that gives them the confidence to trust us with their sensitive data. We already have a fairly robust program in place, but it’s time for a seasoned security and compliance professional to take it to the next level. As Vendr’s first Head of Security, you’ll take the reins from the early tech leadership team, grow it into a world-class security program, and build up the organization to continue to support it.

Compliance and Policy:

• Ensure the Vendr complies with relevant security and privacy laws and standards
• Identifying, prioritize, and act upon opportunities to improve our posture
• Develop and manage information security and privacy policies
• Oversee implementation of security initiatives
• Own Third Party Vendor Risk Management
• Perform regular system access reviews
• Develop and maintain BCP/DRP programs
• Manage annual SOC 2 audit process
• Prepare for additional certifications as needed by the business (e.g. ISO 27001)
• Manage companywide and department-specific security training
• Respond to security questionnaires from prospects and current customers
• Respond to inquiries about GDPR/CCPA/etc compliance

Technical:

• Consult with engineering leadership on implementation of security-related functionality
• Ensure development practices comply with information security procedures, and advise Engineering colleagues on how we can be improving
• Coordinate regular penetration tests and develop remediation plans with engineering
• Oversee third party IT firm and IT security (e.g. MDM, account access, etc)
• Coordinate Incident response activities

You have:

• BA/BS computer science or engineering degree or equivalent working experience
• 6+ years industry experience in security-related roles such as security engineer or security analyst
• Broad technical knowledge of security and compliance best practices
• Prior experience in debugging, production support, or writing code is ideal
• Experience with security, compliance, and privacy standards such as SOC, GDPR, ISO27001 is ideal

#LI-PD1

Vendr is proud to be an equal opportunity employer and is committed to maintaining a diverse and inclusive work environment. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, physical or mental disability, age, or veteran status or any other basis protected by federal, state, or local law. While we are interested in qualified applicants who are permanently eligible to work for any employer in the United States, we are unable to sponsor or take over sponsorship for employment visas at this time.

To all recruitment agencies: We do not accept unsolicited agency resumes and are not responsible for any fees related to unsolicited resumes.