EverQuote (Nasdaq: EVER) operates the largest online marketplace for insurance shopping in the United States. We make insurance shopping easy, efficient and personal, saving consumers and providers time and money. Our goal is to reshape the way consumers shop and improve the way insurance providers attract and connect with customers as insurance shopping continues to shift online.

The Vice President of Information Security and Compliance is responsible for establishing information security strategy for the organization and directs the implementation and monitoring of information security standards and policies. This position is responsible for managing risks relating to information security, physical security, business continuity planning, crisis management, data privacy, and compliance. It will report to the CIO and be a key member of the senior IT leadership team.

You will:

• Develop an action plan for managing information security risks including the capture, assignment and management of risks.
• Manage and facilitate the Sarbanes-Oxley IT General Controls Program.  
• Manage and respond to external requests for security due diligence on EverQuote policies, procedures and systems.  
• Manage and respond to internal vendor security due diligence requests.  
• Ensure all EverQuote covered persons have appropriate annual information security and phishing training.
• Develop a Sarbanes-Oxley IT General Controls action plan for 2021 and Ensure and document that Sarbanes-Oxley IT General Controls are operating effectively.
• Work with CIO, CTO and audit committee to adopt proposed changes to the EQ Information Security and Technology Policy

You have:

• History of successfully driving Sarbanes-Oxley IT General Control compliance programs at post-SOX emerging growth public companies.
• Experience working with senior leadership, engineering, finance, HR, legal and security teams to drive compliance objectives through stakeholder collaboration and results.
• Experience working directly with external audit teams to manage audit programs.
• Experience performing review of SSAE18 SOC reports including Complementary User Entity Controls (CUECs) and Subservice Organizations and Complimentary Subservice Organization Controls (CSOCs).
• Experience conducting interviews with security teams to assess security posture.
• Experience working with external information security stakeholders to satisfy external stakeholder due diligence requirements.
• Strong understanding of information security and audit principles 
• Experience designing and managing public company information security risk assurance programs
• Excellent written and verbal skills to produce concise and understandable communications to staff, contractors and partners.

We get it. Requirements can sometimes hold people back from applying to a job, but don’t let that be the case here. If you believe you have the skills it takes to elevate this role, team, and company, we encourage you to apply for this role.

EverQuote is committed to building an equitable, diverse and inclusive workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, marital status, national origin, genetics, disability, age, or veteran status.