Chief Information Security Officer

About the Company

At Torc, we have always believed that autonomous vehicle technology will transform how we travel, move freight, and do business.

A leader in autonomous driving since 2007, Torc has spent over a decade commercializing our solutions with experienced partners. Now a part of the Daimler family, we are focused solely on developing software for automated trucks to transform how the world moves freight.

Join us and catapult your career with the company that helped pioneer autonomous technology, and the first AV software company with the vision to partner directly with a truck manufacturer.

Meet the Team: 

The Chief Information Security Officer (CISO) will lead and oversee Torc’s information security management program. This includes developing a strategic security and risk management program, implementing security policies and procedures, managing security technologies, and overseeing security awareness training. 

What you'll do: 

• The CISO will lead information security operations for the enterprise, including Business Operations, Fleet, Safety, Engineering, and Product.
• Developing and implementing a comprehensive cybersecurity strategy: The CISO will develop and implement a multi-year strategic, comprehensive enterprise-wide information security and risk management program that outlines TORC’s cybersecurity objectives, priorities, and risk mitigation strategies, specifically tailored to the autonomous truck industry
• Establishing and enforce cybersecurity policies and procedures: The CISO should develop and enforce policies and procedures that govern the secure operation and maintenance of the company's enterprise systems and driverless truck systems. This includes guidelines for secure software development, access controls, incident response, data protection, and privacy
• Managing cybersecurity risk: It is the CISO’s responsibility to identify, assess, and prioritize cybersecurity risks associated with the production, deployment, and operation of driverless trucks. The CISO would work closely with other TORC stakeholders to implement risk management strategies, such as threat modeling, vulnerability assessments, and risk mitigation plans
• Overseeing security operations: The CISO would lead the security operations team responsible for monitoring and responding to security incidents, managing security technologies (firewalls, intrusion detection systems, etc.), conducting security audits, and ensuring compliance with relevant regulations and standards.
• Collaboration with internal and external TORC stakeholders: The CISO would work closely with cross-functional teams, creating buy-in for the cybersecurity program with the Executive Leadership Team and team across the company, including engineering, product development, legal, and compliance, with the ultimate goal being to embed security principles and practices throughout the organization and ensure consistent application of established cybersecurity policies, procedures and protocols. Additionally, the CISO will engage with external partners, suppliers, and industry groups to stay informed about emerging threats and best practices. To further collaboration, the CISO will design and implement an organizational cybersecurity champions program that aims to identify, train, and empower a group of employees within the enterprise to become advocates and role models for cybersecurity best practices
• Conducting security awareness and training programs: The CISO will develop and deliver cybersecurity awareness programs to educate employees, contractors, and partners about potential risks, security best practices, and their roles and responsibilities in maintaining a secure environment for autonomous truck operations
• Incident response and recovery: Coordinate incident response efforts, including investigation, containment, and recovery, in the event of a cybersecurity incident or breach.
• Continuous monitoring and improvement: The CISO would establish metrics and key performance indicators (KPIs) to assess the effectiveness of the cybersecurity program. The CISO will ensure ongoing resilience and adaptability of the company's security defenses regularly evaluating Torc’s security program, identifying areas of improvement, and implementing necessary changes. Conducting regular risk assessments and vulnerability scans to identify and prioritize potential threats and vulnerabilities, and develop appropriate mitigation plans
• Staying up-to-date with industry trends and regulations: It is crucial to remain informed about evolving cybersecurity threats, technological advancements, and regulatory requirements relevant to autonomous vehicles and the transportation industry. Engage with external partners, customers, and vendors to assess their security practices, conduct due diligence, and manage third-party security risks. This knowledge will help the CISO adapt TORC’s security strategies to address emerging risks effectively
• Vendor Compliance: The CISO will work cross functionally to assist with due diligence standards for partners and vendors that ensure that they meet the organization's standards for security, privacy, and cybersecurity compliance
• Budgeting: The CISO will oversee and manage a budget for Torc’s cybersecurity function, including the implementing financial plans, monitoring expenditures, and ensuring compliance with financial policies
• Build and lead a cybersecurity organization, sufficient to support Torc’s autonomous vehicle product development and commercialization. Guide the team to set, track, and achieve goals aligned with companywide vision, goals, and initiatives
• Provide up-to-date guidance and direction to employees to ensure compliance with federal, state, and company policies, procedures, guidelines, and management principles
• In partnership with People Operations, supervisory responsibilities include leading continuous team goal setting, career pathing and professional development, tracking competencies, employee team building and training, performance management, work prioritization, resource management and controlling expenses, and reinforces systems, policies, and procedures. Trains staff, maintains training records, ensures appropriate and continuous training. 

What you’ll need to Succeed: 

• Bachelor Degree in business administration or a technology-related field required. Master’s degree is a plus.
• Professional security management certification such as CISSP or CISM is a plus
• Minimum of eight years of experience in a combination of risk management, information security and IT management
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST
• Experience with contract and vendor negotiations and management including managed services.
• Specific experience in Agile development or other best in class development practices and with Cloud computing/Elastic computing across virtualized environments
• Experience implementing data loss prevention (DLP) programs
• Knowledge of Security Operations Centers, Identity and Access Management, and Zero-Trust functions
• Open to traveling - Travel estimated to be 20-25%

Bonus Points! 

• Excellent written and verbal communication skills and high level of personal integrity
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams

Perks of Being a Full-time Torc’r

Torc cares about our team members and we strive to provide benefits and resources to support their health, work/life balance, and future. Our culture is collaborative, energetic, and team focused. Torc offers:  

• A competitive compensation package that includes a bonus component and stock options
• 100% paid medical, dental, and vision premiums for full-time employees  
• 401K plan with a 6% employer match
• Flexibility in schedule and generous paid vacation (available immediately after start date)
• Company-wide holiday office closures
• AD+D and Life Insurance 

At Torc, we’re committed to building a diverse and inclusive workplace. We celebrate the uniqueness of our Torc’rs and do not discriminate based on race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, veteran status, or disabilities.

Even if you don’t meet 100% of the qualifications listed for this opportunity, we encourage you to apply. We’re always looking for those that are hungry, humble, and people smart and your unique experience may be a great fit for this role or others.