Vice President, Information Security

About ProcareFor over 30 years, Procare Solutions has been dedicated to empowering early childhood educators by providing products and services that enable them to focus on the care, safety and education of children. We recognize the responsibility that comes with nurturing and educating children, which is why our child care management solutions are designed to automate business processes, help ensure safety and compliance, communicate with families and provide educational resources and training to help teachers and children thrive.Over 40,000 satisfied customers have chosen Procare Solutions as their trusted partner in providing exceptional care for young minds.A Little About The RoleThe VP Information Security is a senior leader responsible for establishing and executing Procare’s enterprise-wide information security strategy, program, and culture. Reporting to the CTO this role will serve as the company's top security leader — translating complex cyber risk into business language, protecting customer data, enabling compliant product growth, and building a world-class security organization.This is an operationally engaged, high-visibility role that blends strategic vision with operational execution. The ideal candidate is a proven security leader who thrives in a fast-moving SaaS environment, understands how security is changing in an AI first world, and can operate confidently in the boardroom while remaining deeply trusted by engineering and product teams.Procare's security organization protects 40,000+ childcare centers and millions of families who depend on our platform daily. Our program includes:Mature compliance posture: SOC 2 Type II certified across all products; PCI DSS v4.0.1 Level 1 Service Provider; TX-RAMP authorizedEnterprise security tooling: CrowdStrike NextGen-SIEM, Contrast Security/Veracode for application security, Automox for patch management, Barracuda/Abnormal.ai for email securityProactive security culture: Monthly product security meetings, CSIRT incident response team, public trust center (SafeBase), quarterly Security Steering Committee with C-suite participationParent company support: Member of Roper Technologies family with access to shared security resources, threat intelligence, and enterprise toolingWhat You’ll DoSecurity Strategy & Leadership Define, own, and continuously evolve a multi-year enterprise security roadmap aligned to business objectives, growth stage, and risk appetite Serve as the primary security advisor to the executive leadership team, present security posture, risk metrics, and investment cases with clarityLead a high-performing security organization including Security Operations, GRC, AppSec, and Cloud Security functions Champion a security-first culture across the company through education, executive sponsorship, and accountability Translate technical risk into business impact using quantitative risk frameworks (e.g., FAIR) to influence budget and strategic decisions Navigate Roper Technologies cybersecurity framework, maintaining compliance with mandatory foundational controls and implementing selected optional controls to achieve maturity targets; serve as primary security liaison to parent company Establish AI security governance program to evaluate, approve, and manage AI tool adoption across the organization; implement controls for AI-specific risks including data leakage, prompt injection, and model security Manage security across diverse product portfolio (5+ applications) with varying technology stacks, customer bases, and compliance requirements; ensure consistent security standards while accommodating product-specific needs Build and maintain executive cybersecurity dashboards providing real-time visibility into security posture, risk metrics, and program progress for board, parent company, and executive leadershipCloud & Product Security Secure the company's SaaS platform and cloud environments (AWS/Azure/GCP) by driving secure SDLC, vulnerability management, remediation SLAs, and penetration testing programs Partner with Product and Engineering leadership to embed security by design — shifting security left intodevelopment workflows without impeding velocity Oversee Identity and Access Management (IAM), Zero Trust architecture, data encryption, and cloudsecurity posture management (CSPM/CNAPP) Define and maintain security standards for APIs, microservices, container security, and third-partyintegrationsGovernance, Risk & Compliance (GRC)Own and maintain the company's Information Security Management System (ISMS), risk register, and policy frameworkLead and maintain Type II and PCI DSS v4.0.1 certifications; oversee ISO 27001, TX-RAMP, GDPR, CCPA, and other applicable regulatory frameworksManage customer security questionnaires, enterprise security reviews, and security-related RFP/procurement processes in partnership with Sales and LegalDevelop and enforce vendor and third-party risk management programs to minimize supply chain exposureEnsure compliance with applicable federal, state, and international data privacy and security regulationsManage state-specific compliance programs including TX-RAMP certification with quarterly vulnerability reporting and evidence submission requirementsImplement and maintain customer trust center and security documentation portal to streamline enterprise security reviews and RFP processesLead supply chain security and vendor breach response program; assess impact of third-party compromises and coordinate remediation across affected systemsEnsure compliance with child data protection requirements and education sector-specific regulations; implement specialized controls for sensitive family and student informationSecurity Operations & Incident ResponseLead a 24/7-capable security operations capability including SIEM, EDR, XDR, and threat intelligence platformsOwn the cyber incident response program: detection, investigation, containment, communication, and post-incident review (PIR) processesTest business continuity and disaster recovery plans with cross-functional stakeholdersMonitor emerging threat intelligence; proactively brief leadership on ransomware, social engineering, supply chain, and AI-driven threat vectorsLead Zero Trust architecture planning and implementation across corporate and product environments as multi-year strategic initiative: coordinate with infrastructure, network, and identity teamsCorporate Security & IT Risk ManagementOversee corporate IT security including endpoint protection, patch management, and corporate network security controlsImplement enterprise patch management programs using automated tools to ensure timely remediation of vulnerabilities across workstations and serversDirect Active Directory security assessments and identity hygiene programs across all domain instancesEnsure MFA enforcement for all privileged accounts and coordinate rollout of authentication requirements for staff and customersPeople & Organizational LeadershipRecruit, develop, and retain a diverse security team including Security Engineers, Analysts, GRC Specialists, and an AppSec functionDefine team structure, career ladders, OKRs, and budget for the security organizationManage external security vendors, MSSPs, auditors, and counsel relationshipsOur Ideal Candidate Will Have12+ years' of progressive experience in information security, with at least 4 years' in a CISO, Deputy CISO, or VP of Security roleProven track record leading security at a B2B SaaS or cloud-native technology company; experience scaling security programs from growth stage to enterprise maturityDeep expertise in cloud security architecture (AWS, Azure, and/or GCP), secure SDLC, and modern threat detection and responseHands-on leadership of SOC 2 Type II and PCI audits; direct experience with ISO 27001, GDPR, CCPADemonstrated ability to communicate security risk to non-technical executives and board members; experience presenting to audit committees or governance boardsExperience managing security through enterprise sales cycles including customer trust reviews, penetration test sharing, and security questionnaire programsTrack record of building and scaling security teams from the ground up, including hiring, organizational design, and vendor managementBachelor's degree in Computer Science, Information Systems, Cybersecurity, or a related field required; Master's degree or MBA preferredOne or more industry certifications strongly preferred: CISSP, CISM, CCSP, CISA, CRISC, CEHExecutive presence with the ability to build trust at board level and peer-level across the C-suiteStrong business acumen — understands how security decisions impact revenue, customer trust, and company valuationExceptional communication skills: able to explain complex security concepts in plain language to diverse audiencesCollaborative, low-ego leader who can influence without authority and build bridges between security, engineering, legal, and salesResilient under pressure; sound judgment in high-stakes incident scenariosSkilled at managing competing priorities across multiple compliance programs, product teams, and parent company requirements; able to sequence initiatives and communicate trade-offs effectivelySecurity Technology ExperienceCore Security Platforms:Cloud security: Wiz, Orca, Prisma Cloud, or equivalent CSPM/CNAPP solutionsEndpoint/XDR: CrowdStrike, SentinelOne, Microsoft Defender, or equivalentSIEM/SOAR: CrowdStrike NextGen-SIEM, Splunk, Sumo Logic, or equivalentIdentity/IAM: Okta, Auth0, Azure AD, or equivalentSpecialized Security ToolsEmail security: Proofpoint, Mimecast, Abnormal.ai, or equivalent next-gen solutionsApplication security: Veracode, Checkmarx, Contrast Security, Snyk, or equivalent SAST/DAST platformsGRC/Compliance: Vanta, Drata, OneTrust, or equivalent automation platformsTrust & transparency: SafeBase, Whistic, or equivalent trust center solutionsPatch management: Automox, Ivanti, or equivalent endpoint management platformsEmerging Security CategoriesAI security and governance tools (familiarity with landscape preferred)Zero Trust architecture frameworks and implementation toolsPhysical RequirementsThis position works most of the time in a fixed office location and may involve sitting and/or standing for prolonged periodsFrequently required to communicate verbally and in writing (mostly email) with customers, prospects, and other employeesUse of computer, telephone, and other office equipment for the greater part of the workdayOccasional travel may be required for this positionWhy Procare?Excellent comprehensive benefits packages including: medical, dental, & vision plansHSA option with employer contributionsVacation time, holidays, sick days, volunteer & personal days401K Plan with employer match and immediate vestingEmployee Stock Purchase PlanEmployee Discount ProgramMedical, Dependent Care, and Transportation FSA PlansCompany paid Short and Long-Term disability and Life InsuranceRTD EcoPass for all Denver employeesTuition Reimbursement and continued Professional DevelopmentFast paced, high energy workplace environment in prime downtown locationRegular company provided mealsSalary$200,000 - $250,000/year DOELocationThis position is based in our Denver, CO office. We are currently in a hybrid in-office/remote working model based on business needs. Candidates must be willing and able to work from our Denver, CO office a minimum of 3 days a week.