Edtech.com's Summary

MathWorks is hiring a Head of Information Security. The role requires providing strategic and technical leadership over the Information Security team to safeguard the company's data, infrastructure, and physical assets while ensuring compliance with regulations. The position involves partnering with Product Security, collaborating with senior leadership on risk management, and actively leading the development and implementation of security technologies and policies.

Highlights

Lead and develop a comprehensive cybersecurity strategy aligned with business goals and regulatory demands.
Oversee risk management, including chairing the Security Risk Review Board and guiding incident response efforts.
Manage and improve security architectures such as Zero Trust Network Access and identity-centric controls.
Ensure compliance with global security and privacy frameworks including GDPR, CCPA, and ISO 27001.
Collaborate with engineering and IT teams to integrate security into development and operational processes.
Direct cybersecurity awareness training programs and measure their effectiveness.
Require a bachelor’s degree in computer science, engineering, or related field and at least 20 years of professional experience including 8 years in management.
Strong knowledge of security frameworks, enterprise/cloud security architecture, and experience handling major security incidents.
Preferred qualifications include a master's degree, 25 years in cybersecurity with management experience, and cloud expertise (AWS, Azure).
Must be able to work on-site in Natick three or more days per week in a hybrid workplace setup.

Head of Information Security Full Description

Head of Information Security

Team: Information Technology
Location: US-MA-Natick

Job Summary

Responsible for the strategic and technical leadership and direct management of MathWorks’ Information Security team, overseeing the company’s corporate security. Provides operational direction to ensure protection of data, infrastructure, and physical assets, while maintaining compliance with industry regulations and internal standards.

Partners closely with Product Security team to align strategies, share expertise, and collectively meet MathWorks’ overarching security and compliance objectives. Collaborate with senior leadership to define acceptable risk levels and implement practices to meet cybersecurity policies and standards. Must possess deep technical expertise and be hands-on in defining, selecting, and validating security technologies and architectures.

Responsibilities

Strategic Leadership

Develop and implement a cybersecurity vision and strategy aligned with business objectives and regulatory requirements.
Lead a comprehensive cybersecurity program for confidentiality, integrity, availability, safety, privacy, reliability, and resilience of information assets.
Identify and mitigate risks related to non-IT-managed technology (“citizen IT”) and ensure clear ownership of any residual risk.
Evolve and enforce corporate security policies, best practices, and modern architecture (e.g., Zero Trust, remote work strategies, automated vulnerability management).
Manage and maintain modern security architectures (e.g., ZTNA, identity-centric access control, cloud-native defenses, vulnerability, and patch management automation).
Provide strategic guidance on security technology investments, architecture reviews, and risk mitigation initiatives.
Lead or guide responses to cybersecurity incidents.

Risk Management

Chair the Security Risk Review Board, overseeing evaluation, prioritization, and mitigation of security risks.
Lead decision-making on acceptance of residual risks and communicate strategies to senior leadership.
Facilitate cybersecurity risk assessment and empower business units to make decisions within risk appetite.
Manage the organization’s incident response and threat hunting capabilities by leading cross-functional teams, implementing playbooks, and continuously improving detection and response effectiveness.

Technical Oversight and Security Engineering

Lead the design, implementation, and continuous improvement of technical security controls across IT, cloud, and development environments.
Collaborate and develop enterprise-wide standards for identity and access management, network segmentation, endpoint protection, encryption, logging, and monitoring.
Collaborate with software engineering and infrastructure teams to embed security principles and controls into architectures, systems, and development processes (“secure by design”).
Partner with Engineering, IT, and business leaders to embed “shift-left” security into infrastructure, CI/CD pipelines, and operations.

Compliance and Framework Oversight

Ensure compliance with global security and data privacy regulations (GDPR, CCPA, ISO 27001).
Provide regular reporting on cybersecurity programs and compliance status to senior leadership.
Maintain external partnerships with industry peers, agencies, and law enforcement to stay ahead of emerging threats.

Training and Awareness

Direct creation of targeted cybersecurity awareness training for all employees, contractors, and system users.
Establish metrics to measure training effectiveness, and ensure employees, contractors, and system users.

Minimum Qualifications

A bachelor's degree and 20 years of professional work experience (or equivalent experience) is required. 8 years management experience is required.

Additional Qualifications

Required

Bachelor’s degree in computer science, Engineering, or related field.
Experience leading risk management and security assessments.
Strong understanding of security frameworks (ISO 27001, NIST) and privacy regulations (GDPR, CCPA).
Technical background in enterprise/cloud security architecture, network/system hardening, identity management, secure software development.
Proven experience leading the end-to-end response to major security incidents including triage, containment, recovery, stakeholder communication, and post-incident remediation.
Ability to work three or more days in the Natick office (MathWorks is a hybrid workplace).

Preferred

Master’s or equivalent experience preferred.
25 years’ experience in information security/cybersecurity, with at least 10 years in management, building, and scaling security teams.
Experience with AWS, Azure, or similar cloud environments.
Experience in regulated industries (aerospace, automotive, software).

Key Leadership Behaviors
Strategic Thinking: Design and implement long-term security initiatives.

Technical Leadership: Engage directly with engineers, architects, and IT operations.
Risk Management: Assess risks, lead mitigation strategies, and make recommendations on risk acceptance.
Collaboration: Lead cross-functional teams and build strong relationships.
Change Management: Drive organizational change in security practices and culture.

Original Job Description

Head of Information Security

Team: Information Technology
Location: US-MA-Natick

Job Summary

Responsibilities

Strategic Leadership

Develop and implement a cybersecurity vision and strategy aligned with business objectives and regulatory requirements.
Lead a comprehensive cybersecurity program for confidentiality, integrity, availability, safety, privacy, reliability, and resilience of information assets.
Identify and mitigate risks related to non-IT-managed technology (“citizen IT”) and ensure clear ownership of any residual risk.
Evolve and enforce corporate security policies, best practices, and modern architecture (e.g., Zero Trust, remote work strategies, automated vulnerability management).
Manage and maintain modern security architectures (e.g., ZTNA, identity-centric access control, cloud-native defenses, vulnerability, and patch management automation).
Provide strategic guidance on security technology investments, architecture reviews, and risk mitigation initiatives.
Lead or guide responses to cybersecurity incidents.

Risk Management

Chair the Security Risk Review Board, overseeing evaluation, prioritization, and mitigation of security risks.
Lead decision-making on acceptance of residual risks and communicate strategies to senior leadership.
Facilitate cybersecurity risk assessment and empower business units to make decisions within risk appetite.
Manage the organization’s incident response and threat hunting capabilities by leading cross-functional teams, implementing playbooks, and continuously improving detection and response effectiveness.

Technical Oversight and Security Engineering

Lead the design, implementation, and continuous improvement of technical security controls across IT, cloud, and development environments.
Collaborate and develop enterprise-wide standards for identity and access management, network segmentation, endpoint protection, encryption, logging, and monitoring.
Collaborate with software engineering and infrastructure teams to embed security principles and controls into architectures, systems, and development processes (“secure by design”).
Partner with Engineering, IT, and business leaders to embed “shift-left” security into infrastructure, CI/CD pipelines, and operations.

Compliance and Framework Oversight

Ensure compliance with global security and data privacy regulations (GDPR, CCPA, ISO 27001).
Provide regular reporting on cybersecurity programs and compliance status to senior leadership.
Maintain external partnerships with industry peers, agencies, and law enforcement to stay ahead of emerging threats.

Training and Awareness

Direct creation of targeted cybersecurity awareness training for all employees, contractors, and system users.
Establish metrics to measure training effectiveness, and ensure employees, contractors, and system users.

Minimum Qualifications

A bachelor's degree and 20 years of professional work experience (or equivalent experience) is required. 8 years management experience is required.

Additional Qualifications

Required

Bachelor’s degree in computer science, Engineering, or related field.
Experience leading risk management and security assessments.
Strong understanding of security frameworks (ISO 27001, NIST) and privacy regulations (GDPR, CCPA).
Technical background in enterprise/cloud security architecture, network/system hardening, identity management, secure software development.
Proven experience leading the end-to-end response to major security incidents including triage, containment, recovery, stakeholder communication, and post-incident remediation.
Ability to work three or more days in the Natick office (MathWorks is a hybrid workplace).

Preferred

Master’s or equivalent experience preferred.
25 years’ experience in information security/cybersecurity, with at least 10 years in management, building, and scaling security teams.
Experience with AWS, Azure, or similar cloud environments.
Experience in regulated industries (aerospace, automotive, software).

Key Leadership Behaviors
Strategic Thinking: Design and implement long-term security initiatives.

Technical Leadership: Engage directly with engineers, architects, and IT operations.
Risk Management: Assess risks, lead mitigation strategies, and make recommendations on risk acceptance.
Collaboration: Lead cross-functional teams and build strong relationships.
Change Management: Drive organizational change in security practices and culture.

Let me find your next job.

Thanks - you're signed up.

Head of Information Security

Edtech.com's Summary

Head of Information Security Full Description

Head of Information Security

Assistant Director, Information Security Operations

Senior Security Engineer

Threat Intelligence Lead (Position located in Arlington, Virginia)

Cybersecurity Threat Researcher (Position located in Arlington, Virginia)

Information Security Analyst, Instructional and Information Technology Services