Who we are

We are a dedicated team of security professionals focused on evolving Mindbody’s security posture. Our collective goal is to protect the future, fostering increased opportunities for wellness businesses worldwide to empower their customers in leading secure and healthy lives. Committed to a higher purpose, we continuously challenge ourselves and our organization to excel, understanding the strength derived from collaborative efforts towards a common objective. We are advocates for a diverse workplace, fostering an environment where individuals can bring their authentic selves to contribute to our shared success. At the heart of our achievements lies the belief in the value of our people. If you share our passion and vision, consider joining our team, and let's explore the remarkable feats we can achieve together! 

Your Role

The BISO serves as a critical bridge between our company’s cyber security initiatives and its highly technical business units. The BISO will play a pivotal role in ensuring that our cyber security strategies are effectively integrated within our Engineering and IT organizations, fostering a secure software development lifecycle, and promoting a culture of security awareness. 

As the BISO, you will be responsible for liaising between the Cyber Security team and the rest of the company and executing the requirements and strategy of the Chief Information Security Officer. You are an experienced security professional who is passionate about executing impactful and highly critical security initiatives.

The ideal candidate will possess a deep understanding of cyber security principles, risk & vulnerability management, and the technical nuances of production SaaS environments. 

You’ll pursue continuous improvement to help Mindbody achieve its mission: Powering the world’s fitness and wellness businesses and connecting them with more consumers, more effectively, than anyone else. 

You will

• Work closely with leaders and individual contributors across our business units to integrate security best practices into all phases of the SDLC, ensuring that products are designed and built with security in mind 
• Collaborate with technical teams to develop and implement effective vulnerability mitigation strategies 
• Coordinate with Cyber Security department heads such as Product Security, Risk, and Security Operations to ensure their initiatives are communicated to and coordinated across the business 
• Act as a liaison between the Cyber Security team and the business units, fostering strong relationships and ensuring that security considerations are prioritized in business decisions 
• Be actively involved in cyber security strategic direction while taking the business’s priorities into account 
• Serve as the primary point of contact for security incidents within the business units, coordinating with the broader Cyber Security team to manage and resolve incidents efficiently 
• Identify creative ways to measure and track progress on the team's initiatives and promote learning from both successes and failures to a wider audience  
• Ensure that software development practices comply with relevant security policies and regulations. Prepare for and facilitate internal and external security audits 

About the right team member

 You are an experienced security professional who is passionate about executing impactful and high-quality security initiatives. You know the best security is created through collaboration and iteration and you're looking for the right opportunity, and the right team, to expand your experience  

You'll thrive in this role with experience in

• Bachelor’s degree in Computer Science, Information Security, or other technical field 
• Proven track record in a role that required liaising between security and technical teams, preferably in a technical or software development context  
• 4-6 years information security and/or technology experience, 1+ year in a similar role 
• Familiarity with cloud security principles, secure SDLC, and familiarity with DevSecOps 
• Demonstrated ability to manage cyber risks, conduct security assessments, and develop mitigation strategies  
• Familiarity with applying MITRE ATT&CK or similar frameworks in enterprise environments  
• Understanding of how compliance frameworks such as PCI DSS and HITRUST impact security design and considerations 
• Strong understanding of information security frameworks (e.g. NIST, ISO 27001, etc.) is highly desirable  

Pay transparency

It is Mindbody’s intent to pay all Team Members competitive wages and salaries that are motivational, fair and equitable. The goal of Mindbody’s compensation program is to be transparent, attract potential employees, meet the needs of all current employees, and encourage Team Members to stay with our organization.

Actual compensation packages are based on several factors that are unique to each candidate, including but not limited to skill set, depth of experience, certifications, and specific work location.

The base salary range for this position in the United States is $106,000 to $159,000. The total compensation package for this position may also include performance bonus, benefits and/or other applicable incentive compensation plans.