Deputy CISO

What You'll Do As Deputy CISO, you will report directly to the CSO and serve as their strategic and operational right hand. You'll drive day-to-day execution across the security portfolio while leading mission-critical functions for a global SaaS environment - operating fluently at both the engineering and executive layers. We are looking for a cyber executive professional with deep operational security experience, strong engineering instincts, and the presence to operate confidently in the boardroom. You mentor technical teams while shaping enterprise strategy and innovation. #LI-Remote What Your Responsibilities Will Be Operational & Technical Leadership Oversee cloud, platform, and network security for a large-scale, distributed SaaS product. Evaluate and influence architectural decisions across microservices, APIs, and cloud infrastructure. Provide deep technical guidance in areas such as: Network segmentation and secure VPC design Firewall, boundary control, and traffic flow architecture Protocol-level traffic analysis and defensive engineering Secure design patterns and resilient architecture for cloud-native systems Assess architectural diagrams and network topologies, challenging engineering decisions with confidence. Guide engineering teams on threat modeling, attack surface minimization, and resiliency. Incident Response & Operational Command Lead enterprise-scale incident response, driving real-time decisions. Understand root cause, containment strategies, log sources, detection gaps, and kill-chain impacts. Direct cross-functional responders during high-severity events. Partner with engineering and product teams for fast remediation. Communicate clearly with senior executives during critical incidents. Strategic Security Leadership Oversee enterprise risk management, including GRC, vendor risk, and regulatory frameworks (SOC 2, ISO 27001, GDPR, etc.). Lead initiatives in AI/ML security, including adversarial testing and the build-out of an AI security testing function. Drive cross-functional resilience programs spanning business continuity, disaster recovery, and data lifecycle governance. Translate technical risks into operational and business implications for executive stakeholders. Influence product, engineering, legal, and risk partners to ensure aligned and scalable security practices. What You'll Need to be Successful 10–15+ years of progressive InfoSec leadership, including VP/Head-of-level responsibility and deep operational oversight. Demonstrated success leading cloud-first or cloud-scale security programs, ideally high-risk environments. Strong, current technical foundation with an emphasis on network security, including: TCP/IP, routing, firewalls, VPNs, proxies Network and distributed system architecture review Attack path analysis, lateral movement detection, and traffic-level defensive engineering Secure design of large, distributed, cloud-native systems Significant incident response leadership, including enterprise-scale, high-severity events and coordination of technical responders. Enterprise-level AI/ML security expertise, including hands-on implementation experience, adversarial testing, secure model design, or applied detection use cases — with the ability to lead AI security strategy across product and enterprise. Strong command of security frameworks and risk standards (NIST CSF, ISO 27001, SOC 2, PCI, GDPR). Engineering mindset and technical pedigree, ideally supported by a STEM degree. High-credibility communicator able to influence senior technical leaders and translate complex risks into business-aligned decisions. Avalara is an AI-first Company AI is embedded in our workflows, decision-making, and products. Success here requires embracing AI as an essential capability. You’ll bring experience using AI and AI-related technologies, ready to thrive here. You’ll apply AI every day to business challenges - improving efficiency, contributing solutions, and driving results for your team, our company, and our customers. You’ll grow with AI by staying curious about new trends and best practices, and by sharing what you learn so others can benefit too. How We'll Take Care of You Total Rewards In addition to a great compensation package, paid time off, and paid parental leave, many Avalara employees are eligible for bonuses. Health & Wellness Benefits vary by location but generally include private medical, life, and disability insurance. Inclusive culture and diversity Avalara strongly supports diversity, equity, and inclusion, and is committed to integrating them into our business practices and our organizational culture. We also have a total of 8 employee-run resource groups, each with senior leadership and exec sponsorship. What You Need To Know About Avalara We’re defining the relationship between tax and tech. We’ve already built an industry-leading cloud compliance platform, processing over 54 billion customer API calls and over million tax returns a year. Our growth is real - we're a billion dollar business - and we’re not slowing down until we’ve achieved our mission - to be part of every transaction in the world. We’re bright, innovative, and disruptive, like the orange we love to wear. It captures our quirky spirit and optimistic mindset. It shows off the culture we’ve designed, that empowers our people to win. We’ve been different from day one. Join us, and your career will be too. We’re An Equal Opportunity Employer Supporting diversity and inclusion is a cornerstone of our company — we don’t want people to fit into our culture, but to enrich it. All qualified candidates will receive consideration for employment without regard to race, color, creed, religion, age, gender, national orientation, disability, sexual orientation, US Veteran status, or any other factor protected by law. If you require any reasonable adjustments during the recruitment process, please let us know.Operational & Technical Leadership Oversee cloud, platform, and network security for a large-scale, distributed SaaS product. Evaluate and influence architectural decisions across microservices, APIs, and cloud infrastructure. Provide deep technical guidance in areas such as: Network segmentation and secure VPC design Firewall, boundary control, and traffic flow architecture Protocol-level traffic analysis and defensive engineering Secure design patterns and resilient architecture for cloud-native systems Assess architectural diagrams and network topologies, challenging engineering decisions with confidence. Guide engineering teams on threat modeling, attack surface minimization, and resiliency. Incident Response & Operational Command Lead enterprise-scale incident response, driving real-time decisions. Understand root cause, containment strategies, log sources, detection gaps, and kill-chain impacts. Direct cross-functional responders during high-severity events. Partner with engineering and product teams for fast remediation. Communicate clearly with senior executives during critical incidents. Strategic Security Leadership Oversee enterprise risk management, including GRC, vendor risk, and regulatory frameworks (SOC 2, ISO 27001, GDPR, etc.). Lead initiatives in AI/ML security, including adversarial testing and the build-out of an AI security testing function. Drive cross-functional resilience programs spanning business continuity, disaster recovery, and data lifecycle governance. Translate technical risks into operational and business implications for executive stakeholders. Influence product, engineering, legal, and risk partners to ensure aligned and scalable security practices.