Head of Information Security

Summary

MathWorks has a hybrid work model that enables staff members to split their time between office and home. The hybrid model provides the advantage of having both in-person time with colleagues and flexible at-home life optimizations. Learn More: https://www.mathworks.com/company/jobs/resources/applying-and-interviewing.html#onboarding.

Responsible for the strategic and technical leadership and direct management of MathWorks’ Information Security team, overseeing the company’s corporate security. Provides operational direction to ensure protection of data, infrastructure, and physical assets, while maintaining compliance with industry regulations and internal standards.

Partners closely with Product Security team to align strategies, share expertise, and collectively meet MathWorks’ overarching security and compliance objectives. Collaborate with senior leadership to define acceptable risk levels and implement practices to meet cybersecurity policies and standards. Must possess deep technical expertise and be hands-on in defining, selecting, and validating security technologies and architectures.

MathWorks nurtures growth, appreciates inclusivity, encourages initiative, values teamwork, shares success, and rewards excellence.

Responsibilities

Strategic Leadership

• Develop and implement a cybersecurity vision and strategy aligned with business objectives and regulatory requirements.
• Lead a comprehensive cybersecurity program for confidentiality, integrity, availability, safety, privacy, reliability, and resilience of information assets.
• Identify and mitigate risks related to non-IT-managed technology (“citizen IT”) and ensure clear ownership of any residual risk.
• Evolve and enforce corporate security policies, best practices, and modern architecture (e.g., Zero Trust, remote work strategies, automated vulnerability management).
• Manage and maintain modern security architectures (e.g., ZTNA, identity-centric access control, cloud-native defenses, vulnerability, and patch management automation).
• Provide strategic guidance on security technology investments, architecture reviews, and risk mitigation initiatives.
• Lead or guide responses to cybersecurity incidents.
  
  

Risk Management

• Chair the Security Risk Review Board, overseeing evaluation, prioritization, and mitigation of security risks.
• Lead decision-making on acceptance of residual risks and communicate strategies to senior leadership.
• Facilitate cybersecurity risk assessment and empower business units to make decisions within risk appetite.
• Manage the organization’s incident response and threat hunting capabilities by leading cross-functional teams, implementing playbooks, and continuously improving detection and response effectiveness.
  
  

Technical Oversight and Security Engineering

• Lead the design, implementation, and continuous improvement of technical security controls across IT, cloud, and development environments.
• Collaborate and develop enterprise-wide standards for identity and access management, network segmentation, endpoint protection, encryption, logging, and monitoring.
• Collaborate with software engineering and infrastructure teams to embed security principles and controls into architectures, systems, and development processes (“secure by design”).
• Partner with Engineering, IT, and business leaders to embed “shift-left” security into infrastructure, CI/CD pipelines, and operations.
  
  

Compliance and Framework Oversight

• Ensure compliance with global security and data privacy regulations (GDPR, CCPA, ISO 27001).
• Provide regular reporting on cybersecurity programs and compliance status to senior leadership.
• Maintain external partnerships with industry peers, agencies, and law enforcement to stay ahead of emerging threats.
  
  

Training and Awareness

• Direct creation of targeted cybersecurity awareness training for all employees, contractors, and system users.
• Establish metrics to measure training effectiveness, and ensure employees, contractors, and system users.
  
  

Minimum Qualifications

• A bachelor's degree and 20 years of professional work experience (or equivalent experience) is required. 8 years management experience is required.
  
  

Required

Additional qualifications

• Bachelor’s degree in computer science, Engineering, or related field in a related field.
• Experience leading risk management and security assessments.
• Strong understanding of security frameworks (ISO 27001, NIST) and privacy regulations (GDPR, CCPA).
• Technical background in enterprise/cloud security architecture, network/system hardening, identity management, secure software development.
• Proven experience leading the end-to-end response to major security incidents including triage, containment, recovery, stakeholder communication, and post-incident remediation.
• Ability to work three or more days in the Natick office (MathWorks is a hybrid workplace).
  
  

Preferred

• Master’s or equivalent experience preferred.
• 25 years’ experience in information security/cybersecurity, with at least 10 years in management, building, and scaling security teams.
• Experience with AWS, Azure, or similar cloud environments.
• Experience in regulated industries (aerospace, automotive, software).
  
  

Key Leadership Behaviors

• Strategic Thinking: Design and implement long-term security initiatives.
• Technical Leadership: Engage directly with engineers, architects, and IT operations.
• Risk Management: Assess risks, lead mitigation strategies, and make recommendations on risk acceptance.
• Collaboration: Lead cross-functional teams and build strong relationships.
• Change Management: Drive organizational change in security practices and culture.