Vice President, Information Security

About Procare For over 30 years, Procare Solutions has been dedicated to empowering early childhood educators by providing products and services that enable them to focus on the care, safety and education of children. We recognize the responsibility that comes with nurturing and educating children, which is why our child care management solutions are designed to automate business processes, help ensure safety and compliance, communicate with families and provide educational resources and training to help teachers and children thrive. Over 40,000 satisfied customers have chosen Procare Solutions as their trusted partner in providing exceptional care for young minds. A Little About the Role The VP Information Security is a senior leader responsible for establishing and executing Procare's enterprise-wide information security strategy, program, and culture. Reporting to the CTO this role will serve as the company's top security leader — translating complex cyber risk into business language, protecting customer data, enabling compliant product growth, and building a world-class security organization. This is an operationally engaged, high-visibility role that blends strategic vision with operational execution. The ideal candidate is a proven security leader who thrives in a fast-moving SaaS environment, understands how security is changing in an AI first world, and can operate confidently in the boardroom while remaining deeply trusted by engineering and product teams. Procare's security organization protects 40,000+ childcare centers and millions of families who depend on our platform daily.

Our program includes:

Mature compliance posture: SOC 2 Type II certified across all products; PCI DSS v4.0.1 Level 1 Service Provider; TX-RAMP authorized Enterprise security tooling: CrowdStrike NextGen-SIEM, Contrast Security/Veracode for application security, Automox for patch management, Barracuda/Abnormal.ai for email security Proactive security culture: Monthly product security meetings, CSIRT incident response team, public trust center (SafeBase), quarterly Security Steering Committee with C-suite participation Parent company support: Member of Roper Technologies family with access to shared security resources, threat intelligence, and enterprise tooling What you'll do: Security Strategy & Leadership

• Define, own, and continuously evolve a multi-year enterprise security roadmap aligned to business objectives, growth stage, and risk appetite
• Serve as the primary security advisor to the executive leadership team, present security posture, risk metrics, and investment cases with clarity Lead a high-performing security organization including Security Operations, GRC, AppSec, and Cloud Security functions
• Champion a security-first culture across the company through education, executive sponsorship, and accountability
• Translate technical risk into business impact using quantitative risk frameworks (e.g., FAIR) to influence budget and strategic decisions
• Navigate Roper Technologies cybersecurity framework, maintaining compliance with mandatory foundational controls and implementing selected optional controls to achieve maturity targets; serve as primary security liaison to parent company
• Establish AI security governance program to evaluate, approve, and manage AI tool adoption across the organization; implement controls for AI-specific risks including data leakage, prompt injection, and model security
• Manage security across diverse product portfolio (5+ applications) with varying technology stacks, customer bases, and compliance requirements; ensure consistent security standards while accommodating product-specific needs
• Build and maintain executive cybersecurity dashboards providing real-time visibility into security posture, risk metrics, and program progress for board, parent company, and executive leadership Cloud & Product Security
• Secure the company's SaaS platform and cloud environments (AWS/Azure/GCP) by driving secure SDLC, vulnerability management, remediation SLAs, and penetration testing programs
• Partner with Product and Engineering leadership to embed security by design — shifting security left into development workflows without impeding velocity
• Oversee Identity and Access Management (IAM), Zero Trust architecture, data encryption, and cloud security posture management (CSPM/CNAPP)
• Define and maintain security standards for APIs, microservices, container security, and third-party integrations Governance, Risk & Compliance (GRC) Own and maintain the company's Information Security Management System (ISMS), risk register, and policy framework Lead and maintain Type II and PCI DSS v4.

0.1 certifications; oversee ISO 27001, TX-RAMP, GDPR, CCPA, and other applicable regulatory frameworks Manage customer security questionnaires, enterprise security reviews, and security-related RFP/procurement processes in partnership with Sales and Legal Develop and enforce vendor and third-party risk management programs to minimize supply chain exposure Ensure compliance with applicable federal, state, and international data privacy and security regulations Manage state-specific compliance programs including TX-RAMP certification with quarterly vulnerability reporting and evidence submission requirements Implement and maintain customer trust center and security documentation portal to streamline enterprise security reviews and RFP processes Lead supply chain security and vendor breach response program; assess impact of third-party compromises and coordinate remediation across affected systems Ensure compliance with child data protection requirements and education sector-specific regulations; implement specialized controls for sensitive family and student information Security Operations & Incident Response Lead a 24/7-capable security operations capability including SIEM, EDR, XDR, and threat intelligence platforms Own the cyber incident response program: detection, investigation, containment, communication, and post-incident review (PIR) processes Test business continuity and disaster recovery plans with cross-functional stakeholders Monitor emerging threat intelligence; proactively brief leadership on ransomware, social engineering, supply chain, and AI-driven threat vectors Lead Zero Trust architecture planning and implementation across corporate and product environments as multi-year strategic initiative: coordinate with infrastructure, network, and identity teams Corporate Security & IT Risk Management Oversee corporate IT security including endpoint protection, patch management, and corporate network security controls Implement enterprise patch management programs using automated tools to ensure timely remediation of vulnerabilities across workstations and servers Direct Active Directory security assessments and identity hygiene programs across all domain instances Ensure MFA enforcement for all privileged accounts and coordinate rollout of authentication requirements for staff and customers People & Organizational Leadership Recruit, develop, and retain a diverse security team including Security Engineers, Analysts, GRC Specialists, and an AppSec function Define team structure, career ladders, OKRs, and budget for the security organization Manage external security vendors, MSSPs, auditors, and counsel relationships Our ideal candidate will have: 12+ years' of progressive experience in information security, with at least 4 years' in a CISO, Deputy CISO, or VP of Security role Proven track record leading security at a B2B SaaS or cloud-native technology company; experience scaling security programs from growth stage to enterprise maturity Deep expertise in cloud security architecture (AWS, Azure, and/or GCP), secure SDLC, and modern threat detection and response Hands-on leadership of SOC 2 Type II and PCI audits; direct experience with

ISO 27001, GDPR, CCPA

Demonstrated ability to communicate security risk to non-technical executives and board members; experience presenting to audit committees or governance boards Experience managing security through enterprise sales cycles including customer trust reviews, penetration test sharing, and security questionnaire programs Track record of building and scaling security teams from the ground up, including hiring, organizational design, and vendor management Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or a related field required; Master's degree or MBA preferred One or more industry certifications strongly preferred:

CISSP, CISM, CCSP, CISA, CRISC, CEH

Executive presence with the ability to build trust at board level and peer-level across the C-suite Strong business acumen — understands how security decisions impact revenue, customer trust, and company valuation Exceptional communication skills: able to explain complex security concepts in plain language to diverse audiences Collaborative, low-ego leader who can influence without authority and build bridges between security, engineering, legal, and sales Resilient under pressure; sound judgment in high-stakes incident scenarios Skilled at managing competing priorities across multiple compliance programs, product teams, and parent company requirements; able to sequence initiatives and communicate trade-offs effectively

Security Technology Experience Core Security Platforms:

Cloud security: Wiz, Orca, Prisma Cloud, or equivalent

CSPM/CNAPP

solutions

Endpoint/XDR:

CrowdStrike, SentinelOne, Microsoft Defender, or equivalent

SIEM/SOAR

CrowdStrike NextGen-SIEM, Splunk, Sumo Logic, or equivalent

Identity/IAM:

Okta, Auth0, Azure AD, or equivalent

Specialized Security Tools:

Email security: Proofpoint, Mimecast, Abnormal.ai, or equivalent next-gen solutions Application security: Veracode, Checkmarx, Contrast Security, Snyk, or equivalent

SAST/DAST

platforms

GRC/Compliance:

Vanta, Drata, OneTrust, or equivalent automation platforms Trust & transparency: SafeBase, Whistic, or equivalent trust center solutions Patch management: Automox, Ivanti, or equivalent endpoint management platforms

Emerging Security Categories:

AI security and governance tools (familiarity with landscape preferred) Zero Trust architecture frameworks and implementation tools

Physical Requirements:

This position works most of the time in a fixed office location and may involve sitting and/or standing for prolonged periods Frequently required to communicate verbally and in writing (mostly email) with customers, prospects, and other employees Use of computer, telephone, and other office equipment for the greater part of the workday Occasional travel may be required for this position Why Procare?

Excellent comprehensive benefits packages including:

medical, dental, & vision plans HSA option with employer contributions Vacation time, holidays, sick days, volunteer & personal days 401K Plan with employer match and immediate vesting Employee Stock Purchase Plan Employee Discount Program Medical, Dependent Care, and Transportation FSA Plans Company paid Short and Long-Term disability and Life Insurance RTD EcoPass for all Denver employees Tuition Reimbursement and continued Professional Development Fast paced, high energy workplace environment in prime downtown location Regular company provided meals Salary $200,000 - $250,000/year DOE Location This position is based in our Denver, CO office. We are currently in a hybrid in-office/remote working model based on business needs. Candidates must be willing and able to work from our Denver, CO office a minimum of 3 days a week.