AppD Information Systems Security Officer (ISSO) / Director of Strategy, Risk & Compliance

  • Location:
    San Francisco, California, US
  • Area of Interest
    Information Technology
  • Job Type
  • Technology Interest
    Cloud and Data Center, Security
  • Job Id

AppD InfoSec, Information Systems Security Officer (ISSO) & Director of Strategy, Risk & Compliance (SRC) 


About Us

AppDynamics is an application performance monitoring solution that provides real-time visibility and insight into applications and their environments. With our unique solution, you can take the right action at precisely the right time with automated anomaly detection, rapid root-cause analysis, and a unified view of your entire application ecosystem, including private and public clouds. Using AppDynamics, you’ll finally align IT, DevOps, Engineering, and the business around the information that helps you protect your bottom line and deliver magnificent customer experiences.


What You'll Do

As ISSO and Director of SRC, you ensure that the AppD FedRAMP Authorization to Operate (ATO) is maintained. More, this leader will also maintain the SOC 2 Type II certification for all of AppD non-FedRAMP cloud offerings. As required by the role, you will continually assess, monitor, enforce, and report on all aspects of Information Security - per applicable NIST 800-53 r5 controls - within the GovAPM offering, our non-FedRAMP cloud offerings. And forward looking, you will be critical in the development of the Security Governance and Business Strategy capabilities within Information Security.  


Who You'll Work With

Reporting to the CISO, you will partner and work cross-functionally with peers across the Product and Engineering organization to ensure our FedRAMP ATO is maintained. This also includes all peer groups within Information Security, within which you will lead the Compliance and Security Business Office teams. And as a key partner to the GovAPM offering team, you will also work within Sales and Marketing. Lastly, given the extent Cisco provides products and services to Public and Federal customers, there will be opportunities to partner with our ISSO peers within WebEx and Meraki.


Who You Are

As ISSO and Director of SRC, you will be expected to deliver to responsibilities leveraging the leadership and technical management experience as listed below.  


Core Responsibilities

  • Continuously assessing and driving the remediation/mitigation of potential NIST 800-53 r5 control risks within the GovAPM offering  

  • Collaborating and proactively designing for NIST 800-53 r5 requirements within all current and future GovAPM features, enhancements, and service releases

  • Collaborating and proactively communicating with the GSA PMO to ensure that all changes to our GovAPM offering is understood and that any/all resulting compliance requirements are understood by all Product & Engineering teams 

  • Leading the Information Security Compliance and Business Office teams to cross-functionally and continuously drive FedRAMP ATO and SOC 2 Type II certification

  • Develop on-going Governance and Risk Management capabilities initially supporting FedRAMP ATO and SOC 2 Type II certification, but extending and expanding across all AppD Products and Services

  • Operationally maintaining and reporting all applicable security and compliance metrics as required by FedRAMP ATO and SOC 2 Type II; but, also for AppD Objectives & Key Results (OKR) and Key Performance Indicators (KPI) reporting

  • Develop technical program/project management capabilities within Information Security leveraging current SGRC resources and in partnership with the Technical Project Management Office 



  • 10+ years of experience within Information Security as GRC lead or lead compliance analyst with demonstrated mastery of technical security controls and their application/operation; you are expected to understand and effectively communicate how AppD IT and InfoSec processes and tools operate (actual or to be implement) to both external auditors and internal control operators; previous experience as an ISSO and operating knowledge of FedRAMP is appreciated but not required

  • 5+ years of leadership/management experience within an Information Security organization; you are expected to technically lead and drive cross-functional (within Product & Engineering) efforts to close potential control issues across the entirety of the AppD operating space, prioritizing those putting the FedRAMP ATO and/or SOC 2 Type II at risk

  • 3+ years of Governance and Risk Management experience; you should be able to capture and present performance data (i.e. metrics) to drive both tactical and strategic remediation/mitigation activities that minimize security and compliance risk

  • Demonstrated ability to provide thought leadership, structured problem solving, and effectively influence cross-functional organizations

  • Adept at balancing intense short-term pressures with overall long-term goals

  • Strong leadership presence, polish, and politically savvy in a matrixed organization

  • Able to convey complex technical concepts in a concise and actionable means to both business and technical leaders

  • Able to drive technical change and implementations alongside engineers and operators 

  • Positive relationship building abilities and player-coach capabilities


Personal Characteristics

You will have a reputation and track record of success as a technical leader with the ability to drive action. You will be strategic and innovative with an external awareness to understand the nuances of selling complex software products. Utilizing a consultative style, you're experienced in teaching and developing team resources to think strategically and act decisively.


You will possess a player-coach ethos that balances delegation, empowerment , and hands-on problem solving that is exercised within and across the team. You should be able to foster a learning culture within the organization and have confirmed teaming skills with peers so that best operating practices are developed and used.


And finally, you should have a level of professional maturity to change and adapt to a high-energy, dynamic environment characterized by high growth expectations and a collaborative culture.