Director of Security and Compliance Operations

Information Technology Seattle, Washington Remote - United States


Description

The Company

Join an energetic team in one of the hottest growing sectors in software—cybersecurity. VIPRE Security Group, a part of Ziff Davis (NASDAQ : ZD), is a global, highly rated, award-winning security, privacy and data protection company protecting millions of consumers and businesses supporting some of the largest brands. Backed by cutting-edge machine learning, one of the world’s largest threat intelligence clouds and real-time behavior monitoring, the VIPRE Security Group delivers unmatched protection against today’s most aggressive threats. The group operates under various brands, VIPRE™, STRONGVPN™, IPVANISH™, SafeSend™, Inspired eLearning™, Livedrive™, SugarSync™.

Join our team and help us fight the cybercriminals and protect our customers by delivering innovative solutions that help keep families and businesses and their data, digital identity, employees, websites, emails and applications private and safe.

The Role

Reporting directly to the SVP of Technology, the Director of Security and Compliance Operations will be an innovative, experienced, self-driven manager/leader in the cyber security space that will be able to educate, provide guidance, manage existing information security initiatives and build out the Security and Compliance Operations function within the Vipre Security Group.  This individual will be an enabler and a partner for various departments within the group (Engineering, Product, Network Operations) and without (Legal, Audit, Corporate InfoSec.).

The candidate must also possess a strong hands-on technical- and security- practitioner background and the ability to effectively collaborate with technical staff, understand governance, risk mitigation, and technical controls. As the leader of the Security and Compliance Operations team, this individual will establish and drive effective processes, technical security standards, and appropriate collaboration among teams to ensure the Group maintains its compliance requirements.

Responsibilities

  • Develop, establish, and manage the strategy for the Security and Compliance Operations function
  • Operates as a strategic player/coach in a highly hands-on role with an opportunity to leverage all skills in the security space, including risk management, compliance and regulatory matters such as PCI, GDPR, and SOX.
  • Recruit and manage the Security and Compliance Operations team.
  • Serve as liaison with the corporate Information Security team, oversee Security Incident responses and manage the corporate programs.
  • Direct, oversee and manage security operations including working with the Engineering and Operations teams to establish security architecture that reflect and support business, operational, technical, and compliance objectives.
  • Work with Engineering and Operations teams to secure production environments, and implement systems to monitor and maintain the security of our products in development and production.
  • Establish a regular program to ensure security standards are in force and are effective.
  • The timely review of threat and vulnerability reports submitted to the Group and the creation of processes and action plans to address risks identified by them.
  • Ensure compliance of the Vipre Security Group with respect to the information security policies and compliance framework of Ziff Davis. 
  • Conduct presentations to and collaborate with company stakeholders to raise awareness of security risk management concerns and drive outcomes to improve security posture.
  • Maintain awareness of Information Security industry trends, evaluate solutions and techniques, and remain aware of new and emerging threats.
  • Other duties as assigned.

Qualifications/Requirements

  • Bachelor's degree in related field or equivalent combination of experience and education
  • CISSP, CISM, or other equivalent security certification is a plus
  • 10+ years of technology experience with a minimum of seven years specifically focused in the area of Cyber Security 
  • Demonstrated leadership abilities with team-oriented interpersonal skills; ability to effectively interface with a broad range of people and roles               
  • Recent experience with engineering, implementing & managing Information Security controls in SasS environments preferred.
  • Progressive experience in Information Security management including, managing Information Security team staffing and security programs and projects
  • Hands-on technical experience with compute systems and networks, security solutions (Firewalls, IDS/IPS, SIEM, Vulnerability Assessment Tools), and Secure SDLC Methodologies
  • Working knowledge of modern software development practices, such as SDLC, Agile, SAFe, etc.
  • Working knowledge of common information security management frameworks, such as, PCI, ISO/IEC
  • Understanding of policy frameworks, rules and laws governing public companies, including GDPR and SOX. 
  • Experience performing multifaceted projects in conjunction with routine operational and support activities.
  • Ability to work with full confidentiality and a high level of personal integrity.
  • Excellent verbal and written communication skills, including the ability to draft and deliver technical reports, presentations, and correspondence.
  • Willingness to learn, discover, experiment 
  • Comfort with working solo as well as the ability to build teams
  • Energetic and fast-paced, with low-ego and an open style
  • Must possess problem-solving skills and logical thinking.
  • Organization and prioritization skills are essential.
  • Travel, both domestic and international, may be required, on occasion. The travel will likely be, for the most part, planned ahead of time and will be on a need basis.
#CloudServices
#LI-Remote
#LI-SF1