Director, Information Security

Company: The Great Courses
Location: Chantilly
Posted on: June 19, 2022

Job Description:

Company Overview

Wondrium is the premier entertaining and educational video subscription service that enriches your overall life experiences with approachable, comprehensive, and illuminating content. It's a museum for your mind, an institution for your imagination, and a gallery for your personal genius. We search far and wide to bring you trusted, respected, and inspiring experts and nonfiction storytellers, who have collectively led over 6,000 hours of video courses, documentaries, and series. Your brain is going to love this place.

Summary

Wondrium is seeking a qualified candidate for our Director of Information Security role. This role will report to the Vice President, Technology Services.

In this role, you will be responsible for the development, implementation, and maintenance of information security and business continuity programs and activities. You will also be the subject matter expert to all security stakeholders, and ensure that processes, controls, and documentation are adequate to protect Wondrium from existing risks, as well as from potential new threats.

This individual will lead security initiatives and the implementation of technology, process, and procedures in various domains including endpoint protection, cloud infrastructure protection, event monitoring, vulnerability management, configuration management, and incident response.

In addition, the role will be responsible for assuring proper security assessments (i.e. leading pen-testing, architecture/configuration reviews, threat modeling) take place, identifying process maturity improvements, supporting information security objectives on in-flight projects, and driving remediation. The ideal candidate must be a high-performer with a passion for information technology automation, and someone who can work collaboratively with staff to execute Wondrium's Information Security program.

This role will be instrumental in building an Information Security Team for Wondrium.

Essential functions. Other duties may be assigned:

* Develop and execute on tactical and strategic goals driving a comprehensive information security program
* Communicate information security policies, standards and guidelines across the company, clients, and prospects
* Provide regular reporting on the current status of the information security program to the Executive Team as part of a strategic risk management program
* Support client and prospect due diligence questionnaires and interviews
* Create, communicate and implement a risk-based process for vendor risk management
* Oversee ongoing penetration, vulnerability, disaster recovery, and data breach testing and client-facing security documentation management processes
* Collaborate with DevOps and IT Operations to mitigate vulnerabilities, implement security controls, and draft and maintain company security policies
* Collaborate with VP of Technology Services on product security and roadmaps
* Lead compliance efforts such as PCI, CCPA, GDPR, CPRA.
* Participation with Sales and Legal in vendor contract negotiations

Work Environment

This is a remote position with possible in-office attendance as requested by management

Physical Demands

The physical requirements of this position are described as sedentary work. Sedentary work involves:

* Exerting up to 10 pounds of force occasionally and/or negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects
* Keying
* Talking
* Sitting most of the time
* Walking and standing are required only occasionally

Required Education and Experience

* BS/MS Computer Science and 8+ years of experience in a combination of risk management, information security and IT Leadership roles.

OR
* 10+ years managing/operating in a secure e-commerce environment. Must have experience creating/implementing security policies across all aspects of the technical business environment.
* Proven track record and demonstrated leadership in developing information security policies, standards, and procedures
* Knowledge of Cloud Security best practices and tools such as security group management, developer account management, secure deployment models, AWS-Well Architected, CSA-CCSK , etc
* Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences
* Hands-on security professional & technologist with experience securing web services running in a public cloud environment (AWS, GPC, Azure)
* Strong knowledge of various security technologies such as vulnerability management, AV/EDR, IDS/IPS, SIEM, VPN, DNS, firewalls, proxies, etc
* Commitment to data privacy, and experience with Privacy by Design frameworks
* Experience (or strong interest) in working in a fast-paced environment
* Pursuit of or interest in Industry certifications such as CISSP, CISM, CISA, CCSK+, CCAK, ACSP

Preferred Education/Experience

* MIS or related field and MBA is a plus

Affirmative Action/EEO statement

Wondrium provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required for this job. Duties, responsibilities, and activities may change at any time with or without notice.

Keywords: The Great Courses, Chantilly , Director, Information Security, Executive , Chantilly, Virginia