Director, Information Security
Long Beach, CA
Zwift
Zwift ist virtuelles Lauf - und Radtraining. Übertriff deine Ziele und messe dich mit anderen Sportlern aus der ganzen Welt. Mit strukturierten Workouts und Gruppenfahrten mit Anderen.Seniority Level: Director
Location: Long Beach, CA/ Remote US
About the role and about You:
At Zwift IT, we are constantly improving our security posture. Currently, we are looking for a Director, Information Security to be a key member of the IT Leadership Team. This role is critical to leading and transforming our security programs to keep up with the threat landscape and partnering across the Zwift in this critical area. The candidate is expected to have broad practical implementation knowledge of designing and running information security programs, building, and scaling large security capabilities, and working across organizational boundaries and with executive leadership to shape the security strategy to ensure our promises to customers in every interaction.
The Director of Information Security will drive and support the security policies, practices, procedures, and technologies required to ensure the protection of our networks, systems, applications, data, and products. S/he will ensure operational risk management efficiencies are achieved across the enterprise and will develop, document, and operate controls maximizing risk mitigation, which are compliant with target industry regulations including ISO27K/NIST CSF, PCI DSS, SOX, GDPR, and CCPA.
To be successful you not only are great at defining a vision, but you are equally great at executing that vision. This position will report directly to the Vice President of Information Technology.
What you’ll do:
- Establishes and maintains the Enterprise Security vision, strategy, and program to ensure information assets and technologies are adequately protected
- Provides leadership to develop and execute an enterprise information security strategy and roadmap. Aligns with enterprise business strategy, gains executive approval and support, and oversees the successful execution
- Works with Zwift development and infrastructure teams to identify and remediate application and infrastructure related vulnerabilities
- Ensures Identity and Access reviews are performed periodically and follow through on findings and remediations
- Develops and employs an ongoing information security communications, training, and awareness program tailored to the evolving needs of the business and specific requirements of various user groups.
- Defines Objectives and Key Results (OKRs), strategic risk indicators, and metrics/scorecards to understand current health and drive insights into future focus areas for the team before issues occur/risks are realized.
- Prepares, maintains, and communicates security procedures and documentation including incident response procedures
- Collaborates cross-functionally, including with engineering, legal, product, and IT teams, to build and strengthen information security and privacy across our service and infrastructure
- Responsible for security operations including threat prevention, detection, and incident response strategy to include a formalized incident response process, declaring security incidents, coordinating and assisting in the investigation of potential incidents, assisting in the recovery from attacks, coordinating with legal, compliance, and other stakeholders, law enforcement agencies (where applicable), and developing the post-response control strategy
- Works closely with and provides technical expertise to compliance, business units, and supporting departments in the implementation, certification, and maintenance of compliance standards (E.g., NIST CSF/800-171/CMMC, ISO 27001/ISO27701, SOX, PCI/DSS, GDPR, CCPA, etc.)
- Develops, trains, and mentors the Information Security team to grow their technical and professional capabilities
What you'll have:
- Bachelor’s degree in Computer Science, Information Systems, Engineering, or related technical field
- 8+ years of experience in a combination of information technology & security, and IT risk management
- 8+ years of leadership experience in information security policy, standards, architecture, technology, and programs
- Experience with multiple Information Security domains, such as Infrastructure Vulnerability, Data Loss Prevention, End User Security, Network Security, Internet Security, Application Security, Cloud Security(AWS), Identity & Access Management, etc
- Experience with security products from a variety of vendors (firewalls, intrusion detection systems, vulnerability scanners, multi-factor/strong authentication technologies, SIEM, CASB, logging, penetration testing software, etc.)
- Knowledge and understanding of relevant legal and regulatory requirements, such as GDPR, SOX, PCI/DSS, ISO/IEC 27001, and NIST security principles
- Proven and demonstrated successful experience delivering results in the following areas of IT Security: Identity and Access Management (IM), Application, Cloud and Data Security, Information Governance Risk & Compliance (GRC), Security Operations
- Must have a track record of developing and implementing a comprehensive strategy and plan for managing information security
- Exceptional program and project management skills
- Strong written/oral communication skills required along with the desire and ability to communicate with business leaders at all levels of the organization
- Strong analytical and problem-solving skills
Bonus points:
- One or more relevant certifications preferred (CISSP, CCSP, CISA, or CISM)
- Cloud Engineering or Security Certification preferred - AWS Certified DevOps Engineer, AWS Certified Security, or similar certifications
- Experience with Docker, Open Container Initiative, Kubernetes, or similar is a big plus.
How to stand out among the rest:
Your resume/CV is enough to show off your skills, accomplishments, and experience. However, if you choose to include a cover letter introducing us to your awesome personality, we will read that too.
Values:
Of course, we are nothing without our values. Our values ground us. They ensure we run and build a company where people love to work, feel like they are welcomed, included, and belong. Only then can they thrive and do their best work. The values we strive to live every day are:
- Make It Fun
- Elevate Teammates
- Cultivate Our Community
- Always Level Up
- One Zwift for All
We strongly believe that different backgrounds and ideas are a competitive advantage; we hire candidates of any race, color, ancestry, religion, sex, national origin, sexual orientation, gender identity, age, marital or family status, disability, Veteran status, and any other status. Zwift is proud to be an Equal Opportunity Employer. If you have a disability or special need that requires accommodation, please let us know by emailing careers@zwift.com.
Zwift, Inc. is an Equal Opportunity Employer.
Tags: Application security AWS CCPA CCSP CISA CISM CISSP Cloud CMMC Compliance Computer Science DevOps Docker Firewalls GDPR Governance IAM Incident response Intrusion detection ISO 27001 Kubernetes Network security NIST OKR PCI DSS Pentesting Privacy Risk management Security strategy SIEM Strategy Vulnerabilities
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs