Director, Information Security

Seniority Level:  Director

Location: Long Beach, CA/ Remote US

About the role and about You:

At Zwift IT, we are constantly improving our security posture. Currently, we are looking for a Director, Information Security to be a key member of the IT Leadership Team. This role is critical to leading and transforming our security programs to keep up with the threat landscape and partnering across the Zwift in this critical area. The candidate is expected to have broad practical implementation knowledge of designing and running information security programs, building, and scaling large security capabilities, and working across organizational boundaries and with executive leadership to shape the security strategy to ensure our promises to customers in every interaction.

The Director of Information Security will drive and support the security policies, practices, procedures, and technologies required to ensure the protection of our networks, systems, applications, data, and products. S/he will ensure operational risk management efficiencies are achieved across the enterprise and will develop, document, and operate controls maximizing risk mitigation, which are compliant with target industry regulations including ISO27K/NIST CSF, PCI DSS, SOX, GDPR, and CCPA.

To be successful you not only are great at defining a vision, but you are equally great at executing that vision. This position will report directly to the Vice President of Information Technology.

What you’ll do: 

• Establishes and maintains the Enterprise Security vision, strategy, and program to ensure information assets and technologies are adequately protected
• Provides leadership to develop and execute an enterprise information security strategy and roadmap. Aligns with enterprise business strategy, gains executive approval and support, and oversees the successful execution
• Works with Zwift development and infrastructure teams to identify and remediate application and infrastructure related vulnerabilities
• Ensures Identity and Access reviews are performed periodically and follow through on findings and remediations
• Develops and employs an ongoing information security communications, training, and awareness program tailored to the evolving needs of the business and specific requirements of various user groups.
• Defines Objectives and Key Results (OKRs), strategic risk indicators, and metrics/scorecards to understand current health and drive insights into future focus areas for the team before issues occur/risks are realized.
• Prepares, maintains, and communicates security procedures and documentation including incident response procedures
• Collaborates cross-functionally, including with engineering, legal, product, and IT teams, to build and strengthen information security and privacy across our service and infrastructure
• Responsible for security operations including threat prevention, detection, and incident response strategy to include a formalized incident response process, declaring security incidents, coordinating and assisting in the investigation of potential incidents, assisting in the recovery from attacks, coordinating with legal, compliance, and other stakeholders, law enforcement agencies (where applicable), and developing the post-response control strategy
• Works closely with and provides technical expertise to compliance, business units, and supporting departments in the implementation, certification, and maintenance of compliance standards (E.g., NIST CSF/800-171/CMMC, ISO 27001/ISO27701, SOX, PCI/DSS, GDPR, CCPA, etc.)
• Develops, trains, and mentors the Information Security team to grow their technical and professional capabilities

What you'll have:

• Bachelor’s degree in Computer Science, Information Systems, Engineering, or related technical field
• 8+ years of experience in a combination of information technology & security, and IT risk management
• 8+ years of leadership experience in information security policy, standards, architecture, technology, and programs
•  Experience with multiple Information Security domains, such as Infrastructure Vulnerability, Data Loss Prevention, End User Security, Network Security, Internet Security, Application Security, Cloud Security(AWS), Identity & Access Management, etc
• Experience with security products from a variety of vendors (firewalls, intrusion detection systems, vulnerability scanners, multi-factor/strong authentication technologies, SIEM, CASB, logging, penetration testing software, etc.)
• Knowledge and understanding of relevant legal and regulatory requirements, such as GDPR, SOX, PCI/DSS, ISO/IEC 27001, and NIST security principles
• Proven and demonstrated successful experience delivering results in the following areas of IT Security:  Identity and Access Management (IM),  Application, Cloud and Data Security, Information Governance Risk & Compliance (GRC), Security Operations
• Must have a track record of developing and implementing a comprehensive strategy and plan for managing information security
• Exceptional program and project management skills
• Strong written/oral communication skills required along with the desire and ability to communicate with business leaders at all levels of the organization
• Strong analytical and problem-solving skills

Bonus points:

• One or more relevant certifications preferred (CISSP, CCSP, CISA, or CISM)
• Cloud Engineering or Security Certification preferred - AWS Certified DevOps Engineer, AWS Certified Security, or similar certifications
• Experience with Docker, Open Container Initiative, Kubernetes, or similar is a big plus.

How to stand out among the rest:

Your resume/CV is enough to show off your skills, accomplishments, and experience. However, if you choose to include a cover letter introducing us to your awesome personality, we will read that too.

Values:

Of course, we are nothing without our values. Our values ground us. They ensure we run and build a company where people love to work, feel like they are welcomed, included, and belong.  Only then can they thrive and do their best work.  The values we strive to live every day are:

• Make It Fun
• Elevate Teammates
• Cultivate Our Community
• Always Level Up
• One Zwift for All

We strongly believe that different backgrounds and ideas are a competitive advantage; we hire candidates of any race, color, ancestry, religion, sex, national origin, sexual orientation, gender identity, age, marital or family status, disability, Veteran status, and any other status. Zwift is proud to be an Equal Opportunity Employer. If you have a disability or special need that requires accommodation, please let us know by emailing careers@zwift.com. 

Zwift, Inc. is an Equal Opportunity Employer.