Director of Information Security
Posted 2 months ago
As the leading independent modern media company, Vox Media ignites conversations and influences culture. Across digital, podcasts, TV, streaming, live events, and print, we tell stories that affect our audience's daily lives and entertain as much as they inform.
Our portfolio features influential and respected editorial properties including Vox, New York Magazine, The Verge, The Cut, Eater, Vulture, The Strategist, Polygon, SB Nation, Intelligencer, Curbed, Grub Street and Recode. Off-platform, the Vox Media Podcast Network offers one of the largest collections of popular podcasts, and Vox Media Studios produces and distributes the award-winning nonfiction shows. Powered by innovative technology that scales quality, the Chorus publishing platform and Concert advertising marketplace answer the always-changing needs of modern audiences, creators and marketers.
Vox Media has been named one of Fast Company’s “Most Innovative Companies in Media,” an Inc. “Company of the Year,” Digiday’s “Best Company for Parents,” and one of the Best Places to Work for LGBTQ Equality by the Human Rights Campaign.
About the role:
As Director of Information Security, you will be responsible for setting information security strategy, policy, standards, and risk management processes for both internal Corporate IT and Product offerings. The ideal candidate is expected to consistently provide excellent customer service to all employees and visitors to the Vox Media office. As Vox Media continues to grow, our Director of Information Security will play an essential role in enhancing the security and quality of Vox Media’s information assets. This role will report to the VP of IT, InfoSec, and Media Technology.
What you’ll do:
- Assess the security of Vox Media (VM) computers, networks, and data, as well as that of personal workstations that access and/or store data
- Review existing security mechanisms and policies
- Maintain regular contact with department liaisons to advocate and enforce best practices regarding the security of data and systems
- Partner with our Corporate Security and Legal teams to design and implement a risk and compliance roadmap and IT governance structure
- Ensure confidentiality, integrity, and availability of data at rest and in transit
- Work with Corporate Security personnel, IT, and Product team to establish, implement and maintain an information security program that supports VM’s use of information technologies in a distributed environment
- Coordinate the selection, installation, implementation, testing, and administration of information security software packages that will protect and monitor the integrity of data, application programs, computer operating systems, and communications networks
- Develop procedures to handle routine and crisis situations, including both operational, day-to-day 'Incident' response activities as well as unique, critical emergencies
- Organize a task force when necessary and acts as technical lead in investigations
- As necessary, work with Corporate security and law enforcement agencies to investigate security breaches
- Promote information security awareness to Editorial, department heads, and leadership, especially in regard to local, state, and federal regulatory conditions and changes affecting VM.
- Advise the Corporate security team and leadership with timely intelligence on security issues and/or events
- Oversee the periodic reviews of existing security awareness programs to ensure desired effectiveness
- Sponsor and conduct security lectures and training programs for the purpose of raising the awareness of responsibility to safeguard data entrusted to them
- Write position papers pertaining to data security
- Consult with the VM user community to learn and understand the spectrum of current and future security requirements to assist in security needs assessment of data and systems, and to coordinate effective centralized and distributed responses for these needs
- Perform risk analysis of new technologies
- Develop plans and budgets to meet these needs and requirements
- In conjunction with the Internal and external auditors, perform periodic audits to assure compliance with security policies and standards; and recommend enhancements in such areas as personnel, communication networks, data access, and confidentiality
What you’ll bring:
- Bachelor's Degree in Computer Science or related field
- 3+ years of experience as a leader in corporate Information Security
- 6+ years of experience in Information Security in a medium to a large company
- 10+ years of relevant work experience across product and IT organizations, including incident response, information privacy, security architecture and operations, disaster recovery, and access management
- Strong written and verbal communication and presentation skills
- Effective organizational and program management abilities
- Ability to cultivate strong and trusting relationships across Vox Media and its networks, at times with either the most vulnerable or most senior stakeholders
- Knowledge of and perspective on information security tools, current trends, and hot-spots
- An existing information security network you can leverage and benchmark with to ensure appropriate solutions are in place
- Experience with cloud and/or SaaS security best practices
- Experience implementing compliance programs addressing regulations including ISO, SOC, SOX, FIPS, PCI, and FISMA
- Industry certification (CISA, CIA, CISSP, CPA ), CISSP and CISM strongly preferred
- Media company experience preferred
- Experience leading information security at a high-growth start-up company preferred
About working at Vox Media:
This is a permanent, full-time position with excellent benefits—including flexible hours and generous parental leave. Vox Media strives to provide comprehensive healthcare options for our employees and to ensure that our healthcare and other benefits are LGBTQ-inclusive. You'll be joining a group of focused, hard-working, creative people who are passionate about doing work that's challenging and fun—and who strive to maintain a healthy work/life balance.
Vox Media is committed to building an inclusive environment for people of all backgrounds and everyone is encouraged to apply. Vox Media is an Equal Opportunity Employer and does not discriminate on the basis of race, color, gender, sexual orientation, gender identity or expression, religion, disability, national origin, protected veteran status, age, or any other status protected by applicable national, federal, state, or local law.