Director of Information Security
Wistia is looking for a Director of Infosec to ensure that we're building a product and organization that's secure by design, as we make business more human with a suite of video-focused innovations.
Responsible disclosure: we think about security a bit differently at Wistia. We're not looking for someone to implement a bunch of best practices and police them, nor a risk eliminator, nor a formal authority who checks a box. We're looking for someone who will think critically about our business goals to determine the most risk-appropriate ways to achieve them; a pragmatist who takes security seriously while acknowledging that policies and practices have real tradeoffs; a thoughtful expert who knows that certifications and industry standards are no substitute for deep contextual understanding and sound judgment.
As Director of Infosec, you will be responsible for ensuring we:
- Educate our employees -- at all levels -- with helpful and relevant security and data privacy trainings.
- Vet vendors, subprocessors and any other third parties who may handle sensitive data on our behalf.
- Derive maximal benefit from white hat security researchers via bug bounties and other programs.
- Have clear, practical processes for handling breaches, data loss, and natural disasters.
- Proactively monitor for and respond to urgent issues and CVEs that would otherwise put us at risk.
- Design, codify, and implement a company security policy that protects us while enabling us to achieve our goals.
- Understand our customers’ security concerns, and address them through action or explanation.
You will work with our most senior leaders to help drive strategic discussions like:
- Whether and when we should become SOC2 compliant.
- How to manage devices in a way that provides both privacy for employees and security for the company.
- What forms of background checks are most appropriate, relevant, and helpful, given Wistia's needs and risks.
You'll fit in great for this role if you:
- Take pride in enabling others to meet their goals in ways that are secure by design.
- Are a creative problem solver and first principles thinker.
- Are adept at identifying flawed assumptions, and proactive but courteous in pointing them out.
- View security as a company-wide concern, not just an IT or engineering problem -- and are excited to help everyone at Wistia understand this.
- Would feel incredibly proud to look back on a year's work, and have leveled up all employees' understanding of security concerns that are relevant to their respective areas.
- Understand the importance of communicating the "why" behind security work (it's much easier to change behavior by showing folks how a policy is helpful, than it is to merely insist that it is helpful).
- Are familiar with consumer privacy regulations (GDPR, CCPA, etc.)
You won't be a fit for this role if you:
- View security as being largely about policing -- pushing back, clamping down, needing to approve things, etc.
- Rely on formal authority to get groups to arrive at appropriate decisions.
- Can't cite examples of recommendations you've made that go against common industry practices.
Your success will be assessed according to:
- Fulfillment of the items you're responsible for, as mentioned above.
- Helping drive the strategic discussions mentioned above, by bringing clarity of costs, benefits, and tradeoffs therein.
- Identifying our strengths, weaknesses, opportunities, and threats as they pertain to security and privacy, and building a sensible roadmap to make progress on them.
- Whether stakeholders can do their jobs with improved awareness and confidence in the security aspects of their decisions.
We try to ensure Wistia is an inclusive and diverse place where everyone feels happy, fulfilled, respected, comfortable, and welcome. We’re proud to be an equal opportunity workplace. We care a lot, so our benefits are actually benefits, not just the fun stuff like swag and snacks in the office (though we also have lots of those too!).
We know the biggest investment we can make is in our employees, so we provide:
- A great compensation package
- 401k with 3% company contribution, regardless of whether you contribute
- Profit Sharing!
- Stock Options
- Flexible hours
- Fully paid healthcare coverage for you and your family (including dental) and a healthcare FSA
- Up to 16 weeks paid family leave
- Flexible vacation and sick leave
- Transportation subsidies
Wistia is a hybrid in-person/remote company. Engineers can work from our beautiful office in Cambridge, MA, or anywhere in the continental US.
Other jobs like this
Director of Application and Product Security (Remote)Application security CCPA NIST Penetration testing Privacy Product security Risk management SDLC Strategy Vulnerability management
Career development Flex vacation Health care Medical leave
Explore more Cyber Security career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cybersecurity in general, filtered by job title or popular skill, toolset and products used.
- Open Cyber Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Penetration Tester jobs
- Open Senior DevSecOps Engineer jobs
- Open Application Security Engineer/Architect jobs
- Open Senior Security Operations Engineer jobs
- Open Cyber Threat Intelligence Analyst jobs
- Open Staff Security Engineer jobs
- Open Head of Information Security jobs
- Open Lead Security Engineer jobs
- Open SOC Analyst jobs
- Open Cyber Security Analyst jobs
- Open Information System Security Officer (ISSO) jobs
- Open Cybersecurity Engineer jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Cloud Security Automation Specialist jobs
- Open Senior Threat Intelligence Analyst jobs
- Open Offensive Security Engineer jobs
- Open Information Security Officer jobs
- Open Cloud Security Operations Lead jobs
- Open Azure Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open DevOps-related jobs
- Open Application security-related jobs
- Open Analytics-related jobs
- Open Audits-related jobs
- Open PCI-related jobs
- Open OWASP-related jobs
- Open Threat intelligence-related jobs
- Open Clearance-related jobs
- Open Security assessments-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open Splunk-related jobs
- Open Ruby-related jobs
- Open CEH-related jobs
- Open Encryption-related jobs
- Open CISM-related jobs
- Open GDPR-related jobs
- Open Agile-related jobs
- Open Open Source-related jobs
- Open Threat detection-related jobs
- Open OSCP-related jobs
- Open Intrusion detection-related jobs
- Open Machine Learning-related jobs
- Open DevSecOps-related jobs