Director of Information Security
Cambridge, MA
Wistia
Wistia is the video marketing platform for business. Create, host, market, and measure video content with our collaborative tools, and thrive with video.Wistia is looking for a Director of Infosec to ensure that we're building a product and organization that's secure by design, as we make business more human with a suite of video-focused innovations.
Responsible disclosure: we think about security a bit differently at Wistia. We're not looking for someone to implement a bunch of best practices and police them, nor a risk eliminator, nor a formal authority who checks a box. We're looking for someone who will think critically about our business goals to determine the most risk-appropriate ways to achieve them; a pragmatist who takes security seriously while acknowledging that policies and practices have real tradeoffs; a thoughtful expert who knows that certifications and industry standards are no substitute for deep contextual understanding and sound judgment.
As Director of Infosec, you will be responsible for ensuring we:
- Educate our employees -- at all levels -- with helpful and relevant security and data privacy trainings.
- Vet vendors, subprocessors and any other third parties who may handle sensitive data on our behalf.
- Derive maximal benefit from white hat security researchers via bug bounties and other programs.
- Have clear, practical processes for handling breaches, data loss, and natural disasters.
- Proactively monitor for and respond to urgent issues and CVEs that would otherwise put us at risk.
- Design, codify, and implement a company security policy that protects us while enabling us to achieve our goals.
- Understand our customers’ security concerns, and address them through action or explanation.
You will work with our most senior leaders to help drive strategic discussions like:
- Whether and when we should become SOC2 compliant.
- How to manage devices in a way that provides both privacy for employees and security for the company.
- What forms of background checks are most appropriate, relevant, and helpful, given Wistia's needs and risks.
You'll fit in great for this role if you:
- Take pride in enabling others to meet their goals in ways that are secure by design.
- Are a creative problem solver and first principles thinker.
- Are adept at identifying flawed assumptions, and proactive but courteous in pointing them out.
- View security as a company-wide concern, not just an IT or engineering problem -- and are excited to help everyone at Wistia understand this.
- Would feel incredibly proud to look back on a year's work, and have leveled up all employees' understanding of security concerns that are relevant to their respective areas.
- Understand the importance of communicating the "why" behind security work (it's much easier to change behavior by showing folks how a policy is helpful, than it is to merely insist that it is helpful).
- Are familiar with consumer privacy regulations (GDPR, CCPA, etc.)
You won't be a fit for this role if you:
- View security as being largely about policing -- pushing back, clamping down, needing to approve things, etc.
- Rely on formal authority to get groups to arrive at appropriate decisions.
- Can't cite examples of recommendations you've made that go against common industry practices.
Your success will be assessed according to:
- Fulfillment of the items you're responsible for, as mentioned above.
- Helping drive the strategic discussions mentioned above, by bringing clarity of costs, benefits, and tradeoffs therein.
- Identifying our strengths, weaknesses, opportunities, and threats as they pertain to security and privacy, and building a sensible roadmap to make progress on them.
- Whether stakeholders can do their jobs with improved awareness and confidence in the security aspects of their decisions.
About Wistia
We try to ensure Wistia is an inclusive and diverse place where everyone feels happy, fulfilled, respected, comfortable, and welcome. We’re proud to be an equal opportunity workplace. We care a lot, so our benefits are actually benefits, not just the fun stuff like swag and snacks in the office (though we also have lots of those too!).
We know the biggest investment we can make is in our employees, so we provide:
- A great compensation package
- 401k with 3% company contribution, regardless of whether you contribute
- Profit Sharing!
- Stock Options
- Flexible hours
- Fully paid healthcare coverage for you and your family (including dental) and a healthcare FSA
- Up to 16 weeks paid family leave
- Flexible vacation and sick leave
- Transportation subsidies
Location/Remote Opportunities
Wistia is a hybrid in-person/remote company. Engineers can work from our beautiful office in Cambridge, MA, or anywhere in the continental US.
Perks/benefits: 401(k) matching Equity Flex hours Flex vacation Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open Windows-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open IPS-related jobs
- Open CEH-related jobs