Information Security Program Lead
New York City / Remote
Sotheby's
Sotheby's is the premier destination for auctions and private sales of Contemporary, Modern & Impressionist, Old Master Paintings, Jewelry, Watches, Wine, Decorative Arts, Asian Art & moreABOUT SOTHEBY'S
Established in 1744, Sotheby’s is the world’s premier destination for art and luxury. Synonymous with innovation, Sotheby’s promotes access, connoisseurship and preservation of fine art and rare objects through auctions, private sales and retail locations. Our trusted global marketplace is supported by a network of specialists spanning 40 countries and 50 categories, which include Contemporary Art, Modern and Impressionist Art, Old Masters, Chinese Works of Art, Jewelry, Watches, Wine and Spirits, and Interiors, among many others.
THE ROLE
Sotheby’s Information Security team is undergoing an exciting and strategic transformation and we are looking for a dynamic program lead to join the team. The Information Security team is challenging the industry status quo and is not satisfied doing things “the way they’ve always been done.”
This position will work very closely within Information Security as well as Cross Functional teams in ensuring the success of the first ever information security program at Sotheby’s. The Program Lead is accountable for the implementation of OKRs, KRIs to track the implementation of the Information Security policy framework and processes that will protect Sotheby’s data.
RESPONSIBILITIES
You will serve as a central point of contact for Information Security & IT and ensure operations and strategy are working as planned. Your main function will be to work with the primary stakeholders and help develop and implement programs that will mature Sotheby’s Information Security and IT Programs. You'll collaborate with product, engineering, and business operations teams to prioritize and manage security & IT initiatives, coordinate work, create new processes and mature existing workflows.
What You Get To Do Every Day:
- Provide support with strategic planning and daily initiatives.
- Act as a key point of contact with IT management, information security management and business unit stakeholders for cybersecurity and IT related projects.
- Assist with program roadmaps and communications disseminated throughout the organization.
- Work in tandem with the CISO and other technology leaders on financial planning and analysis, and additional fiduciary responsibilities.
- Monitor all information security and IT projects and procurement from inception to successful completion, fully understanding the purpose of projects, technologies and their value-add to the organization.
- Work with information security management to help define key performance indicators (KPIs) and metrics that align with business initiatives and deliver to non-technical individuals.
- Support security governance process across the business in conjunction with an information security steering committee and advisory board.
- Provide effective, hands-on technical program management to drive completion of initiatives across multiple business functions
IDEAL EXPERIENCE & COMPETENCIES
- 5+ years of relevant work experience in Information Security, or Information Risk project/program management
- Bachelor’s Degree
- Experience with SAP, cloud platforms (AWS, Azure, GCP, Salesforce), SaaS, SSO (Okta, OAuth, etc), CASB, DLP, vulnerability management software
- Prior experience with technical business applications, knowledge of IT infrastructure and IT risks and controls preferred
- Knowledge of IT regulatory and compliance requirements strongly preferred
- Desired certifications, one or more of the following: CISSP, CISM, CISA, CIA, CRISC.
Preferred Experience:
- Has knowledge of information security frameworks, best practices, and regulations (GDPR, PCI, CIS, NIST CSF, etc.)
- Possesses one or more information Security certifications (CISSP, ISA, ISACA, SANS, etc.)
- Has public cloud (AWS/Azure/GCP) information security experience
- Leads with a growth mindset and question the information security status-quo & ‘security theater’ that may be found elsewhere
- Has one or more relevant professional certifications (CISSP, SANS, CISM, or other) and will continue to grow and achieve professional goals.
- Has demonstrated successful experience in a related area, such as security engineering or operations, management consulting, or management and has the ability to discuss and articulate more technical and complex security topics (in addition to risk management concepts and the process of risk assessments).
- Has confidence in their expertise, but also knows who to look to for help. Achieving greater skill sets and expanding their understanding of security control techniques should be an on-going goal.
- Understands they must gain experience in other areas of technical or operational engineering. Ongoing education to maintain their certs and challenge their expertise will motivate this person.
- Understands workload management including understanding and seeking help prioritizing. They help others on the team that may need their leadership, but their leadership qualities enable them to also lead people outside of their team or department.
- Is able to communicate reports to coworkers in any department and help them understand proper information security controls, especially to non-technical team mates
- They help coworkers figure out good security controls without compromising ethics or introducing unacceptable risk.
To view our Candidate Privacy Notice for the US, please click here.
To view our Candidate Privacy Notice for the UK, Hong Kong, France and Switzerland, please click here.
The Company is an equal opportunity employer and considers all applicants for employment without regard to race (including, without limitation, traits historically associated with race, such as natural hair, hair texture, and protective and treated or untreated hairstyles), color, creed, religion, sex, sexual orientation, marital or civil partnership/union status, national origin, age, disability, pregnancy, genetic predisposition, genetic information, reproductive health decision, sexual orientation, gender identity or expression, alienage or citizenship status, domestic violence victim status, military or veteran status, or any other characteristic protected by federal, state/province or local law. The Company complies with applicable state and local laws prohibiting discrimination in employment in every jurisdiction in which it operates.
Tags: AWS Azure CIA CISA CISM CISSP Cloud Compliance CRISC GCP GDPR Governance ISACA IT infrastructure KPIs NIST OKR Okta Privacy Risk assessment Risk management SaaS SANS SAP SSO Strategy Vulnerability management
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs