Director, Cyber Security

For other positions, some roles may be based outside of our Denver office (as stated in the Job Title). Roles based outside of our Denver office can sit in any of the following 28 states: AZ, CA, CO, CT, DC, FL, GA, ID, IL, KS, MA, MD, MI, MN, NC, NJ, NV, NY, OH, OR, PA, SC, TN, TX, UT, VA, WA, and WI. Please only apply if you are able to live and work full-time in one of the states listed above. State locations and specifics are subject to change as our hiring requirements shift.

----

At Guild, we uphold our Core Values in everything we do.  Our team emphasizes our Core Values in the following ways:

• Nurture A Learner’s Mindset - using a combination of feedback and reflection to gain productive insight into personal strengths and development areas
• Build Shared Success - building partnerships and working collaboratively with others to meet shared objectives
• Be an Owner - holding self and others accountable to meet commitments
• Create Belonging - recognizing the value that different perspectives and cultures bring to our company

You will be a leader within our application security team. The goal of Guild Education’s application security program is to ensure that software engineering teams across the company are enabled to securely design, build, test, and maintain the applications that power our business. Our guiding principle is to pave roads and enable our engineers to deliver secure software with minimal friction, supporting their work across the entire Secure Development Lifecycle (SDL). We take a customer-service oriented approach to support, mentor, and empower our engineers to do the right things without friction or slowing them down.

We feel passionately about equal pay for equal work, and transparency in compensation is one vehicle to achieve that. Total compensation for this role is market competitive, including a base salary range of $190,000-$220,000 as well as company stock options.

As a Director of Risk and Privacy, you will:

• Drive the implementation of high-impact projects crafted to operationalize Cyber Security Operations and AppSec commitments
• Partner closely with our privacy, risk, compliance, product, software engineering, information technology and other business teams on cyber and application security and data security-related matters, emphasizing the importance of privacy while delivering practical and business-minded legal advice
• Develop and automate processes to scale efficiencies for Cyber Security and AppSec controls
• Develop and iterate on Cyber Security and AppSec, policies, procedures and guidelines
• Work collaboratively and lead multi-functional projects related to Cyber Security and AppSec and privacy by design
• Improving and maturing Cyber Security and AppSec practices across the enterprise through the development of requirements defined in standards and procedures
• Lead and report out on key Cyber Security and AppSec controls
• Develop Cyber Security and AppSec metrics and monitoring, reporting, and insights
• Provide Cyber Security and AppSec consultation to lines of businesses and staff groups on conducting threat assessments, developing mitigation plans, handling operational losses, compliance management, and other risk management and control activities
• Lead all aspects of Cyber Security and AppSec awareness and the Security Champions program
• Lead the vulnerability management program for both cloud infrastructure and software development
• Own the ongoing prevention and detection of attacks against both the primary applications and the office environments
• Point out common areas in web and mobile applications to software engineering leadership where developers need to be particularly conscious of security risks; Provide clarity for how to mitigate the risk on common web stacks
• Understand emerging threats and provide risk reduction strategies for Guild
• Identify, measure, manage, and fill tactical and strategic intelligence gaps at each level through circumspect analysis and fusion of external intelligence from peers and security vendors
• Experience with AWS Well Architected, ISO 27001, NIST 800-53 preferred

Responsibilities:

• Improve and conduct threat models on existing and new applications and services
• Develop and lead threat modeling training, workshops, and collaborative sessions for a wide array of cloud-based products and services. 
• Champion threat modeling practices within the development teams, promoting best industry practices.

Requirements:

• 10+ years industry experience in secure development/application security and Cyber Security Operations
• Proficiency in one or more of modern programming languages preferred
• Prior leadership of security design reviews, threat modeling, and defining security requirements
• Hands-on experience with one or more application security testing tools (SAST, SCA, IAST, DAST)
• Intimate knowledge of OWASP Top 10 Vulnerabilities, mitigations, and their impact on application architecture
• Hands-on experience with rapid risk assessment and threat modeling in an agile environment
• Hands-on experience with DevOps CI/CD tools such as Circle CI, GitHub Actions
• 6+ years experience in web application security and SSDLC practices
• Excellent engineering-level understanding of web applications, web servers, layer 7 application technologies

Preferred Qualifications:

• Solid understanding of AWS Well Architected Framework and Cloud native application development standard methodologies
• Experience with securing containers, kubernetes, and AWS Lambda functions
• Experience with OWASP Application Security Verification Standards (ASVS)
• Experience with AWS Serverless Application Model (SAM)
• Experience with infrastructure as code scanning tools
• Working hands on in both ECS and Kubernetes cluster deployment
• Hands on experience in MicroServices architecture and security control in such environment
• Prior experience in defining and driving the creation of a security champions program

Other Soft skills:

• You are a superb communicator who can explain technical issues and risks to a broad, non-technical audience.
• You work well with engineering, legal, security, devops, product, executives, and others.
• You tailor your communication style, level of detail, and approach based on the audience.
• Enjoys working directly with software engineers, including in new languages and tool chains
• You enjoy being a strong collaborator and can influence technical teams, and you take them along with you.
• You operate effectively across teams and disciplines even in highly ambiguous situations.
• You have built inclusive team culture and look forward to doing so again with Guild. 

At Guild, we unlock the talent and economic potential of America’s workforce for employees and their companies. We partner with the nation’s largest employers—including Walmart, Chipotle, Discover, Hilton, Macy’s, Target, and The Walt Disney Company—to create cultures of opportunity that help them attract and retain top talent, while building the workforce of the future from within. By using our proprietary Career Opportunity Platform to develop education and learning programs that work in the real-world, thousands of employees at those companies have gained the skills, knowledge, and guidance they need to build a brighter future for themselves and their families—all without paying for tuition or career services on their own. 

Guild is female-founded and a certified B Corp. The company has been named to the TIME100 Most Influential Companies of 2022 list, CNBC Disruptor50 list three years in a row, Inc. Best Led Companies list, Fast Co. World Changing Ideas list and the B Lab Best for the World list among many others. 

Guild Education is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. If you have a disability or special need that requires accommodation, please let your recruiter know. We currently offer the following benefits:

• Access to low-cost, high-quality health care options through Cigna and Kaiser (due to coverage limitations, Kaiser is currently only available in CA & CO)
• Access to a 401k to help save for the future
• Open vacation policy for employees to rest and recharge
• 8 days of fully-paid sick leave, to take the time to heal and or recover
• Family-friendly benefits, including 12 weeks of parental leave for non-birthing parents and 18-20 weeks for birthing parents; 4-week ramp-up period for when employees return from a leave of 6 weeks or more; as well as employer-paid short-term and long-term disability, employer-sponsored life insurance, fertility and caregiving benefits.
• Well-rounded wellness benefits including free and low cost mental health resources and financial wellbeing support services
• Education benefits and tuition assistance to help your future development and growth
  
  

Guild requires COVID-19 vaccines for all employees and guests attending Guild events or entering Guild offices. As of February 1, 2022, we will be expanding our in-person vaccination requirement to include booster shots.  We will be using both Clear’s Digital Vaccine Card and state-sponsored vaccine passports to verify proof of vaccine. Accommodations or exceptions fcan be requested for medical or religious reasons. 

 

PRIVACY NOTICE

I understand that I am applying for employment with Guild Education and am being asked to provide information in connection with my application.  I further understand that Guild gathers this information through a third-party service provider and that Guild may also use other service providers to assist in the application process.  Guild may share my information with such third-party service providers in connection with my application and for the start of employment.  Guild will treat my information in accordance with Guild’s Privacy Policy.

I have reviewed and agree to Guild’s Privacy Policy as well as the privacy policies of the third-party service providers used by Guild associated with the application process.