Director of Information Security
San Francisco San Francisco, California 94133
Title of Job: Director of Information Security
Company Description: Ecommerce platform
Location: San Francisco
SF based mega Ecommerce platform is looking for a Director of Information Security to develop security strategies and programs as they continue in accelerated growth. This leader will have a strong background in information security to take responsibility for the following initiatives:
- Develop an information security strategy aligned with business goals and objectives.
- Align information security strategy with corporate governance.
- Establish a process for information asset classification and ownership.
- Implement a systemic and structured information risk assessment process.
- Identify current and potential legal and regulatory requirements affecting information security.
- Specify the activities to be performed within the information security program.
- Manage internal and external resources (e.g., finances, people, equipment, systems) required to execute the information security program.
- Ensure that processes and procedures are performed in compliance with the organization’ s information security policies and standards.
- Ensure performance of contractually agreed (i.e. with joint ventures, outsourced providers, business partners, customers, third parties) information security controls.
- Develop and implement processes for preventing, detecting, identifying, analyzing and responding to information security incidents.
- Establish escalation and communication processes and lines of authority.
- CISA, CISSP, or CISM certification(s).
- AWS/Cloud experience required.
- B.S. degree or equivalent. Business, Computer Science, Information Assurance, Information Security, or Information Systems a plus.
- Min 7 years of experience in information security, at least 5 years of experience working in an I.S. Security management role in a large, multi-platform I.S. computing environment.
- Deep knowledge of regulatory/compliance requirements.
- Direct support for Security Information Event Management products, enterprise logging + developing & managing correlation rules, filters, trends, and reporting.
- Experience with operation of large enterprise security management tools such as IDS/IPS, DLP, WAF, firewalls, NAC, etc.
- Experience with Threat Intelligence, Threat Analysis and Incident Response.
- Demonstrated ability to build bridges between I.T., Development, Accounting, Marketing, Sales, and Support teams.
- Strong understanding of the full SDLC and deployment of applications with adherence to security standards.
Reports to: VP of Engineering