|
Director, Information Security - Washington DC
Company: Highland Capital Europe Location: Washington, DC
Posted On: 05/05/2024
At Zwift IT, we are constantly improving our security posture. Currently, we are looking for a Director, Information Security to be a key member of the IT Leadership Team. -This role is critical to leading and transforming our security programs to keep up with the threat landscape and partnering across the Zwift in this critical area. The candidate is expected to have broad practical implementation knowledge of designing and running information security programs, building, and scaling large security capabilities, and working across organizational boundaries and with executive leadership to shape the security strategy to ensure our promises to customers in every interaction. The Director of Information Security will drive and support the security policies, practices, procedures, and technologies required to ensure the protection of our networks, systems, applications, data, and products. S/he will ensure operational risk management efficiencies are achieved across the enterprise and will develop, document, and operate controls maximizing risk mitigation, which are compliant with target industry regulations including ISO27K/NIST CSF, PCI DSS, SOX, GDPR, and CCPA. To be successful you not only are great at defining a vision, but you are equally great at executing that vision. This position will report directly to the Vice President of Information Technology. What you'll do: - - Establishes and maintains the Enterprise Security vision, strategy, and program to ensure information assets and technologies are adequately protected
- Provides leadership to develop and execute an enterprise information security strategy and roadmap. Aligns with enterprise business strategy, gains executive approval and support, and oversees the successful execution
- Works with Zwift development and infrastructure teams to identify and remediate application and infrastructure-related vulnerabilities -through findings and remediations
- Develops and employs an ongoing information security communications, training, and awareness program tailored to the evolving needs of the business and the specific requirements of various user groups.
- Ensures Identity and Access reviews are performed periodically and follows through on findings and remediations
- Defines Objectives and Key Results (OKRs), strategic risk indicators, and metrics/scorecards to understand current health and drive insights into future focus areas for the team before issues occur/risks are realized.
- Prepares, maintains, and communicates security procedures and documentation including incident response procedures
- Collaborates cross-functionally, including with engineering, legal, product, and IT teams, to build and strengthen information security and privacy across our service and infrastructure
- Responsible for security operations, including threat prevention, detection, and incident response strategy to include a formalized incident response process, declaring security incidents, coordinating and assisting in the investigation of potential incidents, assisting in the recovery from attacks, coordinating with legal, compliance, and other stakeholders, law enforcement agencies (where applicable), and developing the post-response control strategy
- Works closely with and provides technical expertise to compliance, business units, and supporting departments in the implementation, certification, and maintenance of compliance standards (E.g., NIST CSF/800-171/CMMC, ISO 27001/ISO27701, SOX, PCI/DSS, GDPR, CCPA, etc.)
- Develops, trains, and mentors the Information Security team to grow their technical and professional capabilities What you'll have:
|
|