Director of Information Security
The Opportunity:
The Director of Information Security (InfoSec), reporting to the Chief Technology Officer, is responsible for establishing an information security program and ensuring the confidentially, integrity, and availability of all corporate assets. This head of InfoSec will manage and mature information security policies and practices, governance and reporting, training and awareness, vulnerability and risk assessment and remediation, and business continuity. The role will work closely with teams across the organization to implement a consistent security strategy and vision. The position is charged with the responsibility for building a security conscious culture and infrastructure that melds well with a fast-paced technology company.
Director of Information Security Duties
- Establish a comprehensive information security program ensuring the confidentiality, integrity, and availability of all corporate assets.
- Create and manage Information Security policies for compliance with applicable regulations and for management of business risk.
- Collaborate with executives (e.g. engineering, IT, HR, legal) to prioritize security initiatives and spending, and to assign responsibilities and accountability for initiatives.
- Define roles and resources needed for the security team to execute the information security program.
- Manage an annual security budget for security team resources and vendors.
- Build, recruit, coach, and retain a high performance security team.
- Execute security initiatives by managing the security team, vendors, and internal projects.
Security Team Responsibilities
- Audit systems internally and for regulatory
- Evaluate new/existing technology and services for security concerns, risks, and fit with overall security strategy.
- Manage security incidents and events to protect corporate information technology (IT) assets, intellectual property, fixed assets, and the company's reputation.
- Promote security awareness and education across the company.
- Detect and mitigate vulnerabilities within departments across the organization.
- Provide security solutions and guidelines to other business units in support of InfoSec policies.
To be successful, you'll need:
- Minimum 10+ years of combined experience in information security, technology, risk management, and corporate compliance that must include experience with Internet technology and security issues.
- Must be passionate about technology and information security.
- Must have extensive knowledge of current and upcoming IT security technologies and techniques that cover all levels of IT architecture, including those that affect business processes, data, applications, and network systems and infrastructure.
- Experience with the evaluation and adoption of information security frameworks, such as the International Organization for Standardization's standards: ISO/IEC 27001, and the National Institute of Standards and Technology: NIST 800-53 and the Cybersecurity Framework, and their practical implementations into fast-paced ecommerce organizations. Experience with ISO27017 and ISO 27018 a plus.
- Strong grasp on cloud-based infrastructure, products, and services, and their relevant security best practices.
- Experience leveraging and securing Amazon Web Services.
- Must have a good understanding of current local, state, federal, and international privacy laws.
- Extensive knowledge of the Payment Card Industry Data Security Standard.
- Knowledge of disaster recovery and business continuity principles and practices.
- Expertise in intrusion detection systems, security solution deployment strategies, management, and vulnerability assessments.
- Must have a good understanding of current encryption standards and implementations.
- Extensive experience in incident response management, cross-functional team coordination, and security operations.
- Extensive ability to collaborate and to build teams.
- Ability to weigh business risks and enforce appropriate IT security measures while maintaining the speed of delivery that is inherent in a fast-paced technology company.
Education:
- A. or B.S. in Computer Science, Information Management, or relevant field.
- Certified Information Systems Security Professional (CISSP)
- Certified Cloud Security Professional (CCSP)
What We Offer:
Vivid Seats is the largest independent online ticket marketplace, sending tens of millions of fans to live events every year. Experiences Matter- which is why we continue to grow year over year. Working at Vivid Seats puts you front and center at the opportunity to scale our best in class platform that allow our fans to sit closer and experience more.
At Vivid Seats, you will have the opportunity to work with the flexibility and speed of a startup; while operating at massive, profitable scale. We keep our teams lean, allowing each and every employee direct accountability to creating a positive ticket buying experience. We are relentless and move quickly to release new features and content to our applications. Good ideas are heard and implemented, and hard work rewarded. Being a part of our team means having the ability to drive impact and own the innovation that connects our tens of millions of unique monthly users to the memorable experiences that only live events create.
We are passionate about creating memorable experiences for our fans and the best in class experience for our employees. Vivid Seats offers competitive compensation levels, individual and team-based bonus opportunities, generous benefits package and Flex PTO policy plus a variety of workplace perks. The most exciting one: We offer our employees $100 worth of credits each month to spend on Vivid Seats tickets along with promotional discounts. At the heart of it, we are all fans of great live events. We want to help you get there more often.
Location:
111 N Canal Suite #800
Chicago, IL 60606
#LI-TA1