Director, Information Security
Who we are: Founded in 2001, Vivid Seats (NASDAQ: SEAT) is a leading online ticket marketplace committed to becoming the ultimate partner for connecting fans to the live events, artists, and teams they love. We believe in the power of experiences and are fiercely dedicated to building products that inspire human connections. Named as one of Built In Chicago's top 10 places to work in 2021, we believe that our People are our greatest competitive advantage. To support our People, we have built a company culture that empowers our employees to embrace challenges, encourages unity through collaboration, and seeks to constantly evolve by leveraging data and inspiring innovation.
The Opportunity:
As the Senior Manager, Information Security, you will lead a team of engineers responsible for responsible for maturing the information security program and ensuring the confidentially, integrity, and availability of all corporate assets and data. This role is responsible over the security and controls for a wide variety of cloud platforms and technologies that impact all Vivid Seats teams as well as the operations of many of the mission-critical operations that support our marketplace operations. We are looking for a leader who can be hands on if needed and has experience building and leading highly technical and operations focused security teams.
In this role, you will manage and mature information security policies and practices, governance and reporting, training and awareness, vulnerability and risk assessment and remediation, and business continuity. You will work closely with teams across the organization to implement a consistent security strategy and vision. The position is charged with the responsibility for building and enhancing a security conscious culture and infrastructure that melds well with a fast-paced and growing technology company.
How your role contributes to the success of Vivid Seats:
- Develop, coach, and retain engineers in a high-performing engineering team, capable of operating in and responding to security incidents, as well as our internal and external stakeholder needs.
- Participate in hiring initiatives to attract, screen, and hire new engineering talent.
- Plan and drive complex initiatives and act as a technical subject matter expert in security design, architecture, implementation, deployment, and support for all security operations.
- Lead efforts to continually modernize and integrate our security tooling into our SDLC and CI/CD processes.
- Utilize a consistent IT controls approach to ensure that our business and technology operations align to required industry and compliance controls (such as PCI, GDPR, CCPA, IT SOX, SOC 2, SSAE-16).
- Lead a team to monitor, troubleshoot, maintain, and continuously improve our threat attack surface thru patching, monitoring, proactive response, and effective incident management.
- Identify and deliver infrastructure and platform projects aimed at improving uptime, security, availability, capacity, cost-effectiveness, and performance
- Promote development best practices such as BDD, TDD, and pair programming in a fast-paced Agile environment
- Ensure that project/department milestones/goals are met and managed to budgets.
- Help us in our goal of building the Vivid Seats brand as a technology and security leader throughout the United States and Canada.
- Demonstrate a security posture that is best in class for our industry; and helping to unlock the full potential of our business opportunities.
How your role expectations will progress as a Information Security Manager/Senior Manager in the first 30, 90, and 180 days:
30 days in
- Acclimate to Vivid Seats' values and organizational goals to understand how your department drives initiatives forward.
- Learn how ticket marketplaces operate and how you'll contribute to providing great experiences for our customers.
- Understand your teams' contributions and the needs of stakeholders that rely on your deliverables to bring business objectives to life.
- Set weekly touch points with direct reports to understand their role, motivations, and needs, building trust and leading with empathy.
- Develop basic understanding of applications, tech stack, security operations, and development.
- Review and understand the project roadmap and operations processes currently in place for the team.
- Complete 1-1 meetings with Infrastructure and Software managers to understand their roles, priorities, and needs, building trust and a spirit of comradery.
- Complete 1-1 meetings with key business stakeholders (Legal, HR, Operations) to understand their roles, priorities, and risks.
- Review current audit documentation and reports.
- Prepare initial observations and recommendations for your vision of the Information Security function.
90 days in
- Empower and coach team members to achieve personal and functional goals that correlate to department objectives.
- Develop and lead initiatives for your team that enhance process, drive innovation, and build on Vivid Seats values.
- Establish improved processes for operationalizing platform management to reduce downtime, improve security, and effectively manage cost.
- Coordinate with the recruiting team to build a pipeline of qualified candidates to help fill out your team.
- Partner with business and technology leadership to build out a roadmap for functionality that supports our strategic goals over the coming year.
- Identify strategic partners and solutions that may require replacement and introduction to our security environment.
- Establish a proposed set of security related metrics and performance measurements for the security function.
180 days in
- Monitor and evolve team deliverables, individual goals, and overall performance to ensure alignment with broader initiatives of your department and the organization while coaching your team to grow skill sets.
- Collaborate with stakeholders to accurately prioritize and refine processes that yield best practices.
- Meaningfully contribute to department roadmap exercises that balance current needs with future strategic initiatives.
- Onboard more engineers, analysts, and partners to your team and build career development plans for them.
- Own business-facing communications regarding your team's progress and accountability for your team's engineering KPIs and security KRIs.
- Lead the way for the security team by developing and executing on a thoughtful and flexible security roadmap.
What You'll Bring:
- Demonstrate strong problem analysis problem resolution and decision-making and a growth mindset
- Minimum 8+ years of combined experience in information security, technology, risk management, and corporate compliance that must include experience with Internet technology and security issues.
- Must be passionate about technology and information security.
- Must have extensive knowledge of current and upcoming IT security technologies and techniques that cover all levels of IT architecture, including those that affect business processes, data, applications, and network systems and infrastructure.
- Experience with adopting information security frameworks, such as the National Institute of Standards and Technology: NIST 800-53 and the Cybersecurity Framework, and their practical implementations into fast-paced ecommerce organizations.
- Strong grasp on cloud-based infrastructure, products, and services, and their relevant security best practices.
- Experience leveraging and securing Amazon Web Services.
- Knowledge of the Payment Card Industry Data Security Standard.
- Knowledge of disaster recovery and business continuity principles and practices.
- Expertise in intrusion detection systems, security solution deployment strategies, management, and vulnerability assessments.
- Must have a good understanding of current encryption standards and implementations.
- Extensive experience in incident response management, cross-functional team coordination, and security operations.
- Extensive ability to collaborate and to build and retain high performing teams.
- Ability to weigh business risks and enforce appropriate IT security measures while maintaining the speed of delivery that is inherent in a fast-paced technology company.
Our Commitment:
We are an equal opportunity employer that values the critical importance of a diverse workforce and sense of belonging. Many of our roles have flexible requirements and we encourage you to apply regardless of whether you meet every qualification.
Vivid Seats provides competitive compensation; bonus incentives and equity for all employees; FLEX PTO; mental health days; medical, dental, and vision insurance; 401K matching; monthly credits and discounts for attending live events; remote work and snack allowances; and a variety of additional workplace perks.