Who we are
Our vision is of a global community of individuals empowered to pursue the work they love. Our mission is to grow that community by transforming millions of thinkers into creators.
Since 2011, General Assembly has transformed tens of thousands of careers through pioneering, experiential education in today’s most in-demand skills. As featured in The Economist, Wired, and The New York Times, GA offers training in web development, data, design, business, and more, both online and at campuses around the world. Our global professional community boasts 40,000 full- and part-time alumni — and counting.
GA has a remote-friendly culture with offices around the world. Our headquarters are located in New York City. Twice a year, the entire Product team gets together in New York for a week of team building, workshops, lightning talks, urban adventures, and an epic hackathon.
Who you are
As General Assembly’s foremost Information Security leader, you'll be accountable for crafting and managing a global, scalable infrastructure and application security initiative. You will use your extensive experience in securityarchitecture, security standards, and current data privacy regulations including GDPR and regional standards, to develop and manage the policies and practices that will assure General Assembly remains in compliance and maintains a strict security standard.
- Conduct a thorough evaluation of General Assembly’s security needs, priorities and opportunities in order to develop a short and long term security plan
- Drive application and networksecurity activities, penetration testing and vulnerability assessment at a global level
- Manage security incidents that impact our platform
- Maintain accountability for the operational execution of all securityprocesses
- Develop and extend security tooling and automation efforts across the organization
- Proactively identify security issues and potential threats and continuously build processes and design systems to watch for and protect against them
- Lead compliance activities including external audits, regulatory compliance projects, and overall information security reviews
- Educate the organization about these threats and implement threat protection measures at a global level
- Advocate for secure application and infrastructure best practices, ensuring a security presence at all stages of the software development lifecycle
- Lead delivery of inquiries on security standards and practices from our enterprise clients
- 7+ years of relevant experience in the information security space, preferably with both large and small, high-growth companies
- Expert experience with cloud security, platforms and services, including understanding of current security offerings from leading cloud service providers (e.g. AWS), and their applicability to securing a SaaS enterprise security environment
- Experience with security standards NIST 800-53, ISO 27001 and ISO 27018
- Experience designing and implementing cloud-based security technologies, including but not limited to data loss prevention, log management and alerting, and vulnerability scanners
- Deep knowledge of networking and networksecurity
- Outstanding interpersonal skills and the ability to successfully partner with cross-functional teams and business stakeholders
- Be a mentor and coach to your team, fostering ownership, guiding personal growth, and constantly striving to raise the bar on delivery performance and quality
- Competitive salary
- Generous parental leave
- Annual education allowance
- Gym allowance
- Apple Macbook Pro and related equipment
USA-specific benefits include a flexible paid-time off policy, 401k, company phone and health, dental and vision insurance.