Director of Information Security
8 - 10 years experience • Online Advertising & Marketing Services
Build software. Reach 500 million users. Change lives. That’s what we’re doing at Lithium. And you can do it, too. If you want to put your stamp on the digital customer space and enjoy yourself along the way, come join the team. We’re looking for seriously passionate, fun, collaborative & innovative thinkers to help us change the world.
Director of Information Security
The Director of Information Security ensures adherence to Lithium’s information security strategy, programs and best practices. This is a highly visible and often hands-on position responsible for security governance and oversight which includes identifying and mitigating securityrisks in all corporate functions such as Engineering, Operations, Finance, Human Resources and Information Technology. This role requires practical knowledge in the areas of physical and logical security of applications, operating systems, databases and networks. This role is the resident security expert, and is a key resource that drives security initiatives and manages cross-functional project teams. The Director of Information Security is representative of the Lithium security function to management, staff, customers and auditors
- Direct and approve the design of security systems;
- Ensure that disaster recovery and business continuity plans are in place and tested;
- Review and approve security policies, controls and cyber incident response planning;
- Approve identity and access policies;
- Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities:
- Maintain a current understanding the IT threatlandscape for the industry;
- Ensure compliance with the changing laws and applicable regulations;
- Translate that knowledge to identification of risks and actionable plans to protect the business
- Oversee identity and access management;
- Make sure that cybersecurity policies and procedures are communicated to all personnel and that compliance is enforced;
- Manage all teams, employees, contractors and vendors involved in IT security, which may include hiring;
- Provide training and mentoring to security team members;
- Constantly update the cybersecurity strategy to leverage new technology and threat information;
- Brief the executive team on status and risks, including taking the role of champion for the overall strategy and necessary budget
- Communicate best practices and risks to all parts of the business, outside IT
- Experience supporting and providing information security guidance to product development teams.
- 8+ years of successful experience in security, IT architecture or engineering management. Significant understanding of IT Infrastructuretechnologies including network, server, end-point, mobile, storage and how security relates to the overall IT.
- 5+ years management experience working with C-Level executives and customers.
- Previous hands on information security role with emphasis on:
o Security policy development
o Security audits and assessments (SAS 70, ISO 27001, PCI)
o Application and database security
o Network security architecture
o Security infrastructure technologies
o Vulnerability analysis
o Physical security
- 8years of experience managing a global enterprise information security function preferably in the software/high technology industry.
- 5 years of experience with knowledge and experience with Software/Infrastructure/Software-as-a-Service (SaaS) solutions and architectures.
- Experience working and supporting product development teams as it relates to information security compliance
- Demonstrated professional experience in preparing and presenting information effectively to broad internal and external constituencies including non-technical executives, corporate officers, business colleagues, product and service vendors and external peers.
- Bachelor's degree in an information technology discipline. Professional information security certification (e.g., Certified Information Systems Security Professional, (CISSP), SANS/GIAC, CISM, preferred.