$100K — $150K *
Description About KinderCare Education®
KinderCare Education operates more than 1,380 early learning centers, and more than 560 Champions sites, supported by a corporate team of nearly 600 headquarters employees in Portland, Oregon. In 2019, KinderCare Education earned their third Gallup Great Workplace Award – one of only 39 companies worldwide to win this award.
KinderCare Education is looking for a Senior Manager of Information Security & Compliance to drive our security and compliance strategy. In this unique role, the information security leader will act as process owner for the development and implementation of an organization-wide information security program and ongoing activities to preserve the availability, integrity and confidentiality of the company’s information resources in compliance with applicable security policies and standards. You will bring your leadership presence and security experience to oversee the implementation of the information security program, working closely with your business partners and stakeholders.
This role leads two distinct functions at KinderCare and partners closely with external vendors, including KinderCare’s a Managed Security Service Provider. The ideal candidate will have a deep security and compliance background and demonstrated experience influencing and driving change through an organization. This position is both strategic and tactical in nature.
• Collaborate with all business groups in formulating policy and strategy for Information Security.
• Communicate and educate all levels of business leadership on the value and their role in IT Security to the company.
• Develop and maintain IT security policies, procedures and guidelines as required ensuring changing enterprise needs are met.
• Regularly discover and assess security threats & risks that could reasonably be of impact to KCE and create strategic and tactical plans to mitigate those risks.
• Review availability and identification of unacceptable levels of supplier risk as they pertain to IT security requirements and hold those suppliers accountable to action plans to mitigate those risks.
• Review incident reports for compliance with KCE policy and procedures and provide for modification of policies and procedures to address new security threats.
• Coordinate development and end user training in accordance with KCE security policies and procedures.
• Define high level security requirements across multiple disciplines of IT including applications, network and systems.
• Review and approve service provider’s security solutions and procedures as they apply to services being utilized by KCE.
• Regularly review and approve project level security requirements and impacts, ensuring IT security best practices, policies and procedures are applied.
• Conduct routine audits of KCE systems & processes to assess adherence of KCE’s systems to regulatory, compliance, and best practice standards requirements. Collaborate cross functionally to ensure remediation plans are clear and meeting objectives.
• Communicate in written and verbal forms to all levels of the organization on security issues and plans.
• Incorporate ITIL best practices in the go forward plans and procedures for KCE security.
• Act as the KCE coordination point for security events, and routine audit processes.
• Coordinate responses for customer-initiated documentation requests, regarding KCE security policies, procedures and events.
• Provide security requirements for new technologies that are both planned for implementation and under review for potential future deployment.
Qualifications • Bachelor’s degree in computer science or related field and/or 4+ years of professional IT security and leadership experience
• At least 3 years of information security management experience is required
• At least 3 years of demonstrated technical leadership across one or more technical domains such as application development, systems engineering, network engineering, end point management, cyber security tools (EDR, IDS/IPS, Systems Hardening, etc)
• Certified Information Systems Security Professional (CISSP) is preferred.
• Certified Information Systems Auditor (CISA) and Certified Information Security Manager preferred.
• Demonstrated experience implementing security initiatives that require partnership with business, functional IT departments, and customers.
• Demonstrable experience implementing and operating within industry standard governance frameworks such as Cobit 5, CoSo, or others.
• In-depth knowledge of IT security practices and procedures for enterprise environments including, but not limited to, mobile devices, cloud services, enterprise applications, data centers and networks.
• Desired general knowledge of technical architectural disciplines including:
o Business systems, and web architectures
o System and network security and controls.
o Multi-unit/retail-like systems & end-point architectures
o Current security trends in End Point (PC / Tablet / Smart Phone) technologies
• Advanced knowledge of information security principles and processes including security risk assessment standards, risk assessment methodologies, and vulnerability assessment.
• Superior written and verbal communication skills.
• Demonstrated ability to build relationships with business, supplier, and technology stakeholders.
• Demonstrated ability to implement business-driven solutions in a complex environment.
Valid through: 4/28/2021