Reporting to the Chief Information Officer/ Chief Information Security Officer, the Global Vice President of Information Security is a business/technology executive who will beresponsible for providing enterprise-wide leadership to establish and maintain a comprehensive Information Security and Data Privacy program ensuring compliance and managing organizationalrisks. This includes policy creation, education, training,security incident response,risk assessment,contract review, incident prevention, detection, andforensics. This leader will provide strategic as well as pragmatic thought leadership at the CareerBuilder executive level regardingsecurity, technology, and products and create strongpartnerships across business units and functional groups to deliver competitive advantage and provide organizational leadership across CareerBuilder for ITsecurityand related organizational initiatives across the company. This position also serves as the Deputy Chief Information Security Officer within the organization.
As the key executive leading CareerBuilder security planning, implementation and overall operations, the Vice President of Global Information Security is critical to enabling CareerBuilder to deliver its strategy all the while protecting the security and integrity of client data and CareerBuilder’s overall brand in the marketplace. The Vice President of Global Information Security will partner very closely with the executive leadership of the organization and business unit leadership including various Product Executives, Enterprise Architecture, Project Management Office, and Application Executives.
The Vice President of Global Information Security will be a seasoned, organizational leader with a strong technical/ operational background and experience partnering, leading and influencing across business units with all levels of leadership. It’s critical for this individual to be able to develop forward-thinking, industry-leading vision and strategy to ensure CareerBuilder is a strong leader in IT security.
The Vice President of Global Information Security will be comfortable working in a fast-paced, collaborative, highly matrixed environment, developing a strategy for CareerBuilder and a roadmap to achieve strategic goals. The person in this role must be comfortable working with ambiguity, have a proven track record of hiring, developing and growing technical talent, strong executive presence and demonstrate outstanding communication skills specifically, have the ability to translate technical vision, roadmaps and decisions into a clear, inspiring story that enables the organization to quickly align and drive results. The ability to lead from the front, be a strong leader-teacher and collaborate at all levels at CareerBuilder and establishing credibility with clients are all critical to this role.
The Vice President of Global Information Security will lead the technical security team as they guide the organization in areas that are very dynamic, increasingly complex, and involve partnering with suppliers, outside organizations, and leaders across CareerBuilder. This leader will model strong business partnering skills, leadership presence, and organizational maturity.
- Develop and execute an enterprise-wide security strategy and roadmap that mitigates risk through the right balance of security measures and operational flexibility.
- Standards and Guidelines - Establish policies, procedures, standards and guidelines that enable CareerBuilder’s security strategy.
- Threat Assessment and Scenario Planning - Identify security vulnerabilities and risks associated with CareerBuilder’s operations, including partnering with business units to build threat assessment into the product design and development processes.
- Advanced Detection and Containment - Build an industry leading detection and containment capability that will identify and mitigate sophisticated cyber-attacks against CareerBuilder’s application and infrastructure.
- Day-to-Day Security Operations - Ensure operational procedures enforcing security are effective and optimal, including assessing and testing for vulnerabilities.
- Incident Response - Respond to and resolve security exposures and incidents.
- Security Engineering - Work directly with the business units, IT Operations, R&D teams to ensure that the right security capabilities are built into offerings, enterprise processes and tools through reusable technology (services oriented architecture). Oversee the evaluation, selection, and implementation of information security tools.
- Integrity of Critical Business Operations - Participate in the formation and execution of business continuity planning, and drive disaster recovery planning and execution across multiple businesses and geographic sites.
- Security Compliance and Audits - Manage internal and external assessments of security, disaster recovery and compliance (certification and accreditation).
- Education and Training - Provide security awareness training, information, and education to employees, partners, and clients.
- Cloud Security - Develop and operate optimal securityprocesses, tools and consulting services for hosting secure applications in the cloud.
- Third Party Management - Participate in the development, implementation and ongoing compliance monitoring of information privacy requirements and responsibilities in vendor contracts and agreements.
- Security Metrics and Reporting - Develop and maintain a program that informs business unit and functional group leadership of the top securityrisks and overall security health of their organizations.
- Sales and Customer interaction - Including pre-Sales support, customer contract review, RFP response, and customer audit facilitation.
The above statements represent a general outline of principal job functions and should be not be construed as a complete description of all aspects and requirements inherent in this job.
- Bachelor’s degree or Master’s degreedesired.
- CISM or CISSP is required
- A minimum of 15 years of experience in information security to include the following areas:
- Experience in the development of information security policies, intrusion response procedures, business continuity and disaster recovery procedures, risk analysis, and administration of the operations of a complex securityinfrastructurepreferred.
- Experience with regulatory and compliance in a technology environment. Knowledge of IT security policy and policy administration. Knowledge of implementation requirements and impacts of data security legislation.
- Ability to exhibit maturity, reliability, composure, and stability under pressure as required for handling on-the-job challenges is essential.
- Strong project management, critical thinking, analytical, verbal and written communication skills.
- Strong interpersonal skills to deal with administrators, and employees at all levels in the organization. Success in this position depends on the ability to work in a highly decentralized environment.
- Demonstrated experience advising and collaborating with senior management is required. The ability to work in a team/collaborative environment with a broad range of constituencies is essential.