Director, Information Security

Seniority Level: Director

Location: Long Beach, CA or Seattle, WA

About the role and about You:

At Zwift IT, we are constantly improving our security posture. Currently, we are looking for a Director, Information Security to be a key member of the IT Leadership Team. This role is critical to leading and transforming our security programs to keep up with the threat landscape and partnering across the Zwift in this critical area. The candidate is expected to have broad practical implementation knowledge of designing and running information security programs, building, and scaling large security capabilities, and working across organizational boundaries and with executive leadership to shape the security strategy to ensure our promises to customers in every interaction.

The Director of Information Security will drive and support the security policies, practices, procedures, and technologies required to ensure the protection of our networks, systems, applications, data, and products. S/he will ensure operational risk management efficiencies are achieved across the enterprise and will develop, document, and operate controls maximizing risk mitigation, which are compliant with target industry regulations including ISO27K/NIST CSF, PCI DSS, SOX, GDPR, and CCPA.

To be successful you not only are great at defining a vision, but you are equally great at executing that vision. This position will report directly to the Vice President of Information Technology.

What you'll do:

• Establishes and maintains the Enterprise Security vision, strategy, and program to ensure information assets and technologies are adequately protected
• Provides leadership to develop and execute an enterprise information security strategy and roadmap. Aligns with enterprise business strategy, gains executive approval and support, and oversees the successful execution
• Works with Zwift development and infrastructure teams to identify and remediate application and infrastructure–related vulnerabilities through findings and remediation s
• Develops and employs an ongoing information security communications, training, and awareness program tailored to the evolving needs of the business and the specific requirements of various user groups.
• Ensures Identity and Access reviews are performed periodically and follows through on findings and remediation s
• Defines Objectives and Key Results (OKRs), strategic risk indicators, and metrics/scorecards to understand current health and drive insights into future focus areas for the team before issues occur/risks are realized.
• Prepares, maintains, and communicates security procedures and documentation including incident response procedures
• Collaborates cross–functionally, including with engineering, legal, product, and IT teams, to build and strengthen information security and privacy across our service and infrastructure
• Responsible for security operations, including threat prevention, detection, and incident response strategy to include a formalized incident response process, declaring security incidents, coordinating and assisting in the investigation of potential incidents, assisting in the recovery from attacks, coordinating with legal, compliance, and other stakeholders, law enforcement agencies (where applicable), and developing the post–response control strategy
• Works closely with and provides technical expertise to compliance, business units, and supporting departments in the implementation, certification, and maintenance of compliance standards (E.g., NIST CSF/800–171/CMMC, ISO 27001/ISO27701, SOX, PCI/DSS, GDPR, CCPA, etc.)
• Develops, trains, and mentors the Information Security team to grow their technical and professional capabilities

What you'll have:

• Bachelor's degree in Computer Science, Information Systems, Engineering, or related technical field
• 8+ years of experience in a combination of information technology & security and IT risk management
• 8+ years of leadership experience in information security policy, standards, architecture, technology, and programs
• Experience with multiple Information Security domains, such as Infrastructure Vulnerability, Data Loss Prevention, End User Security, Network Security, Internet Security, Application Security, Cloud Security(AWS), Identity & Access Management, etc
• Experience with security products from a variety of vendors (firewalls, intrusion detection systems, vulnerability scanners, multi–factor/strong authentication technologies, SIEM, CASB, logging, penetration testing software, etc.)
• Knowledge and understanding of relevant legal and regulatory requirements, such as GDPR, SOX, PCI/DSS, ISO/IEC 27001, and NIST security principles
• Proven and demonstrated successful experience delivering results in the following areas of IT Security: Identity and Access Management (IM), Application, Cloud and Data Security, Information Governance Risk & Compliance (GRC), Security Operations
• Must have a track record of developing and implementing a comprehensive strategy and plan for managing information security
• Exceptional program and project management skills
• Strong written/oral communication skills required along with the desire and ability to communicate with business leaders at all levels of the organization
• Strong analytical and problem–solving skills

Bonus points:

• One or more relevant certifications preferred (CISSP, CCSP, CISA, or CISM)
• Cloud Engineering or Security Certification preferred – AWS Certified DevOps Engineer, AWS Certified Security, or similar certifications
• Experience with Docker, Open Container Initiative, Kubernetes, or similar is a big plus.

The base salary for this position ranges between $203,000 to $280,000. The base salary will be based on a number of factors including the role offered, the individual's job–related knowledge, skills, qualifications, and geographic location. In addition to base salary, Zwift is proud to offer a comprehensive and competitive benefits package for all eligible employees which also includes performance bonuses, equity, and a full range of medical, financial, and other perks and benefits.