Business Wire, a Berkshire Hathaway company, is the global market leader in press release distribution and regulatory disclosure. We are on a mission to redefine how organizations connect with their audiences - and that’s just the beginning!
Organizations, large and small, depend on us to accurately publicize market-moving news and multimedia, and generate social engagements that develop interactions with their target audiences.
About the Role
Reporting to the Senior Vice President, Product & Technology, the Chief Information Security Officer (CISO) is responsible for advancing and managing a comprehensive information security practice protecting customers, partners, and company digital assets.
At Business Wire, information security is a key consideration in our overall decision process from product ideation through business operations.
We are seeking an experienced, technical, and dynamic CISO to join our team. The ideal candidate will have a proven track record of building and leading a strong InfoSec team, defining and implementing information security strategies, enhancing cloud and data center security, and ensuring compliance with industry standards in a fast-paced environment. The candidate should also be familiar with data, code, and information security best practices, as well as auditing processes.
As the leader of the InfoSec organization, you will work collaboratively with all areas of the business including Engineering, Quality, Architecture, DevSecOps, IT Operations, Program Management, and Business Operations to ensure that we maintain a robust and highly effective information security program for our existing solutions while also supporting the buildout of new client solutions hosted in our data centers and the cloud. You will collaborate with all stakeholders and senior leaders across the company as well as a diverse team of participants throughout the development, deployment, and operational lifecycle.
You will lead a team of strong security architects and engineers, help define the strategic direction for our security practice to meet the stringent requirements of our industry and clients, and continue to enforce a security-first culture.
What You'll Do
· Build and lead a world-class InfoSec organization:
o Recruit, mentor, and lead a team of security professionals to protect our company's systems and customer data.
o Enhance overall security strategy and align with the business objectives of the organization. Keep up with emerging threats and new technologies to enhance organizational cyber defense systems. Work with business and technology partners to facilitate risk management and risk management processes to mitigate potential threats to the organization's infrastructure, applications, and data.
o Develop and conduct security awareness training for employees to promote a security-first culture throughout the organization. Ensure that employees are aware of their security responsibilities and trained to mitigate risks.
o Improve and implement a security governance framework including controls, standards, policies, and guidelines. Ensure the consistent application of governance across all technology projects, products, systems, and services.
o Manage the timely creation and dissemination of security-related communications including security awareness and training announcements, security compliance policies and processes, security alerts, and event messaging.
o Measure the effectiveness of security controls. Define and use metrics to track performance.
o Ensure that vendors and third-party providers adhere to the same high-security standards as our organization.
o Balance security needs with user experience and usability.
· Enhance cloud and data center security:
o Enhance security strategy for our cloud and data center environments, data, code, and applications.
o Make continuous improvements to our security strategies to protect critical assets and data.
o Implement security controls and technologies, including AWS services such as IAM, VPC, WAF, and GuardDuty, to monitor and protect the organization's assets.
o Plan for and respond to security incidents, and establish processes to minimize the impact.
· Ensure timely internal and external audits:
o Manage a comprehensive Governance Risk Compliance program in support of corporate audits and periodic client assessments.
o Ensure that our company meets all internal and external audit requirements.
o Conduct periodic penetration testing and vulnerability assessments.
What You'll Need
Business Wire will not sponsor a new applicant for employment authorization for this position.
What We Offer
The base salary range for this position is $240K to $275K/year. Offered salary will be determined by several factors, including but not limited to: applicant’s education, experience, knowledge, skills and abilities, as well as internal equity and alignment with geographic market data. Business Wire reserves the right to modify this salary range at any time.
Business Wire’s total rewards include:
Business Wire is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. Pursuant to the San Francisco Fair Chance Ordinance and other similar state laws and local ordinances, and its internal policy, Business Wire will also consider for employment qualified applicants with arrest and conviction records.
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided