Chief Information Security Officer - Business Wire United States Bookmark Share Print 341 0 8

Listing Description

Business Wire, a Berkshire Hathaway company, is the global market leader in press release distribution and regulatory disclosure. We are on a mission to redefine how organizations connect with their audiences - and that’s just the beginning!

Organizations, large and small, depend on us to accurately publicize market-moving news and multimedia, and generate social engagements that develop interactions with their target audiences.

About the Role
Reporting to the Senior Vice President, Product & Technology, the Chief Information Security Officer (CISO) is responsible for advancing and managing a comprehensive information security practice protecting customers, partners, and company digital assets.
At Business Wire, information security is a key consideration in our overall decision process from product ideation through business operations.
We are seeking an experienced, technical, and dynamic CISO to join our team. The ideal candidate will have a proven track record of building and leading a strong InfoSec team, defining and implementing information security strategies, enhancing cloud and data center security, and ensuring compliance with industry standards in a fast-paced environment.  The candidate should also be familiar with data, code, and information security best practices, as well as auditing processes.
As the leader of the InfoSec organization, you will work collaboratively with all areas of the business including Engineering, Quality, Architecture, DevSecOps, IT Operations, Program Management, and Business Operations to ensure that we maintain a robust and highly effective information security program for our existing solutions while also supporting the buildout of new client solutions hosted in our data centers and the cloud. You will collaborate with all stakeholders and senior leaders across the company as well as a diverse team of participants throughout the development, deployment, and operational lifecycle. 
You will lead a team of strong security architects and engineers, help define the strategic direction for our security practice to meet the stringent requirements of our industry and clients, and continue to enforce a security-first culture. 

What You'll Do
·       Build and lead a world-class InfoSec organization:
o   Recruit, mentor, and lead a team of security professionals to protect our company's systems and customer data.
o   Enhance overall security strategy and align with the business objectives of the organization. Keep up with emerging threats and new technologies to enhance organizational cyber defense systems. Work with business and technology partners to facilitate risk management and risk management processes to mitigate potential threats to the organization's infrastructure, applications, and data.
o   Develop and conduct security awareness training for employees to promote a security-first culture throughout the organization. Ensure that employees are aware of their security responsibilities and trained to mitigate risks.
o   Improve and implement a security governance framework including controls, standards, policies, and guidelines. Ensure the consistent application of governance across all technology projects, products, systems, and services.
o   Manage the timely creation and dissemination of security-related communications including security awareness and training announcements, security compliance policies and processes, security alerts, and event messaging.
o   Measure the effectiveness of security controls. Define and use metrics to track performance.
o   Ensure that vendors and third-party providers adhere to the same high-security standards as our organization.
o   Balance security needs with user experience and usability.
·       Enhance cloud and data center security:
o   Enhance security strategy for our cloud and data center environments, data, code, and applications.
o   Make continuous improvements to our security strategies to protect critical assets and data.
o   Implement security controls and technologies, including AWS services such as IAM, VPC, WAF, and GuardDuty, to monitor and protect the organization's assets.
o   Plan for and respond to security incidents, and establish processes to minimize the impact.
·       Ensure timely internal and external audits:
o   Manage a comprehensive Governance Risk Compliance program in support of corporate audits and periodic client assessments.
o   Ensure that our company meets all internal and external audit requirements.
o   Conduct periodic penetration testing and vulnerability assessments.

What You'll Need
  • 10+ years of relevant industry experience in an enterprise information security management role for a public-facing internet organization.
  • 5+ years in a senior leadership role in security.
  • Strong experience building and leading an InfoSec team. You should have experience in hiring and developing security talent, providing coaching, and driving a culture of excellence in security.
  • Expertise in cloud security, including AWS and Azure.
  • Experience in data encryption, access controls, code reviews, and secure coding practices.
  • Familiarity with regulatory compliance such as PCI DSS, SOC 2, and ISO 27001.
  • Strong written and verbal communication skills with large audiences, leaders, and executives. The ability to deliver constructive and encouraging feedback.
  • Ability to thrive in a fast‐paced environment and work effectively through competing constraints.
  • Experience managing tasks across multiple projects at once and driving results independently.
  • Experience working independently and finding resources/information needed to resolve issues.
  • Proactive, organized, analytical, detail-oriented, and persistent.
  • Bachelor's or Master's degree in Computer Science, Information Security, or a related field.

  • Preferred:
  • Certified Information Systems Security Professional (CISSP) or equivalent certification.
  • AWS Cloud Practitioner.
  • AWS Certified Security – Specialty.
  • Business Wire will not sponsor a new applicant for employment authorization for this position.

    What We Offer
    The base salary range for this position is $240K to $275K/year.  Offered salary will be determined by several factors, including but not limited to: applicant’s education, experience, knowledge, skills and abilities, as well as internal equity and alignment with geographic market data.  Business Wire reserves the right to modify this salary range at any time.
    Business Wire’s total rewards include:
  • Ability to work remotely 100%
  • Excellent health benefits that begin on your first day of employment
  • $100 monthly fitness allotment, a tuition reimbursement program, and enhanced mental health resources
  • 401(k) plan with generous company match, and annual profit sharing contribution (subject to company performance)
  • PTO, Floating Holidays, Wellness Day Off, Birthday Day Off, and more!
  • Business Wire is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. Pursuant to the San Francisco Fair Chance Ordinance and other similar state laws and local ordinances, and its internal policy, Business Wire will also consider for employment qualified applicants with arrest and conviction records.

    Listing Details

    • Citizenship: Not Provided
    • Incentives: Not Provided


    • Education: Not Provided
    • Travel: Not Provided
    • Telework: Not Provided

    About Us

    NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

    Our Contacts

    1765 Greensboro Station Pl.
    Suite 900
    Tysons Corner Va 22102

    (703) 594-7765