Talent.com
Director, Information Security & Compliance.

Director, Information Security & Compliance.

ConductorNew York, US
30+ days ago
Job type
  • Full-time
Job description

Conductor is a leading Website Optimization & Intelligence platform. Todays top brands use Conductor to create & optimize digital experiences that get found organically in search engines & drive value for customers. The platform provides actionable SEO, content, & technical website intelligence paired with real-time website monitoring to help customers accelerateand protectdigital growth.

Conductor is a mission-driven company with a commitment to innovation, customer success, & culture. For Conductor, success is improving the lives of all the people in our orbitour customers, our customers' customers, our employee-owners, & our communities.

We are looking for a Director, Information Security to join our team at Conductor reporting to our Chief Financial Officer. You will lead the information security function across the company to ensure consistent & high-quality information security management in support of our business goals. The successful candidate will be focused on creating the Security & Compliance Roadmap, being the security point person for our technology teams, compliance, security inquiries, as well as continuing to develop & maintain our automated security tests in our CICD processes.

What You'll Do

  • Develops, implements, & executes a holistic information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy, & recovery of information
  • Directly manage a small remote team of security engineers including management of your teams projects & backlog
  • Own & Develop the Information Security & Compliance Roadmap to Drive Infosec Automation & Security Maturity best practices (incl, Red Team / Blue Team Strategies)
  • Participate in design reviews with product management & feature teams discussions to enhance security best practices during development.
  • Collaborate with our technology teams to identify business-critical systems & remediate vulnerabilities
  • Provide strategic guidance & direction on compliance initiatives, ensuring adherence to relevant regulations such as CCPA, GDPR, FDA guidelines, & other global data protection laws.
  • Develops & oversees effective disaster recovery policies & standards to align with the enterprise business continuity management (BCM) program goals,
  • Own technical security questionnaires, security policy reviews, configuration standards, third-party audits, Security process automation & tooling. Represent the Company in discussions with stakeholders on matters related to information security & compliance.
  • Deploy & analyze security-related tools & metrics (e.g. intrusion detection, log management, encryption, endpoint protection).
  • Lead incident response & management activities to promptly detect, contain, & mitigate cybersecurity incidents, minimizing the impact on operations & preserving stakeholder trust.
  • Lead all activities required by internal & external audit schedules
  • Consistently ensure that business is conducted with integrity at all times & that behavior aligns with Conductor's policies, procedures, & values.

Who you are

  • You have a minimum of 7 years of experience working in Security Engineering & SecOps with at least 2 years leading a security engineering team in a SAAS & modern cloud environment.
  • Certification in one or more of the following : Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk & Information Systems Control (CRISC) or other similar credentials is preferred.
  • At least 2 years working with 3rd party vendors in leading Security Audits & ISO 27001 Certification renewals
  • Strong hands-on experience across cybersecurity domains, such as network security, endpoint security, cloud security, identity & access management, threat intelligence, etc.
  • Experience working in agile environments, & you value collaboration, feedback & look to continually improve yourself & your work.
  • Demonstrated ability to establish & maintain effective relationships with employees, partners, & vendors.
  • Excellent communication skills, capable of engaging technical & non-technical audiences.
  • Deep knowledge of SIEM, Vulnerability Management, Penetration Testing, IAM, IDS / IPS, advanced encryption at rest techniques, & other security protocols.
  • Strong analytical & problem-solving skills, with an aptitude for identifying & mitigating risks proactively.
  • Experience dealing with external entities like auditors & customer
  • Significant Experience with Amazon Web Services
  • Experience with modern virtualization technologies (Docker, Kubernetes, etc.)
  • Hands on Working knowledge & understanding of Intrusion Detection Systems (IDS), Security Information & Event Management (SIEM), & Open Web Application Security Project (OWASP)
  • Expertise of current cyber security standards / frameworks; ISO 27001, GDPR, SOC, NIST
  • Exposure to security disciplines & in-depth exposure to Incident Response or Detection Engineering.
  • Ability to manage vendor / supplier relationships, including contract negotiation, ongoing maintenance & support, & problem-resolution

    • Conductor's R&D organization is currently operating in a hybrid manner with the team working minimally two days in our NYC HQ office (Monday & Thursday) with work from anywhere the other three days)

    Compensation : Conductor maintains competitive, performance-based compensation programs.

    The NYC base salary range for this role is currently $150,000 - 190,0000. Actual base salary offered may vary within this range based on education, knowledge, skills, abilities, relevant experience, internal equity, & geographic location, among other factors. The actual compensation, if offered a position, will be based on these factors.

    Variable compensation : In addition to the base salary, this role is also eligible for an annual Corporate Bonus of 20% tied to company & individual performance.

    Conductor is an equal opportunity employer. We celebrate diversity & are committed to creating an inclusive environment for all employees. Bringing in diverse perspectives & challenging our assumptions is the clear key to growth; it drives innovation, creativity, faster problem-solving, & stronger decision making. All aspects of employment including the decision to hire, promote, train, discipline, or discharge, will be based on merit, competence, performance, & business needs.

    Conductor does not discriminate against any employee or applicant on the basis of race, color, ancestry, national origin, religion or religious creed, mental or physical disability, medical condition, genetic information, sex (including pregnancy, childbirth, & related medical conditions), sexual orientation, gender identity, gender expression, age, marital status, military or veteran status, or other characteristics protected by state or federal law or local ordinance. In addition, it is the policy of Conductor to provide reasonable accommodation to qualified employees who have protected disabilities to the extent required by applicable laws, regulations & ordinances where a particular employee works.