Director of Security Infrastructure & Compliance

Employment Type: Direct Hire/Perm

Workplace Type: Hybrid/Onsite

Location: Santa Monica, CA

Industry: Advertising Services - Broadcasting & Media

Compensation: Salary $200k - 270k

OVERVIEW:

As the Director, Security Infrastructure & Compliance, you will be responsible for overseeing and enhancing our organization's information, cyber, and technology security posture. You will play a critical role in safeguarding our digital assets, ensuring compliance with regulatory requirements, and mitigating risks associated with cybersecurity threats. This position reports directly to the Chief Operating Officer (COO) and requires a strategic thinker with strong hands-on leadership skills and deep technical expertise in cybersecurity.

RESPONSIBILITIES:

Security Leadership:

• Develop and implement a comprehensive cybersecurity strategy that aligns with the organization's goals and objectives. Provide strategic guidance to senior management on cybersecurity matters and ensure alignment with business priorities.
• Provide strategic and hands-on leadership for designing, implementing, monitoring, and maintaining information security architectures, programs, and frameworks.
• Train, mentor, and guide junior security team members, Corporate IT, Data, and Cloud Engineering staff in the areas of security best practices, awareness, and technologies.
• Provide information security consulting services to key stakeholders across all business departments.
• Stay up to date on emerging cloud security threats, vulnerabilities, and compliance regulations.

Security Architecture:

• Manage & maintain security platforms, systems, and applications both on-premise and in the cloud (AWS).
• Continuously monitor and assess Corporate IT and cloud infrastructures for vulnerabilities, threats, misconfigurations, and suspicious activity.
• Research, evaluate, Implement, configure, and manage IT infrastructure and cloud security tools for vulnerability management, threat/intrusion detection, Zero Trust, Incident Response, Endpoint Protection, Data Loss Prevention, SIEM, IDS/IPS, & WAF.
• Conduct testing to identify vulnerabilities on applications, infrastructure, and computer systems. Collaborate with the IT teams (both internal and external) to remediate or update security controls when necessary.
• Design and implement internal threat monitoring scenarios using data analysis tools.

Content Security & Data Privacy:

• Develop and implement best practices, programs, and technologies for securing the integrity of Content Information, Digital Assets, and Data Privacy.
• Collaborate with internal business stakeholders, strategic partners, and third-party vendors in the development and implementation of a Content Security program.
• Collect, analyze, and monitor data logs security systems for risk and vulnerability assessments, and develop reports on findings.
• Define, develop, and implement data disaster recovery techniques and business continuity plans.

Risk Management:

• Identify, assess, and prioritize cybersecurity risks to the organization's information systems, networks, and data.
• Implement risk mitigation strategies and controls to minimize exposure to cyber threats.
• Research risk threats and manage vulnerability platforms and analyze security incident and event data and produce monthly reports to management.

Incident Response:

• Establish security incident response policies and procedures and conduct regular training.
• Develop and maintain incident response plans to effectively respond to cybersecurity incidents and breaches, including creating incident categories and IR event handling methodologies.
• Lead incident response efforts to contain and remediate security incidents in a timely manner.
• Manage and resolve information security incidents, including coordinating the efforts of the technical teams, documenting incident events, and reviewing & communicating incidents to executive leadership and stakeholders.

Compliance and Governance:

• Ensure compliance with relevant cybersecurity regulations, standards, and frameworks.
• Maintain strong relationships with regulatory bodies and industry associations to stay informed about emerging threats and compliance requirements.
• Work with external auditors to ensure successful completion of security and compliance audits.
• Lead and participate in cloud security audits to ensure compliance and identify areas for improvement.
• Communicate effectively with technical and non-technical stakeholders regarding cloud security posture and compliance requirements.

Security Awareness:

• Develop and promote cybersecurity awareness and education programs across the organization.
• Conduct training sessions and awareness campaigns to enhance employee understanding of cybersecurity risks and best practices.
• Develop & maintain documentation and workflows for security systems and procedures.
• Develop and enforce security policies, procedures, and programs that align with industry best practices and regulatory requirements.

Vendor Management:

• Evaluate the security posture of third-party vendors and partners.
• Establish security requirements for vendor contracts and monitor compliance with security standards.

Budget and Resource Management:

• Develop and manage the cybersecurity budget, ensuring adequate resources are allocated to support cybersecurity initiatives and projects.

QUALIFICATIONS:

• Bachelor's and/or Advance degree in Information Security, Cybersecurity, Information Assurance, Information Technology, Computer Science, or related field.
• Relevant certifications in Information Security, Cybersecurity, and Cloud Security (i.e., CISSP, CISM, CISA, CCSP, GCSA, AWS Certified Security)
• Minimum of 8 years of experience designing, implementing, and maintaining security architectures, with at least 5 years expeirnece working in a "hands-on" leadership or managerial role.
• Proven track record of developing and implementing cybersecurity strategies in a complex organization.
• Advanced working knowledge of cybersecurity principles, technologies, and best practices.
• Track record of successfully researching, evaluating, selecting, and implementing enterprise security tools in the areas of; Endpoint Protection, Threat/Intrusion Detection, Incident Response, Vulnerability Management, SIEM, IDS/IPS, Data Loss Prevention, WAF, ect.)
• Advanced knowledge of relevant security compliance, regulations, and frameworks (e.g., ISO, NIST, SOC, SOC 2, PIC, GDPR, ect).
• Experience creating and managing Content Security programs.
• Understanding of Zero Trust Frameworks and experience developing and implementing Zero Trust architectures.
• Demonstrated leadership ability, with experience building and leading high-performing cybersecurity teams.
• Strong analytical and problem-solving skills, with the ability to make informed decisions in high-pressure situations.
• Excellent communication and interpersonal skills with the ability to collaborate effectively with stakeholders at all levels of the organization.

All qualified applicants will receive consideration for employment without regard to race, color, national origin, age, ancestry, religion, sex, sexual orientation, gender identity, gender expression, marital status, disability, medical condition, genetic information, pregnancy, or military or veteran status. We consider all qualified applicants, including those with criminal histories, in a manner consistent with state and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance.