Director of Information & Cybersecurity

Its scoring software and analytics have become an essential ingredient in the creative and media decisions of the world’s largest marketers and agencies, as they strive to drive business results through improved creative effectiveness. As the leader in creative data, Vidmob’s influence lies in its partnerships and integrations across the digital ad ecosystem, its dozens of proprietary models, and in operating the industry’s most robustly instrumented human-reinforcement learning model for creativity. 

The Director of Information and Cybersecurity is a key leadership role at Vidmob. Reporting to the VP of Engineering, the Director will lead Vidmob’s Cybersecurity Office providing oversight and operational responsibility for Information Systems and Technology Security. In this role you will provide strategic security direction and support for production and development environments, and oversee IT operations.

The ideal candidate will have the technical prowess to manage IT and security tools, understand security impacts, and prioritize mitigation efforts and communication skills to uphold Vidmob's customer-centric approach. 

Responsibilities:

• Analyze department needs, identify vulnerabilities, and boost productivity, efficiency and accuracy to inform business decisions

• Ensure compliance with relevant regulations and leading the response to security incidents

• Communicate risks and strategies to executive management and stakeholders

• Collaborate directly with customers and their security teams to address security requirements effectively

• Continuously analyze current process, technologies, and vendors to identify areas of improvement

• Collaborate with development and operations teams to integrate security practices into the development lifecycle, adhering to a “Shift Left” approach

• Utilize AI, SCA and DAST scanners to identify and address security vulnerabilities proactively

• Perform security assessments and audits on applications and infrastructure to ensure compliance with security certifications, standards and frameworks such as SOC2, ISO 270001, NIST, CSA

• Develop and maintain security automation scripts and tools to streamline security processes

• Develop security testing processes

• Assist in the design and implementation of secure systems and networks to safeguard IT infrastructure, applications, and data

• Provide oversight and direction to IT for managing and supporting internal assets in compliance with Corporate policies and best practices

• Participate in incident response and security incident investigations as needed

• Develop and Maintain security and IT policies, standards and procedures

• Develop and deliver security awareness training programs for employees and promote a culture of security awareness across the organization

• Develop and manage the cybersecurity budget and ensure efficient allocation and utilization of resources

Qualifications:

• Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent work experience)

• 7+ years of leadership experience in SRE, DevSecOps, IT Security Operations 

• Relevant security certifications (e.g., CISSP, CEH, CISM, AWS Security Specialty) are a plus

• Understanding of security weaknesses, exploits, attacks and mitigations

• Experience with most of the following: AWS security tools (GuardDuty, AWS Config, CloudTrail), ECS or EKS, DataDog, MDM, EDR, AV, DAST, and SCA, AI Tools, SIEM or similar tools

• Experience with IT infrastructure and various security services such as MDM, EDR, AV, and routers configuration and maintaining policy and templates for detection rules and response actions for endpoints

• Proven experience in supporting security in AWS cloud-based SaaS offerings

• Proficiency in standard security testing tools such as Burp Suite and Metasploit

• Experience with programming languages commonly used in DevSecOps, such as Python or JavaScript. You will sometimes write production Python/Java script, security peer review code, build proofs of concept or implement automation scripts

• Understanding of containerization technologies such as Docker and Kubernetes