Director, Information Security
At Edmunds we’re driven to make car buying easier. Ever since we began publishing printed car guides in the 60’s, the company has been in the business of trust, innovating ways to empower and support car shoppers. When Edmunds launched the car industry’s first Internet site in 1994, we established a leadership position online and have never looked back. Now, as one of the most trusted review sites on the Internet, millions of visitors use our research, shopping and buying tools every month to make an easy and informed decision on their next car. For consumers, we bring peace of mind. For dealers, we make tools to help them solve their problems and sell more cars. How do we do it, you ask? The key ingredients are our enthusiastic employees, progressive company culture and cutting-edge technology. Want to join the team? Read on to find out how!
What You’re Applying For:
As Edmunds’ Director, Information Security, you would lead the company’s security strategy, implement security standards and monitor compliance against security policies. This position works closely with the Chief Technology Officer, business and legal partners, including subject matter experts and end-users, technical resources (internal and third-party vendors), and senior management in the design, development and delivery of security solutions that ensure that the information security requirements defined in company governance are addressed. In addition, you would serve as the key decision-maker regarding the evaluation, procurement and deployment of security-related products, and develop and coordinate information security awareness and education programs.
What You’ll Do:
● Be the ‘go to’ expert for Edmunds on all matters relating to IT security, and advise business stakeholders on security matters.
● Serve as the primary advocate for the development, implementation and support of information security controls, driving adoption and compliance across the organization.
● Partner with the Legal team to manage policies and compliance with relevant legislation/regulation, including privacy laws such as the CCPA.
● Maintain visibility and monitor the operation and effectiveness of cyber and information security controls, ensuring they remain fit for purpose and that issues are remediated and escalated as needed.
● Review the cost-effectiveness and practicality of information security procedures and systems and make suggestions for the improvement of these procedures and systems.
● Ensure that risks associated with third-party business partners are appropriately addressed.
● Maintain portfolio of technical security controls, such as Intrusion Prevention Systems (IPS), Web Application Firewall (WAF), Data Loss Prevention (DLP) and similar tools.
● Develop a program for annual SOC 2 Type II certification.
● Expand and optimize security awareness program.
● Track all information technology and security-related audits, including scope of audits, timelines, auditing agencies and outcomes.
Reporting:
● Lead bi-monthly Security Council meetings and quarterly Security Assurance meetings.
● Provide regular updates and risk information to the CTO, company CISO and senior business stakeholders, ensuring awareness of current and emerging threats.
● Collaborate with company CISO to align Edmunds security strategy with CarMax security requirements
What You Need:
● BS/MS Computer Science, Information Technology or related field.
● CISSP, CISA or CISM Certification preferred.
● 10+ years progressive experience in IT, of which 5+ years are dedicated to a combination of IT infrastructure solutions, information security, compliance, regulatory and risk management.
● Detailed technical knowledge in security engineering, application security, system and network security, authentication, security protocols, and other security technologies.
● Strong experience in securing AWS Cloud Infrastructure.
● Experience in implementing DevSecOps practices.
● Familiarity and knowledge of legal and regulatory requirements like SOX, CCPA, GDPR, PCI.
● Experience in managing regulatory certification programs.
● Experience in managing cyber security program and implementing Firewalls, NIDS, SIEM, End Point Security, Mobility Management, and Vulnerability Scanning.
● Experience successfully managing and delivering IT infrastructure and security programs and projects.
● Effective management of third-party vendor services and solutions.
● Excellent interpersonal skills and ability to influence and negotiate with senior stakeholders.
Edmunds Perks:
Flexible time off
13 Paid Holidays
Comprehensive Health Benefits (medical, dental, vision, life and disability)
Flexible Spending Accounts (Employees) and Health Savings Accounts (Employee and Employer Contributions)
401K Plan with Company Matching at 50%, up to 6% of employee eligible contribution and vesting after 1 year
Up to 4 months Paid Parental Leave
HeartCash matches employee donations to the causes that are important to them
2 Days of Paid Time Off for time to dedicate to social impact causes
FitCash covers a portion of gym or fitness activity fees
Well being sessions and events such as yoga, meditation and walking challenges
On-going career development sessions and an annual learning event
Pet insurance
Sabbatical leave
Education Reimbursement
Plus a coffee bar, frozen yogurt and more!
Working @ Edmunds.com:
Employees think it’s a pretty great place to work and some pretty impressive publications think it is too: we have been recognized as one of the best places to work by the Fortune Magazine and Great Places to Work, LA Business Journal (for the last 6 years!), Computerworld, Built in LA and Inc. Magazine. We've also been identified as one of the best workplaces specifically in Technology and also for Diversity and Asian Americans. If you’re interested in learning more and joining our mission, we’d love to hear from you!
Edmunds will consider for employment qualified candidates with criminal histories in a manner consistent with the requirements of all applicable laws.
#LI-DNP
#LI-REMOTE