Calabasas, CA or San Diego, CA (Hybrid-Flexible)
Glocomms is partnered with a dynamic and rapidly growing e-commerce company committed to providing its customers with exceptional service and innovative products. The client is seeking a highly skilled and experienced Head of Information Security to lead efforts in safeguarding its digital assets, ensuring compliance, and maintaining the highest standards of security. The technology stack is predominantly based on Microsoft technologies and primarily utilizes AWS for cloud infrastructure.
Position Overview:
The Head of Information Security will be responsible for overseeing all aspects of information security, including incident response, bug bounty programs, vulnerability remediation, and compliance. This leadership role requires a strategic thinker with a hands-on approach, capable of managing and developing a high-performing security team. The successful candidate will have a proven track record in information security within the e-commerce sector or a similar fast-paced environment, with strong experience in a Microsoft tech stack and AWS cloud infrastructure.
Key Responsibilities:
Leadership and Strategy:
- Develop and implement the overall information security strategy aligned with business objectives.
- Lead and manage a team of three information security professionals, fostering a culture of security awareness and continuous improvement.
- Provide strategic guidance to executive leadership on security initiatives and risk management.
Incident Response:
- Oversee the incident response program, ensuring swift and effective handling of security incidents.
- Coordinate incident response efforts, including investigation, containment, eradication, recovery, and post-incident analysis.
- Develop and maintain incident response plans, playbooks, and runbooks.
Bug Bounty and Vulnerability Remediation:
- Establish and manage a bug bounty program to incentivize external security researchers.
- Oversee vulnerability management processes, including regular scanning, assessment, and remediation of security vulnerabilities.
- Collaborate with development and operations teams to ensure timely and effective remediation of identified vulnerabilities.
Compliance and Governance:
- Ensure compliance with relevant regulations, standards, and frameworks (e.g., PCI-DSS, GDPR, CCPA).
- Develop and maintain security policies, procedures, and documentation.
- Conduct regular security audits and assessments to ensure compliance and identify areas for improvement.
Risk Management:
- Identify, assess, and manage information security risks across the organization.
- Implement and maintain security controls to mitigate identified risks.
- Develop and deliver security awareness training programs for employees.
Technology and Innovation:
- Stay current with emerging security trends, threats, and technologies.
- Evaluate and implement new security tools and technologies to enhance the security posture.
- Collaborate with IT and engineering teams to integrate security into the software development lifecycle (SSDLC).
Qualifications:
- Bachelor's degree in Computer Science, Information Security, or a related field. Master's degree preferred.
- 10+ years of experience in information security, with at least 5 years in a leadership role.
- Proven experience in incident response, vulnerability management, and compliance within an e-commerce or similar environment.
- Strong knowledge of security standards, regulations, and best practices (e.g., PCI-DSS, GDPR, CCPA).
- Extensive experience with a Microsoft tech stack, including Windows Server, Active Directory, and related technologies.
- Strong experience with AWS or Azure cloud infrastructure.
- Excellent leadership, communication, and interpersonal skills.
- Relevant certifications (e.g., CISSP, CISM, CEH) are highly desirable.
- All employees are required to be vaccinated against Covid-19 - reasonable accommodation requests will be considered.
Benefits:
- Competitive salary and performance-based bonuses
- Comprehensive health, dental, and vision insurance
- 401(k) with company match
- Generous paid time off and holiday schedule
- Employee discounts for company products
This is a hybrid position; employees are expected to be in the office three days per week (Monday, Tuesday, and Thursday) with the option of working remotely two days (Wednesday and Friday).