Director, Information Security & Compliance
We are NYC based but remote friendly!
Hello, World! Codecademy has helped tens of millions of learners upgrade their careers, build meaningful projects and gain confidence in their skills with engaging, accessible, and flexible education on programming and data skills. We provide hands-on interactive lessons ranging from Python to R to Javascript and everything in between. Our learners have gone on to start companies, new jobs, and new lives thanks to what they’ve learned with Codecademy, and we’re thrilled to be working to take that impact to the next level.
Codecademy was started in 2011 by two college students in a dorm room at Columbia that were frustrated by the huge gap between education and employment. Almost a decade later, we are a rapidly growing, diverse team of 100+ headquartered in SoHo, NYC. We’ve raised over $40m in venture capital funding from top investors including Union Square Ventures, Kleiner Perkins, Naspers, Y Combinator, and more.
If you want to help build a business that impacts tens of millions of people each year and helps them lead better lives, join us!
We're looking for an information security leader with a background in security architecture and/or engineering. You have experience developing, implementing, and managing complex security programs that reduce operational risk.
You understand the importance of being flexible, creative, and resourceful in order to design an information security program that addresses the specific business challenges of an innovative, fast-growing SaaS platform. You know how to interact and communicate across the organization, using your domain knowledge and acumen to inspire confidence and trust amongst both technology and business leaders.
As Codecademy’s Director of Information Security and Compliance, you'll own all elements of Codecademy’s global information security program and be accountable for the security and protection of all information entrusted to Codecademy by its customers, partners, and employees. Ultimately, you'll be responsible for creating an organizational culture where information security is ingrained into the fabric of Codecademy’s standard business operations.
What You'll Do:
- Conduct a thorough evaluation of Codecademy’s security needs, priorities and opportunities in order to visualize, create, and execute on an information security program from its inception
- Design and develop an information security program roadmap to align and scale with company growth
- Lead security assessment and testing processes, including but not limited to penetration testing, vulnerability management, and secure software development at a global level
- Plan for and manage incident response plans while minimizing effect on the business
- Develop and extend security tooling and automation efforts across the organization
- Proactively identify security issues and potential threats and continuously build processes and design systems to watch for and protect against them
- Lead compliance activities including external audits, regulatory compliance projects, and overall information security reviews
- Educate the organization about these threats and implement threat protection measures at a global level
- This role is responsible for reporting the effectiveness of the Information Security Management System (ISMS) in accordance with ISO 27001 Clause 5.
- Serve as information security expert in front of the Executive team
- Advocate for secure application and infrastructure best practices, ensuring a security presence at all stages of the software development lifecycle
- Manage relationships with external information security technology vendors and specialized information security professional services firms
- Attract, develop, and retain a highly talented team as the information security program grows
- Must be able to obtain and hold a Security Clearance
What You'll Need:
- 10+ years of relevant experience in the information security space, preferably with both large and small, high-growth companies
- Expert experience with cloud security, platforms and services, including understanding of current security offerings from leading cloud service providers (e.g. AWS), and their applicability to securing a SaaS enterprise security environment
- Experience in the evaluation and implementation of industry standard enterprise wide information security technologies and concepts, including but not limited to: Application Security, Cloud Security (AWS), Data Loss Prevention, Security Event Management, GRC Tools, Threat and Vulnerability Management and Identity and Access Management.
- Clear understanding of relevant information security governance, technical and security standards and regulations
- Familiarity with industry security standards including NIST 800-53, ISO 27001 and ISO 27018 as well as current data privacy regulations, including GDPR, CCPA, and regional standards.
- Deep knowledge of networking and network security
- Strong understanding and experience with Secure SDLC and DevSecOps or security automation
- Ability to work under pressure across multiple stakeholders
- Excellent written and communication skills and ability to communicate across all levels of an organization
What Will Make You Stand Out:
- A passion for coding education
- Experience utilizing Codecademy’s platform
At Codecademy, we are committed to teaching people the skills they need to upgrade their careers. Codecademy aims to educate a richly diverse demographic of learners with our product and in order to accomplish this, we believe our team should reflect that rich diversity. Our company celebrates diversity in all of its forms-- race, gender, color, national origin, marital status, sexuality, religion, veteran status, age, ability, disability status-- and works to create an inclusive workplace where people of all backgrounds and beliefs are empowered to better their futures.
#LI-Remote