Paranoids Sr Manager, Risk and Compliance

  • Sunnyvale, CA
  • Full-time

Company Description

Oath, a subsidiary of Verizon, is a values-led company committed to building brands people love. We are a leader in digital and mobile media with a global house of 50+ brands. Oath is shaping the digital future.

Job Description

A Little About Oath:

When you impact millions of people every day, you become a large target for adversaries of all types within all layers of the stack. Our job is to keep our users safe and make Oath one of the safest places on the Internet.

We are the information security team at Oath; known as "The Paranoids".

We protect Oath, its brands, and their users. We ensure that our users are kept safe from targeted attacks and account hijacking. We investigate cyber threats that affects Oath’s infrastructure, properties, and worldwide user base and apply innovative legal and technical remedies to mitigate those activities.

Responsibilities:
The Technical Manager position is within the Oath Paranoids Security group whose mission is to deliver information security solutions and services that protect Oath information assets, computing infrastructure, applications and data. Among other duties, the manager will lead the Risk and Compliance Team under the Security Risk Organization which performs a number of risk management activities. The Sr Manager will manage a small dedicated team and is expected to be a hands-on manager with overall responsibility for the team’s duties and performance. The team responsibilities include the following:

Risk Management: The team is responsible for the management and execution of Oath risk management program. The program encompasses the analysis, documentation and tracking of all Oath security risks.

Security Policies, Standards and Procedures: The team is responsible for the creation and maintenance of Oath security policies, standards and procedures.

Third Party Vendor Risk Management: The team is responsible for the the analysis, documentation and tracking of all 3rd party vendor security risks.

The Sr. Manager is expected to bring new insights and capabilities that will drive the progress of the risk management team at Oath. The technical manager will work directly with the business units and acquisitions to identify acceptable levels of risk, ensure the establishment of segregation of duties/roles and responsibilities, and effective IT controls are in place in regards to Oath security policies and standards.

We are looking for a strong Technical Manager/Leader that is exceptionally imaginative, collaborative, and truly excited about Oath’s mission: “To simplify the Internet for consumers and creators by unleashing the world's best builders of culture and code.” ... with a security spin to keep anyone who would try and keep us from obtaining that mission at bay. Your day:
  • Manage and lead a team of security leads and analysts to meet the needs in the above description
  • Provide technical leadership and insights to the team with hands-on involvement as needed
  • Develop and utilize a risk-based approach to identify and mitigate risks across all areas of responsibility
  • Manage risk by analyzing security threats and potential impacts to the business and help define solutions to mitigate exposure by leveraging expert analytical and technical skills
  • Develop and implement plans for effective execution of the risk management team’s responsibilities including risk management, policies and awareness training
  • Interface with different stakeholders inside and outside Oath to drive progress and make appropriate technical and process changes
  • See to the performance, recognition and professional development needs of the team
  • Ensure that Oath security requirements and activities are in compliance with applicable international and domestic laws, regulations, Data Transfer Agreements, etc. to minimize or eliminate risk and findings
  • Perform project management activities as they relate to the execution and delivery of the risk management team projects and deliverables
  • Generate and provide reports and metrics on all risk management activities

Qualifications

  • In-depth knowledge in information security concepts, technologies and tools
  • Solid understanding of information security policies, standards and industry best practices
  • Deep expertise in risk management activities, including knowledge and application of industry risk management standards and best practices
  • Able to successfully plan, organize, motivate, and direct resources to get results
  • Strong leadership, interpersonal, and communication skills
  • Proven management skills and ability to work with infrastructure teams, development managers and information security teams to make sure that activities meet expected standards and are provided within the required schedule.
  • Strong analysis and analytics experience necessary, and strong ability to create influential presentations that are able to convey complex risks and issues to different audiences
  • Minimum Bachelor’s degree in Information systems or related field or an equivalent combination of education and experience
  • Subject matter expertise on a broad range of IT control and security industry standards and best practices, such as ISO 27001/2, CSF and NIST standards/frameworks
  • Minimum of 7+ years of hands-on technology risk, security and/or governance experience
  • Demonstrated ability to drive roadmaps, results, and key initiatives

Preferred Qualifications:

  • 3+ years of leadership experience
  • Experience in policy and controls creation, distribution, and maintenance at a similar organization
  • Experience with supply chain and compliance risk

Additional Information

EEO/AA Women, Minorities, Veterans, Individuals with Disabilities Employer: Oath offers a competitive salary and benefits package, including 401(k) match and performance bonus. All qualified applicants will receive consideration for employment without regard to, and will not be discriminated against based on, race, gender, color, religion, national origin, sexual orientation, gender identity, veteran status, disability or other protected category.