Information Security Program Manager

Posted Aug 10

Description

Mediavine is seeking an experienced Information Security Program Manager to join our growing Legal team under Privacy & Compliance.

About Mediavine

Mediavine is a fast-growing advertising management company representing over 10,000 websites in the food, lifestyle, DIY, and entertainment space. Founded by content creators, for content creators, Mediavine is a Top 20 Comscore property, exclusively reaching over 125 million monthly unique visitors. With best-in-class technology and a commitment to traffic quality and brand safety, we ensure optimal performance for our creators.

Mission & Culture

We help content creators build sustainable businesses. From educational tools and cutting-edge plugins to ad technology that maximizes earnings without slowing down your site, our motivation is ensuring your brand and business grow in every respect.

We are striving to build an inclusive and diverse team of highly talented individuals that reflects the industries we serve and the world we live in. We are committed to creating a culture where everyone feels welcomed. We are looking for individuals that will challenge us to continuously evolve and make Mediavine the employer of choice for people of all backgrounds. We strongly encourage minorities and individuals from underrepresented groups in technology to apply for this position.

Diversity and inclusion aren't platitudes to us; we take them seriously. Have a look at our team and read through our blog posts to learn more about our values and to discover if Mediavine is the place for you!

Position Title & Overview:

The Information Security Program Manager is responsible for building and sustaining long term initiatives based on Mediavine’s business needs. This role will also collaborate with teams across Mediavine to understand, contextualize, design, implement, and report on our global security, risk, compliance, and technology requirements for security. The ideal candidate will have expertise in running a multi-faceted security program, rapidly building cross functional relationships, and risk management.

This position will report to the Director of Privacy & Compliance on our Legal team.

Essential Responsibilities:

  • Manage Security programs to include planning, coordinating with cross-functional teams, tracking status and reporting, and creating the appropriate program documents
  • Define information security compliance framework, requirements and controls
  • Develop policies and procedures, while aligning with cross functional teams to ensure implementation across the business
  • Identify and mitigate control gaps, partnering with business, product and engineering teams on remediation
  • Provide guidance to Engineering and IT teams and ensure the implementation of requirements and controls is risk-based and in alignment with chosen frameworks
  • Conduct security & threat risk assessments for new and existing solutions to understand overall risk management framework and how data security risks are mitigated
  • Implement a risk-based Third-Party Risk Management program to review and address third-party and supplier risks
  • Create product security and other compliance documentation and assist with the drafting and review of security language in contracts
  • Assist with the design and implementation of disaster recovery and business continuity plans, procedures, audits, and enhancements
  • Monitor the continuously changing cybersecurity threat environment and assess any potential risks to the organization
  • Ensure the established information security controls, standards, policies and procedures are adhered to and kept up to date
  • Recommend programmatic and technical directions, operating with a high degree of independence in matters relating to the investigation, impact, and analysis of security incidents and decisions regarding risk; Operate with regard to project management activities, including the development of project plans and budget/resource estimates
  • Required travel on an as needed basis, for our annual All Hands Retreat, Team Retreats/Meetings and/or industry events/conferences (approx. 15%)

Requirements

Location

  • Must currently live in the United States

You Have:

  • Bachelor’s degree in Information Technology or related field
  • 10+ yrs of progressive experience in Information Security
  • 5+ yrs experience building and managing compliance programs from the ground up
  • 5+ yrs experience with governance, risk and compliance for a fast-pace growing tech company
  • Experience developing, building, and rolling out information and security governance frameworks such as GDPR, ISO27001, SOC 2, PCI, NIST 800-53, or other security/privacy frameworks
  • Solid knowledge and understanding of privacy and security standards and regulations; experience with policy development
  • Experience with AWS,Google Workspace and Slack, require
  • Current experience in one or more of the following industries; Ad Tech, Media/Online Publishing, Marketing and Advertising, preferred
  • Demonstrated ability to interact effectively, internally and externally, with the most senior representatives of organizations, regulators and vendors
  • An ability to translate security requirements and standards into easily understood business concepts and vice versa
  • Ability to maintain confidentiality, and to exercise discretion and good judgment
  • Experience working in a highly collaborative environment with the ability to influence and build strong relationships
  • Strong analytical skills and are detail oriented
  • Strong time management skills with the ability to manage multiple priorities at once and perform in a fast-paced work environment
  • Excellent written and verbal communication skills
  • Ability to travel up to approximately 15%

Nice to Have:

  • Additional certifications preferred - CISSP, CISM, CISA, etc.

Benefits

  • Remote work environment
  • Travel opportunities (remember those!?)
  • Comprehensive benefits including 401k, Health, Dental, and Vision insurance
  • Learning allowance
  • Generous Vacation/Time off policies
  • Additional side benefits such as home-office upgrades, tuition reimbursement, paid gym memberships and wellness retreats, upgraded flights, cool swag and more
  • Company match charitable donations

Mediavine is an Equal Opportunity Employer