Director of Business Information Security

Profile

About Brightcove
Brightcove is revolutionizing the way organizations deliver video experiences. We are passionate about online video, and day in and day out we help our customers focus on using video to move their business in meaningful ways, whether that’s in broadcasting or publishing, marketing, or enterprise communications. We do this through continuous technical innovation, nurturing a broad video-centric ecosystem, and by being a true partner to our customers. Video moves us and it moves our customers, thousands of them in over 70 countries.
Position Overview:
As the Head of Business Information Security at Brightcove, you'll play an instrumental role in ensuring best practices in systems, software, people and processes in the information security function at Brightcove. This role demands a broad understanding of security risk analysis and audit, security controls across physical, staff, tech, and business domains. The ideal candidate will have deep expertise in one or more of these areas. This role offers a unique opportunity for a dynamic individual to help us continue to build and operate a world class security program.
Job Responsibilities:
This multi-functional role collaborates with Engineering, IT, Operations, Legal and Sales, touching on all areas of our security operations and compliance, including information security, change management policy and implementation, as well as customer spearheading compliance / due-diligence requirements. You will establish, administer and communicate the overall strategies and procedures for the business security function. Evaluate risk on a continual basis and promote security awareness within the organization.
More specifically, you will:
Manage a team of Business Security professionals to carry out the objectives of a team and drive the team achieve the team’s OKRs
Be the voice of Brightcove and its security operations in discussions with customers and vendors
Produce internal and customer facing vulnerability and risk assessment documentation
Evaluate and assess third party security risks for vendors, partners and subcontractors
Provide business and technical advice on a wide variety of IT risk issues, concerns, and problems, making sure all business processes incorporate adequate information security
Develop and communicate security and compliance requirements to Information Services and key business partners.
Engage with customers and prospects regarding security during the RFI, vendor assessment processes or periodic security audits
Interpret, implement and maintain information security policies and standards specific to the business
Monitor current and proposed laws, regulations, industry standards and ethical requirements related to IT risk, privacy, and information security
Demonstrated personal integrity, the ability to professionally handle confidential matters and exhibit the appropriate level of judgment and decision making commensurate with the position and responsibilities
Work with Security Engineering to drive the adoption of core security services (PKI, Identity, Key Management, Detection and Response, and Vulnerability Management)
Be a technical leader in periodic information systems and applications risk assessments
Obtain relevant organizational security certifications, ex. Service Organization Control (SOC2), Digital Production Partnership (DPP) Committed to Security, Trusted Partner Network (TPN)
Improve Business Continuity Plan (BCP) in collaboration with teams across the organization and establish a periodic testing and reviews
Partner with business process owners, Internal Audit and External Audit throughout the Sarbanes-Oxley (SOX) compliance process
Qualifications/Experience:
8-12 years experience working in a security focused role in the technology or other technology heavy industry; 5 years experience in management positions
Bachelor's degree in Computer Science, Information Systems, Engineering or a related discipline is preferred
Strong understanding of IT risk, information security fundamentals, defense-in-depth practices, IT risk assessment fundamentals and risk management practices
Strong executive presence and ability to engage with external customers and internal stakeholders
Solid understanding of security frameworks (e.g. CIS, NIST)
Good understanding of SSO, PKI, Secure Software Development practices, penetration testing, vulnerability scanning, static and dynamic code analysis
Desirable tool knowledge of JIRA, Loopio, Salesforce, cloud based threat management and detection tools is a plus
Knowledge of GDPR, CCPA
Video security features like DRM is a plus
Past experience establishing information security policies and practices is a plus
Strong executive presence and ability to engage with customers regarding security (e.g. Executive Briefings and incident communications)
InfoSec certification such as CISSP or CISM preferred
Working at Brightcove:
As the undisputed global leader in powering premium video for our customers, Brightcove recruits and retains highly qualified and motivated individuals, creating an environment where people can innovate and achieve their best, and we reward them for their performance by giving them the opportunity to share in the company’s success. We offer competitive compensation, stock options, 401k matching, and tuition reimbursement, as well as unlimited PTO - and we expect you to use it!
If you've gotten all the way to the bottom of this description, thank you for your interest in Brightcove! If this role sounds like something that is exciting to you please don't hesitate to apply, even if you don't meet all of our qualifications. We recognize that no candidate is perfect and Brightcove would love to have the chance to get to know you.
Send us your resume if you are interested and want to learn more!

Company info

Sign Up Now - ManagerCrossing.com