Leaf Group is looking for a Director, Information Security to help us keep our entire company safe, secure and compliant in all data aspects from our Santa Monica, CA office.
A big vision calls for a big job. As we grow, our need for a Director, Information Security grows with us.
Leaf Group is a diversified Internet company that builds platforms to enable communities of creators to reach passionate audiences in large and growing lifestyle categories. We create amazing experiences that celebrate the best of art, design and technology. We want people with an intense curiosity, a commitment to high quality service, who embrace the fun of the journey. Come help us disrupt and transform the digital media and art world!
We work in a fun, collaborative environment that is diverse, adventurous, and open-minded. We encourage all of our employees to learn and grow personally and professionally so they can assume greater responsibilities and advance their careers within the department or within one of our operating businesses. Check us out here: https://www.leafgroup.com/brands/
You’ll Report To: SVP, Technical Operations
A typical day as a Director, Information Security will include:

• Ensure Leaf Group is compliant with all data compliance requirements, including SOX, CCPA, GDPR, ADA, and PCI
• Work alongside other Leaf Group teams to identify areas of cyber risk to the organization and assist with reducing those risks to acceptable levels
• Work with developers and system engineers to embed best practices in design and development
• Work with Leaf Groups’ technology teams, ensure that all systems are resilient to cyber events
• Develop and maintain Leaf Group’s Cyber Incident Response Plan; ensuring all required participants are trained in response protocols
• Define, direct, and oversee the execution of security processes in the areas of intrusion prevention, security event monitoring/SIEM, vulnerability management, privilege access management, web filtering, and VPN
• Serve as a subject matter expert providing advisory services related to Leaf Group’s security architecture strategy, as well as, security requirements for all internal and external business partners
• Lead quarterly audit reporting - including reports to the Audit committee and the executive team
• Establish, monitor, evaluate, and report key performance and risk indicators (KPIs and KRIs) to provide leadership with accurate and timely information regarding the effectiveness of the information security strategy
• Manage the gathering and analysis of Leaf Group’s data to ensure actionable information is available and responded in accordance with defined SLAs
• Define 3rd party data security requirements and perform cyber risk assessments of Leaf Group’s current and prospective 3rd party vendors ensuring all appropriate controls are applied
• Maintain a roadmap for the development of security architecture and standards
• Ensure that the Global Security Strategy is meeting the security and privacy needs of internal and external customers
• Provide strategic and tactical security guidance for new and existing technical solutions
• Communicate and promote the awareness of information security, information risk, and privacy to business units, customers and partners
• Build and guide the Information Security team in developing individual skill sets to maximize personal growth and team success

You’ll be successful if you view the safety and security of our company as your mission. You proactively stay current in related areas and are proactive in ensuring all measures are taken to keep the company secure.
What You Have:

• 5-7 years’ experience in a Cyber Security leadership role
• Bachelor’s degree or equivalent working experience
• 7+ years’ experience operating, monitoring and enforcing security policies, standards, tools, controls and systems in large scale organizations where you directly managed employees.
• Strong knowledge of the following Compliance Standards: PCI DSS, ISO27001:2013, SSAE-16 SOC-2
• Relevant cyber certifications (e.g., CISA, CISSP, GSEC, CCNA, CISM, CRISK)
• Proficiency in establishing and maintaining effective working relationships with employees, business partners and third-party vendors.
• Excellent verbal and written communication skills to technical and non-technical audiences of various levels in the organization
• Strong understanding and/or experience with Security Information and Event Management (SIEM), Vulnerability Management, Penetration Testing, Authentication Methods, Identity and Access Management (IAM), Anti-Malware and Malware Analysis/Remediation, Intrusion Detection and Intrusion Prevention (IDS/IPS), Web Application Firewalls, File Integrity Monitoring (FIM), Incident Response/Forensics, Physical Access Controls and Security Best Practices
• A proactive mindset to find the problem and provide a solution
• Experience interacting with external constituents, such as auditors, tax accountants, customers, vendors, and others

What We Have:

• Well+Good is the 2019 People's Choice winner of the Webby’s Award for Best Lifestyle Brand
• eHow is the 2019 People's Choice and official Webby Winner for Social Video/How To-DIY
• Leaf Group is among the 2019 Built In LA Best Companies To Work For
• Leaf Group is among Comparably's 2018 Best Companies in Los Angeles
• Well+Good is the 2018 winner of Fast Company’s Most Innovative Company Award
• MyPlate is the 2018 winner of the Webby Award for Best Design
• Winner of the 2017 Best Company for Diversity award Comparably
• Competitive compensation and benefits packages (i.e., Medical, Dental, Vision, FSA, 401K)
• Discounted gym memberships
• Paid-to-play vacation rewards
• Discretionary unlimited vacation time
• Employee discounts for Saatchi Art, Society6, and Deny Designs

Leaf Group, Ltd. is an equal opportunity employer. Applicants for all job openings are welcome and will be considered without regard to race, color, religion, national origin, sex, age, sexual orientation, physical or mental disability, or any other basis protected by state, federal, or local law. It is the intent of the Company to comply with all applicable federal, state, and local legislation concerning equal opportunity in employment.
Agency Disclosure:
If the Leaf Group Talent Acquisition department, or any current company employee, receives an unsolicited resume from a third party recruiting agency and Leaf Group does not have a signed Agency Agreement active, Leaf Group will not be deemed liable to pay a placement fee. The unsolicited resume will be considered a gift and can be considered for our recruitment efforts.