Information Security Officer
Degreed is the upskilling platform that connects learning to opportunities. We integrate everything people use to learn and build their careers—skill insights, LMSs, courses, videos, articles, and projects—and match everyone to growth opportunities that fit their unique skills, roles, and goals. Degreed exists to discover, empower and recognize the next generation of the world's expertise.
Degreed is the upskilling platform that connects learning to opportunities. We integrate everything people use to learn and build their careers—skill insights, LMSs, courses, videos, articles, and projects—and match everyone to growth opportunities that fit their unique skills, roles, and goals.
Day in the Life
The Information Security Officer (ISO) will report to the CTIO and is responsible for maintaining an enterprise-wide security program to protect the Company’s information, assets, and personnel. The ISO will ensure that the security program remains aligned to the ISO 2700x and NIST security frameworks, and that the company maintains its current TISAX certification and SOC 2 Type 2 attestation. The ISO is responsible for managing risks related to information security, business continuity planning, crisis management, and compliance. In addition, the ISO ensures all staff members are trained in enterprise and governmental security requirements through awareness programs.
- Management. Manage the enterprise's security organization and security professionals including hiring, training, staff development, performance management and annual compensation review. Develop and manage security budgets and monitor for variances. Develop and manage an internal security and compliance audit team. Develop business-relevant metrics. Manage timely and quality response to security related client inquiries and contract negotiations.
- Information Security. Develop, implement, monitor, and audit a strategic, comprehensive enterprise information security and risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization. Develop, communicate and ensure compliance with organizational security policies and standards. Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users. Manage security incidents and events to protect corporate IT assets, including intellectual property, fixed assets, personnel and the company's reputation. Assist the Degreed vendor risk management function in the review and evaluation of vendor proposals to ensure security requirements for proposed solutions, technologies, services and capabilities are carefully considered. Liaise with the enterprise application architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.
- Information Security Risk Analysis. Work directly with the business units to facilitate risk analysis and risk management processes, identify acceptable levels of risk, and establish roles and responsibilities with regard to information classification and protection. Provides Degreed with periodic security risk and security assessment reports highlighting priority issues and suggested corrective actions. Develops security risk mitigation and/or corrective action plans.
- Leadership. Establish and chair an executive steering committee that brings together Business stakeholders to develop and review enterprise security strategies, risks, and budgets. Ensure alignment of security program with business strategy and coordinates security activities with business plans.
- Disaster Recovery and Business Continuity. Develop effective disaster recovery policies and standards; coordinate the development of implementation plans and procedures to ensure that business-critical services and facilities are recovered in the event of a declared disaster and provide direction and in-house consulting in these areas. Collaborates with Business and Technology teams to ensure business continuity planning meets all service level and compliance requirements. Participate in and guide Business Continuity testing and continuous improvement.
- Point of Contact. Oversee incident response planning and the investigation of security breaches. Acts as the primary control point during security incidents, oversees forensics, custody of data, and provides timely update reporting.
Who You Are
Communicates with Impact. Presents information and ideas in a thoughtful and compelling manner. Is clear and concise in verbal and written communications. Shares information freely and speaks openly and honestly. Seeks to understand the perspectives of others.
Drives and Delivers Results. Sets clear priorities and takes action, stays focused, and overcomes barriers to deliver expected results.
Solves Problems and Makes Good Decisions. Evaluates critical information needed to understand problems, determine probable causes, and develop workable solutions. Accurately assesses the costs, benefits, and risks associated with alternative courses of action and makes high quality and timely decisions.
Leads Change. Sees emerging patterns and opportunities. Adapts quickly and easily to new information, changing conditions or unexpected events. Facilitates and communicates change across the team or organization to drive adoption.
Lives Our Values. Behaves in a way that consistently demonstrates commitment to Degreed company values.
Information Security and Compliance. Demonstrates understanding of Degreed security policies, standards, procedures, and external regulatory and customer requirements. Maintains a strong working knowledge of risk and security related concepts, technologies, industry leading practices. Assures confidentiality, integrity, and availability of Degreed business process and supporting information infrastructure and data when appropriate. Demonstrates the skills, knowledge, and ability to ensure a risk-based approach to security is being consistently applied.
Collaborates Effectively. Partners with internal customers, stakeholders, and interested parties to ensure positive outcomes and experiences. Ensures security is viewed as a valued asset by internal customers and stakeholders.
Shapes the Future. Recognizes trends and their impact on the business. Accurately forecasts opportunities and obstacles, clearly defines a future state, sets the direction, and leads others toward the goal. Communicates the purpose and strategy in a way that inspires people to embrace it and make it their own.
Builds and Enables Great Teams. Attracts and selects strong talent. Provides guidance, feedback, coaching, and development to help people succeed and grow. Recognizes and rewards exceptional performance.
What Sets You Apart
- Bachelor’s Degree (or higher) preferred (or equivalent experience)
- Minimum of 7 years relevant work experience
- Working knowledge of ISO 2700x, NIST and other leading industry security standards and frameworks
- Proven ability to work and communicate effectively with both business leaders and technologists
- Experience with cloud operating models and capabilities provided by vendors including Amazon AWS, Microsoft Azure, and Google Cloud Platform.
- Knowledgeable and competent in security concepts, techniques, tools, methods and practices, and the ability to successfully implement them in both business processes and technology controls.
- Successful record of accomplishment achieving business goals and meeting requirements
- Communicates security status and issues to the business in business terms to all levels of management and workforce
- Articulates the value of security controls and their potential business Impacts
- Advanced presentation, program management, and relationship management skills
- Strong risk analysis, customer service, problem solving, and consulting skills
- Able to interpret and apply policies, standards and procedures in business relevant and applicable way
- Professional with ability to properly handle confidential information
- Excellent written and verbal communication skills
- Must have ability to positively handle/manage stress, such as high work volume and frequent change
- Must have flexibility and willingness to participate in the work processes of an international organization, including conference calls scheduled to accommodate global time zones.
Preferred Industry Certifications: (Must be able to obtain and maintain one or more within six months if not currently certified)
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified in Risk and Information Security Controls (CRISC)
- Certified Information Systems Auditor (CISA)
Total Rewards at Degreed
We believe your best work happens when you have a complete life balance, and Degreed gives you the support and flexibility to make that happen. Degreed is committed to delivering a comprehensive benefits program that provides the support you need. At the time of this posting, this role is eligible to participate in the following benefits:
- Comprehensive health insurance for you and your family (both PPO and HDHP plans available)
- Dental and vision plans for you and your family
- Employer-paid life insurance, AD&D, short-term disability, and long-term disability
- Company equity
- 401(k) Retirement Savings Plan with up to 4% match
- Company funded HSA and dependent care FSA (pending eligibility)
- Generous Parental Leave
- Unlimited Paid Time Off and 5 sick days per year
- Education benefit: Up to $1,200 per year for anything you want to learn (and we mean anything)!
- One-time Home Office Stipend to make your workspace more comfortable
- Monthly internet and phone stipend
- Monthly wellness stipend through Forma
Degreed reserves the right to modify these benefits at any time, for any reason in accordance with applicable law. Please note the offerings vary based on location.
Work Environment & Physical Demands
Degreed is a remote-first company, however our roles are open to in-office or flex work if you live in a city with a physical office location (when it is safe to return to the office). This role has the opportunity to operate 100% virtually from your home office. We primarily collaborate with our US and International colleagues through virtual meetings (Zoom), email, and Slack. In this role, you will be required to operate a laptop computer (PC or Mac available), computer software platforms, and other office productivity machinery as necessary. Due to the nature of this role, you must be able to remain stationary for extended periods, and must be able to observe and interpret written and/or verbal communication.
Degreed provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
We are committed to the full inclusion of all qualified individuals. As part of this commitment, Degreed will provide reasonable accommodations to all qualified individuals with disabilities to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider qualified applicants with arrest and conviction records.
Degreed uses the E-Verify employment verification program.