Sr. Director, Information Security
Sr. Director, Information Security
Zynga is currently seeking a Sr. Director of Information Security to work closely with technical and non-technical partners across the business establishing the overall information security vision, strategy, and architecture.
This individual will direct staff in the design, development, implementation and enforcement of security policies, programs, and procedures to meet regulatory and compliance requirements and to mitigate risks while enabling Zynga to deploy a defined strategy and maintain competitive advantage in the marketplace.
At Zynga, the Information Security Team is not in the business of just saying “no”. The team must be able to adapt to the business initiatives, interpreting business requirements and consulting on the best solution or approach to achieve desired outcomes. The core philosophy of the Information Security team is to be a trusted advisor to the business and take a risk-centric approach of information security and requirements.
- Maintain an in-depth understanding of current and emerging information security, regulatory and compliance trends and related implications allowing the business to navigate potential issues and develop viable business solutions to mitigate risk.
- Oversee and direct a variety of security risk assessments, providing advisory support to corporate/studio contacts on the evaluation of risks, development of remediation plans, and work with stakeholders to define and implement process enhancements.
- Develop, implement and manage information security training and awareness for Zynga personnel at all levels, including dissemination and explanation of policies and procedures and developing a knowledge base.
- Communicate information security risk, compliance gaps and other security issues in a business context, translating technical risks into business risks.
- Ensure that Information Security for Zynga’s services and infrastructure is maintained at a high level and reasonable cost without becoming an impediment to the business.
- Supervise the design, implementation, maintenance and performance of information security controls for the organizations networks, information systems and critical assets.
- Coordinate resources to ensure the success of information security and risk projects on time and on budget.
- Escalate and manage constraints and blockers for information security risk based initiatives while driving continuous improvement.
- Manage and lead the investigation and resolution of security incidents as needed.
- Using risk as a driver, facilitate decisions within the organization and create a framework that can be quantitatively used across various functions.
- Assist studio and business contacts in the identification of risks and appropriate controls to protect information assets for new and existing projects and plans.
- Create and report on information security and risk operational metrics working with the impacted stakeholders.
- Work internally with studio and business partners to instill an information security and risk-conscious culture by understanding the business drivers and building baseline and measurable benchmarks.
- Provide mentoring and leadership to the information security team while acting as a hands-on contributor in a wide range of disciplines.
- Facilitate and provide guidance on the professional development of all information security team members ensuring that the organization has a talented and well-trained team ready to handle new challenges.
Required Skills and Experience:
- 10+ years of experience in information technology with a minimum of 7 years information security and/or IT risk experience.
- 2+ years Management experience with teams of 10 or more people.
- Demonstrated problem solving, analytical and investigative skills combined with the ability to develop creative solutions and navigate through ambiguity in a fast-paced, agile environment.
- Current and deep technical knowledge and experience working with the latest information security technologies and tools, including both commercially available and open-source.
- Excellent written and oral communications skills, as well as strong interpersonal and relationship building skills.
- Excellent meeting facilitation, presentation, report-writing and demonstrated attention to detail.
- Deep understanding of information security specifically around security policy, industry accepted frameworks and security standards such as ISO 27001/27002, 20 Critical Controls for Effective Cyber Defense, NIST 800 Series, CoBIT and other regulatory compliance requirements.
- High level of personal integrity, with the ability to professionally handle confidential matters while leveraging the appropriate level of judgment.
- Successful ability to partner and influence across the organization to achieve work completion through partner teams and individuals not directly reporting into Security.
- Strong understanding or ability to rapidly learn the technology and social gaming industry as it is impacted by regulatory compliance and related security risks.
Preferred Skills and Experience:
- Sound knowledge and experience with administering and securing Windows and Linux systems.
- Professional information security related certifications (CRISC, CISA, CISM, GIAC, CISSP).
- Experience in social media, technology, and/or gaming industry.