Nerdy is looking for a seasoned and highly skilled Director of Information Security to join our team. This role is pivotal in safeguarding our organization's information assets, developing and implementing robust security strategies, and ensuring compliance with regulatory requirements. The ideal candidate will have a strong background in information security, risk management, and team leadership.
About Nerdy:
Nerdy (NYSE: NRDY) is a leading platform for live online learning, with a mission to transform the way people learn through technology. The Company’s purpose-built proprietary platform leverages technology, including AI, to connect learners of all ages to experts, delivering superior value on both sides of the network. Nerdy’s comprehensive learning destination provides learning experiences across 3,000+ subjects and multiple formats—including one-on-one instruction, small group classes, large format group classes, and adaptive self-study. Their proprietary platform leverages AI to personalize the experience for Learners of all ages —from kindergarten to professional—in academic, test prep, enrichment, and certification subjects. Nerdy’s flagship business, Varsity Tutors, is one of the nation’s largest platforms for live online tutoring and classes. Its solutions are available directly to students and consumers, as well as through schools and other institutions. Learn more about Nerdy at https://www.nerdy.com/.
Nerdy’s shareholder letters below explain the product and strategy and are the most effective way to learn about what the company is building.
What You Bring:
- You bring 10+ years of security experience developing and leading company wide security, risk management, and other related programs.
- You bring a Bachelor's degree in computer science, engineering or equivalent required.
- You bring demonstrated success as a security leader in a consumer facing business of substantial scale and complexity.
- You bring an in-depth understanding of all related compliance issues in a consumer business to include Privacy, GDPR, CCPA, SOX, NIST, etc.
- You bring demonstrated understanding of the use of data and analytics in breach detection, monitoring and forensics of the security environment.
- You bring deep expertise in audit and assessment methodologies, procedures, and policies that relate to information networks, systems and applications.
- You bring strong verbal and written communication skills, especially in the areas of presentation and interaction with people at all levels across the organization.
- You bring an ability to inspire investment from the broader population of employees to ensure active participation and championing of key security initiatives.
- You bring a background in software engineering at product development companies, preferably SaaS or PaaS and experience in start-ups as well as larger enterprises.
- You bring experience with modern cloud infrastructure such as AWS and GCP
- You bring experience with automation to scale yourself and the team to identify, audit, and remediate.
- You bring decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
Nice to Haves:
- CISA- Certified Information Systems Auditor (auditing, monitoring, and assessing IT and business systems).
- CISM - Certified Information Security Manager (affirms ability to assess risks, implement effective governance, and proactively respond to incidents).
- CRISC - Certified in Risk and Information Systems Control - IT risk management
What You Will Do:
- You will define the functional strategies and specific objectives around policies and procedures to support overall company security to assure the safety of physical and digital assets from internal and external threats.
- You will maintain and present documentation as it relates to cloud security operations, processes, standards, architectures, and provide guidance for security remediation to business and engineering partners by demonstrating real, practical risk and value.
- You will define the types of security education and training needed, partnering with HR to ensure compliance.
- You will champion Nerdy’s security strategy collaborating with the organization's key partners to establish the vision ensuring the mitigation of risk and the protection of internal data, customer data, and intellectual property.
- You will drive oversight of all activities related to security compliance, focusing specifically on Information Security and Risk Management across departments
- You will mentor and inspire the security team to continually develop skills, capabilities and partnerships across the organization.
- You will represent the security posture to Nerdy’s leadership team.
- You will stay abreast of current and emerging security threats and design security architecture to mitigate them.
- You will ensure alignment between security architecture frameworks and standards and overall business strategy.
- You will manage the Security and IT teams.
Leadership Principles & Culture:
- Builds Teams: Leads the work of hiring and promoting bar-raising talent. Responsible for employee development, even when it means moving people to other areas to help them grow.
- Thinks Big: Sets ambitious and audacious goals and is willing to consider boldly different solutions to achieve them.
- Insists on High Standards: Recognizes that yesterday’s extraordinary is today’s ordinary. Identifies and articulates high standards and pushes themselves and the teams to reach them.
- Bias for Action: Recognizes that most decisions are not one-way doors and demonstrates strong bias for speed, but makes decisions and acts with the speed that is appropriate to the circumstances.
- Builds Trust: Establishes trust, even with those who think differently. Actively listens, seeks to understand, and is kindly candid in conversation. Humbly owns mistakes, even when it’s uncomfortable.
- Goes Deep: Understands the details and audits frequently. When inconsistencies exist between expected results and anecdotes, tenaciously digs into why. Rolls up their sleeves and do what’s needed.
- Has Conviction: Insists on having the conversation “in the room” and actively participates, even when it’s exhausting. Does not capitulate for the sake of consensus, nor “pocket vetos” decisions. Fully committed once a decision has been made.
- Delivers Results: Leaders identify what needs to be accomplished and deliver quality, timely results. When setbacks occur, leaders persevere and overcome.
- Is Right, A Lot: Most decisions and suggestions prove to be correct, given a situation’s context, when judged over time.
- Apolitical: Embraces and supports Nerdy as an apolitical company and recognizes that we can have the largest impact if we are united in our focus on helping people learn and not divided or distracted by advancing unrelated causes.
Benefits:
- Total Compensation Package including Competitive Salary and Equity (Restricted Stock Units) in the company
- Healthcare Plans (Medical, Dental, Vision, Life)
- 401k Company Matching Plan
- Maternity, Paternal, and Adoption Leave
- Remote Position
- Flexible PTO
- Free Learning Membership for you and your household (1-1 tutoring hours, unlimited use of on-demand services, and access to our online classes)
- Unique opportunity to help transform how the world learns!
Nerdy is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
•
Last updated on Aug 27, 2024