Director of Information Security

Summary

Join League as their Director of Security, a senior leadership role overseeing the company's information security program. You will build and lead Security Operations and Product/Application Security teams, collaborating with stakeholders across departments. Responsibilities include developing and implementing security strategies, policies, and programs, conducting risk assessments, and managing security budgets. The ideal candidate possesses a strong technical background, strategic thinking skills, and experience in leading and managing security teams. This role is crucial for protecting League's assets, data, and reputation while supporting business objectives. You will also champion a culture of security awareness and responsibility throughout the organization.

Requirements

• Bachelor's degree in Computer Science, Information Security, or a related field
• Minimum of 10 years of experience in information security, with at least 5 years in a leadership or management role
• Demonstrated experience in leading, managing, and delivering Security Operations (e.g., SIEM, incident response, threat intelligence) and Product/Application Security (e.g., secure SDLC, SAST/DAST, DevSecOps), Enterprise Security, and Identity Management functions
• Proven experience in developing and implementing security strategies, policies, and programs
• Strong understanding of common security frameworks and standards (e.g., HITRUST, NIST CSF, ISO 27001, SOC 2, PCI DSS)

Responsibilities

• Build relationships with stakeholders in customer, engineering, and company organizations to influence decision making and manage expectations and escalations
• Collaborate closely with product leaders to influence product strategy, roadmap, and process
• Work with your teams to set clear and measurable objectives, and drive them to completion
• Build a high performing team through the ongoing development of current team members and leaders
• Develop and lead inclusive, welcoming, and effective recruiting processes
• Maintain relationships with senior leaders and colleagues throughout the company and our external partners, and represent engineering in cross-functional projects and to the company and partners
• Proactively identify areas of improvement where engineering teams can make a difference and work with other teams to make those improvements happen
• Develop, implement, and maintain a strategic, comprehensive enterprise information security and risk management program to ensure the integrity, confidentiality, and availability of information
• Lead and mentor the Security teams across operations and product security, ensuring effective incident detection, response, and recovery capabilities, including managing security monitoring tools and processes
• Oversee the Product/Application Security program, embedding security best practices into the software development lifecycle (SDLC) from design to deployment, including code reviews, vulnerability assessments, and penetration testing
• Collaborate with engineering, product, legal, IT, and other business units to ensure security is integrated into their processes and initiatives
• Champion a culture of security awareness and responsibility throughout the organization
• Develop and implement security policies, standards, and procedures that are practical, effective, and proportionate to League's business objectives and risk tolerance
• Conduct regular risk assessments and security audits to identify vulnerabilities and ensure compliance with relevant regulations and standards
• Manage security budgets and vendor relationships
• Stay current with the latest security threats, technologies, and industry best practices
• Provide regular reporting on the current status of the information security program to executive leadership and relevant stakeholders
• Effectively influence stakeholders at all levels of the organization to adopt and support security initiatives, even without direct reporting lines
• Foster a collaborative environment to achieve shared security objectives across the company
• Responsibility and accountability for executing League's policies and procedures within the department/ team
• Notification of HR, Legal, Compliance & Security of any incidents, breaches or policy violations
• Compliance with Information Security Policies

Preferred Qualifications

• Relevant professional certifications are highly desirable (e.g., CISSP, CISM, CRISC, GIAC certifications)
• Experience working in a dynamic, fast-growing technology company is preferred
• Deep understanding of cloud security principles and practices (e.g., AWS, Azure, GCP)
• Experience in influencing cross-functional teams and driving change in a collaborative manner
• A Master's degree is a plus

Benefits

• Comprehensive Health Benefits: We prioritize your well-being with complete medical, dental, and vision coverage
• Bonus Program: Be rewarded for your contributions with our performance-based bonus program
• Employee Stock Option Program: Become an owner and share in our success through our stock option program
• Unlimited Paid Time Off: Take the time you need to recharge and maintain a healthy work-life balance
• Spending Accounts: Manage your healthcare and dependent care expenses with tax-advantaged spending accounts
• Wellness Days: Prioritize your mental and physical health with dedicated wellness days throughout the year
• Growth Opportunities: We invest in your future with abundant opportunities for professional development and advancement
• Mentorship Program: Benefit from guidance and support from experienced leaders in your field
• Flexible Ways of Working: Enjoy the freedom to work in a way that suits your life and boosts your productivity