Director, Information Security

As the Director of Information Security at Bezos Academy, you will be responsible for developing and implementing the organization's information security strategy. Working with leaders from across the organization, you will mature our information security practices, using industry-leading methods designed for our modern SaaS/PaaS environment. While you will lead a small team of security engineers, this is a hands-on technical role that will both set and implement policy across our Microsoft, AWS, and third-party software stack. You will be a player-coach, executing as well as leading the technical work (~50% of time) while mentoring and guiding your team to success. Your proactive and reactive work will be paramount to the safety of our students and staff, while safeguarding our intellectual property.

You are a seasoned professional with diverse experience in developing and implementing security policies and procedures in various environments. You are fascinated by this industry and use that focus to stay abreast of emerging security threats and the strategies to mitigate them. While proactive work is always the goal, when reactive work is required, you will spearhead the investigation by triaging, remediating, and reporting events. Ultimately, good information security begins and ends with our staff. You will use your deep understanding of our business units and ability to translate technical subjects to non-technical staff to enact information security practices.

You thrive in a fast-paced, start-up environment where you can put your skills to action in a modern technical stack using industry leading information security tooling. Above all, you are inspired by our mission to expand access to high quality preschool in under-resourced communities and motivated to set the standard for information security in the early childhood learning space.

LOCATION

• Flexible in the United States; Seattle, WA preferred.
• Relocation support is available for this role for those willing to move to Seattle, WA.

COMPENSATION & BENEFITS

• This is a full-time, benefits-eligible, exempt (salaried) position. 
• The full salary range for this position, across all United States geographies, is $154,000 - $318,000 per year. The upper portion of the salary range is typically reserved for existing employees who demonstrate strong performance over time. Starting salary will vary by location, qualifications, and prior experience; during the interview process, candidates will learn the starting salary range applicable for their location.
• This role includes 15 paid days of vacation, 4 days of paid personal time off, 7 paid days of sick (care) time, 9 paid holidays, 5 paid days off for an organization-wide winter break, and additional time off if required by applicable law. Benefits for this role include medical, dental, and vision insurance, life insurance, disability insurance, a 401(k) plan with a 4% employer contribution match, paid parental leave, an employer-matched flexible spending account for dependent care, and more. Please see here for details.

MINIMUM QUALIFICATIONS

• Bachelor’s degree or equivalent experience
• Ten or more years of relevant experience, including significant experience leading the information security function at an organization responsible for PII or highly confidential data in predominately SaaS/PaaS environments
• Five or more years of successfully leading or managing a team of information security professionals, with a focus on developing and mentoring team members
• Proven ability to respond effectively to security incidents and adept at developing, maturing, and implementing incident response plans to minimize the impact of security threats
• Hands on expertise in securing Microsoft 365 environments to include EntraID, SharePoint, and Azure services
• Proven experience in defining and implementing information security strategy using an industry standard rubric such as ISO, CISA, or NIST
• Ability to travel up to 10% of the time

PREFERRED QUALIFICATIONS

• Superior communication and analytical skills, including a customer-centric approach to communicating and solving information security challenges
• Experience in developing and delivering information security training and awareness programs to educate staff on information security best practices and promote a culture of security.
• Experience implementing security strategies to enable secured SDLC and CI/CD pipelines (SecDevOps)
• Expertise in managing third-party vendor risk assessments and audits.
• Hands on experience in securing data-managing AWS services

Please click here for a full job description. 

Bezos Academy participates in E-Verify and will provide the federal government with employee Form I-9 Information to confirm authorization to work in the U.S. Bezos Academy only uses E-Verify once a candidate has accepted a job offer and completed the Form I-9. If E-Verify cannot confirm that an employee is authorized to work, Bezos Academy will give the employee written instructions and an opportunity to contact the Department of Homeland Security (DHS) or Social Security Administration (SSA) so the employee can begin to resolve the issue before any adverse employment action is taken. For more information about your right to work, please see the Notice of Right to Work.