Chief Information Security Officer
Deluxe EntertainmentBurbank, CA
Full Time Job
The global leader in digital services and technology for content creation and delivery, Deluxe has been a trusted partner to Hollywood studios, independent filmmakers, TV networks, online content producers, brands, and anyone looking to bring stories and
experiences to audiences, for more than 100 years.
Deluxe Creative companies house the world's top talent. Deluxe Delivery enables content creators and providers to get their content to the world – in any format. With headquarters in?Los Angeles and New York, and operations in 25 key media markets worldwide,
Deluxe relies on 8,000 of the industry's premier artists, experts, and innovators.
Our company values are:
• Be Pioneers – We innovate and push for boundless creativity through curiosity
• Pursue Diversity – Different views and experiences are advantages. Our global presence gives us perspectives that drive better business
• Act with Integrity – We are honest and forthright in our dealings. Building trust builds a better company
• Take Ownership – We are accountable for ourselves, our colleagues, our clients and our company
• Collaborate – Together we are stronger. We deliver more success through shared goals and mutual support
• Exceed Expectations – We understand our colleagues' and clients' needs and always exceed expectations
The Chief Information Security Officer is the highest-level executive dedicated to IT security responsible for Deluxe's development and enforcement of security policy and strategy. The CISO oversees and directs physical and information security programs and
security efforts across the company, including information technology, personnel, communications, legal, intellectual and physical property, as well as the design and implementation of preventative security standards, procedures, and programs. They direct
the investigation of security breaches and disciplinary actions related to internet and computer crimes, fraud, product tampering, product diversion, and physical safety of employees and visitors.
The Chief Information Security Officer is also responsible for establishing and enforcing policies and protocols that protect the organization's digital and physical assets and leads the team of IT security professionals who investigate possible cyber-crime
or data breaches and monitor information security risks.
• Review and approve security policies and controls, such as business continuity planning, loss prevention, identity and access management, fraud prevention, and privacy
• Oversee a network of security professionals and vendors who safeguard the company's assets, intellectual property and computer systems, as well as the physical safety of employees and visitors.
• Identify protection goals, objectives and metrics consistent with corporate strategic plan.
• Manage the development and implementation of global security policy, standards, guidelines and procedures to ensure ongoing maintenance of security. Physical protection responsibilities will include asset protection, access control systems, video surveillance,
etc. Information protection responsibilities will include network security architecture, network access and monitoring, identity and access management policies, employee education and awareness, and more.
• Work with other executives to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology.
• Maintain relationships with local, state and federal law enforcement and other related government agencies.
• Oversee incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary.
• Work with outside consultants as appropriate for independent security audits.
• Oversee safeguarding of intellectual property and computer systems.
• Develop risk management assessments.
• Identify and approve, the selection and design of security systems, tools and devices.
• Ensures that disaster recovery and business continuity plans are in place and tested and are aligned with Customer Contracts.
• Ensures compliance with MPPA/CDSA content protection rules as well as individual customer physical and digital security requirements.
• Maintains and communicate threats landscape for the industry and develop plans to address.
• Develops and provides data driven reporting on security threats and incidents.
• Oversees and supports MPAA/CDSA audits of Deluxe and tracks and ensures resolutions of any findings.
• Reviews investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities.
• Maintains current understanding security standards and regulations and ensures compliance with the changing laws and applicable regulations; translates that knowledge to identification of risks and actionable plans to protect the business.
• Schedules periodic security audits and penetration tests and tracks remediation of all issues identified.
• Ensures that security policies and procedures are communicated to all personnel and that compliance is enforced.
• Develops and oversees security training of employees.
• Manages all teams, employees, contractors and vendors involved in security.
• Provides training and mentoring to security team members
• Briefs the executive team on status and risks, including taking the role of champion for the overall strategy and necessary budget
• Communicates best practices and risks to all parts of the business.
• 15+ years of relevant work experience
• Mastery level understanding of information security concepts, principles and drivers
• Mastery level understanding of security, privacy, IT audit and legal security standards, guidelines and principles
• Understanding of MPAA content protection requirements
• Experience with Cloud services
• Mastery level understanding of information technology within a large, highly-distributed organization
• Strong understanding of state of the art security technology and technical concepts
• Demonstrated ability to leverage advanced knowledge of a business structure and components of a product or service to identify current state for a project or endeavor; Ability to analyze gaps caused by change initiatives and determine potential opportunities
• Experience conducting and/or coordinating technical security scanning, penetration testing, social engineering testing, application security testing, mobile device security analysis, network security analysis/operations
• Experience with enforcing secure coding practices, threat modeling, identity and access management, and/or security incident response/recovery
• Industry-recognized information security management certifications such as: Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), or Certified in Risk and Information Systems Control (CRISC) desired.
• Proficiency with common information security management frameworks
• Demonstrated ability to communicate effectively with stakeholders and customers regarding technical concepts
• Comprehensive understanding of strategic planning and program management
• High degree of personal integrity and ethics as well as a passion for securing data systems and networks
• Constantly striving for excellence using objective, transparent and agr