Vice President Information Security
Arlington, VA, United StatesApply Now
At Hobsons, education is more than just our business; it’s our passion. Since 1974, we have been helping educators, administrators, students, and families maximize success through every stage of the learning lifecycle. Hobsons’ personalized learning, academic planning, post-secondary enrollment, and student support solutions serve millions of students across more than 12,000 schools, colleges, and universities around the globe.
Vice President of Information Security
The Vice President of Information Security is responsible for the overall Hobsons security program including information assets and associated technology, applications, systems, infrastructure and processes to adequately protect the digital ecosystem in which we operate. This role has responsibility for all data/information security policies, standards and organizational awareness to protect both customer student information and the enterprise.
The VP of Information Security will also work closely with our parent company DMGT CISO, DMGT Privacy Officer and Legal team to ensure that security controls effectuate the organization's data policies. This role will work with multiple stakeholders including product, engineering, sales, customers, contract review, finance, and the senior leadership team in the development and implementation of the security strategy.
The VP of Information Security must be a visionary leader with sound knowledge of business management. He or she should have a detailed knowledge of cybersecurity technologies and the cyberthreat landscape to ensure the achievement of business outcomes.
This position will be located in: Arlington, VA (DC Metro area)
- Manage the top-to-bottom product/software & data systems security roadmap which covers all application/architecture security design as well as all tools/services used by Hobsons.
- Work with developers and architects to ensure security is appropriately built into product development and testing methodologies.
- Calibrate and manage a monthly overall risk assessment and analysis report for senior management.
- Lead the annual SSAE-16/18 SOC II examination and internal DMGT audit activities.
- Maintain and publish corporate governance including security policies, incident response policies, procedures and protocols.
- Continuously evolve tools and vendors to ensure appropriate levels of security are achieved for the business.
- Manage and coordinate a comprehensive system patching program across teams.
- Continuously update and manage a security awareness training program for all employees, contractors and approved system users, and establish metrics to measure the effectiveness of this program.
- Manage and contain relevant information security incidents and events to protect customer data, corporate assets, intellectual property, and regulated data.
- Perform ethical testing and social engineering vulnerability analysis and process design to harden the enterprise.
- Manage a comprehensive DR/BCP program to ensure the resilience of the business.
- Collaborate with sales and contract management to respond to customer inquiries, questionnaires and review contract terms.
- Build out a security automation strategy to streamline event monitoring and processes.
- Coordinate with 3rd party vendors to review platforms for compliance with security controls.
- Collaborate with finance to manage the security budget.
- Manage the security organization, consisting of direct reports and dotted line reports including hiring, training, staff development, and performance management.
- Facilitate a metrics and maturity-based reporting framework to measure the efficiency and effectiveness of the security program.
- Monitor the external environment for emerging threats and advise relevant stakeholders on appropriate courses of action.
- Minimum of seven to 10 years of experience and increased responsibility in security, risk management, and IT roles.
- Experience with incident preperation and response working with multipl stakeholders including legal.
- Experience securing cloud based and hybrid SaaS products across multiple development frameworks and database technologies.
- Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs in a dynamic and fast paced technology company.
- An ability to manage multiple competing priorities effectively executing a security roadmap while balancing against product delivery goals.
- Sound knowledge of information security risk management and cybersecurity technologies.
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53, BSIMM and Cybersecurity Framework.
- Experience leading SSAE-16/18 SOC II Type II examinations a plus.
- Excellent written and verbal communication, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences, ranging from board members to technical specialists.
- Use of open source security tools and familiarity with all regular assessments and status of open source software.
- Demonstrated understanding of technological trends and developments in the areas of information security, risk management, web architectures, and cloud computing.
- Poise and ability to act calmly and competently in high-pressure situations.
- Project management skills: financial/budget management, scheduling and resource management.
- Experience with contract management and vendor negotiations.
- Ability to lead and motivate the information security team to achieve tactical and strategic goals, even when only "dotted line" reporting lines may exist.
- High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
- Experience with incident preparation and response working with multiple stakeholders including legal.
Hobsons recognizes the importance of taking care of our most valuable assets – our employees. That’s why we not only offer a comprehensive total rewards package but also continuously evaluate our offerings to meet the evolving needs of our workforce.
Benefits Include (but may vary depending on location):
- Affordable and Competitive Medical, Dental and Vision Insurance Plans
- 401(k) Plan with Match
- Flexible PTO offering for all Exempt roles
- Substantial time off for all Non-Exempt roles, including Floating Holidays and Premium Days for Volunteering, Personal Wellness and/or School Conferences/Visits
- Education/Tuition Reimbursement
- Life, AD&D, Short-term and Long-term Disability Insurance
- Flexible Spending Accounts (FSA)
- Voluntary Employee Programs: Legal Services, ID Theft & Credit Monitoring
Work-Life Balance & Culture
- Company Closes December 24th through January 1st as a Paid Holiday
- Generous Holiday Schedule
- Employee Referral Bonus Program
- Casual Dress Environment
- Flexible Work Arrangement Opportunities
- Global Fitness Program Membership Discounts
- Hobsons Annual Achievement Awards Event
- Employee Funded International Charity Programs
- Adopt A Class - Local Community Involvement
- Work Perks Discount Program
To view our comprehensive list of total rewards benefits, please visit www.hobsons.com/careers/why-work-here. To learn more about Hobsons, and our products: Naviance, Intersect, Starfish, visit our corporate web site at www.hobsons.com and follow us on LinkedIn, Facebook and Twitter.
Ability to document identity and employment eligibility within three (3) days of original appointment as a condition of employment in compliance with Immigration Reform and Control Act requirements.
Note: U.S. Citizens and those authorized to work in the U.S. are encouraged to apply. We are unable to sponsor at this time.
Hobsons is an Equal Employment Opportunity (EEO) employer and welcomes all qualified applicants. Applicants will receive fair and impartial consideration without regard to race, sex, sexual orientation, gender identity, color, religion, national origin, age, disability, veteran status, or other legally protected status.