Information Security Manager Linden Lab
Responsible for the company-wide information security program that is intended to safeguard customer information and to address applicable Federal and State regulatory requirements, as well as technical and procedural best practices. Develop or enhance administrative, technical, and physical safeguarding controls using a risk-based approach. Assist with managing third-party relationships in regards to protection of customer information. Assist with company-wide business continuity planning, disaster recovery processes, and incident response procedures. Perform periodic security analyses and report findings to senior management.
1. Conduct a risk assessment to identify existing and reasonably foreseeable security
and privacy risks.
2. Collaborate with different teams to help develop and/or maintain administrative, technical, and physical safeguards used by Linden Lab to access, collect, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle customer information.
3. Work with technical security personnel and different engineering teams to identify and report on specific security risk issues in depth.
4. Assess internal network and security architectures as they relate to managing identities and access privileges, delegated administration models, workflow and access control models.
5. Assist in evaluating and establishing third-party relationships or service providers, including the review of contract language for customer information implications.
6. Develop a company-wide Information Security Program that addresses the
company?s administrative, technical, and physical safeguards and any mitigating
controls intended to protect customer information.
7. Evaluate and adjust the information security program periodically and in light of relevant circumstances and changes in the business.
8. Assist with formalizing the company?s plan to address business continuity planning and disaster recovery.
9. Assist with formalizing incident response procedures that adheres to applicable laws and regulations.
10. Conducts formal and systematic security reviews of the company?s security controls and work with the stakeholders to address deficiencies.
11. Assist with analyzing existing procedures and practices to determine compliance with applicable rules and regulations, including areas related to GLBA, FTC, and MSB/MT requirements.
12. Assists with coordinating external audits or reviews related to security, PCI, and vendor management.
13. Document results of security risk analyses and formally present to senior management.
14. Develop and maintain a security awareness training program and ensure that training is delivered (at least annually) to applicable employees.
15. Performs other duties as assigned by supervisor.
Bachelors degree or equivalent academic training and experience.
At least 6 years of security compliance or information security management.
Knowledge, Skills, and Abilities:
Prior experience in security risk assessment, security governance, management, and
Knowledge of both electronic and non-electronic information security risk management.
Audit experience in the area of security controls.
Ability to identify and effectively manage security issues.
Excellent written and verbal communication skills.
Extremely organized and detail oriented.
Exceptional sound judgment skills.
Ability to multi-task in a fast-paced, changing environment.
Willingness to learn and apply new skills.
IT security certifications (e.g., CISA, CISM, CISSP) is a plus
Experience managing security in a production Unix/Linux environment is a plus.
Physical Demands & Work Environment:
While performing the duties of this job, the employee is regularly required to use the computer and communicate with colleagues and managers in an office environment. The employee frequently is required to stand or sit to complete work.
||1100 Sansome Street |
San Francisco, CA 94111