Senior Director, Information Security

Collectors is the leading creator of innovative technology that provides value-added services for collectors worldwide. We grade, authenticate, vault and sell millions of record-setting collectibles, all while modernizing and digitalizing the process to further our mission of helping collectors pursue their passions. We’re always on the lookout for talented people to join our growing team. Our services span collectible coins, trading cards, Funko Pops!, video games, event tickets, autographs, and memorabilia. Our subsidiaries include PSA, PCGS, WATA, Card Ladder, and the Long Beach Expo collectibles trade show. Since our founding in 1986, we have graded and authenticated millions of items. We employ more than 1,700 people across our headquarters in Santa Ana and offices in Jersey City, Seattle, Canada, Hong Kong, Paris, Shanghai, and Tokyo.

We are seeking a highly experienced and strategic Senior Director of Information Security to join our team and lead the charge in safeguarding our organization’s technological assets. In this critical role, you will report directly to the CTO and be responsible for shaping and executing our comprehensive security strategy. You will oversee the design and implementation of robust security architectures, ensure compliance with industry standards, and supervise security operations. This is an opportunity to drive security excellence, influence strategic decisions, and lead a dynamic security team. If you are a visionary leader with a deep understanding of security practices and a passion for innovation, we invite you to apply and make a significant impact on our security landscape. 

This role is remote. Remote or hybrid candidates will be considered. We believe that there is significant value in in-person collaboration. If you live within a 1 hour commuting distance to one of our offices, you will be required to be onsite most of the time. This can be discussed further as part of the recruiting process.

What You’ll Do:

• Provide Strategic Leadership:
• Develop and drive a comprehensive security strategy aligned with the company’s business objectives and technology roadmap.
• Collaborate with the CTO and senior leaders to integrate security considerations into technology planning and decision-making processes.
• Provide expert guidance on emerging security threats and trends,  advocate for security best practices,  and champion security initiatives across the organization.
• Manage stakeholder relationships, acting as the primary point of contact for security-related issues and ensuring effective communication with all levels of the organization including technical SMEs, VPs, board members and non-technical stakeholders.
• Manage the cybersecurity budget, optimize resource allocation, and leverage cost-effective solutions, including open-source tools.
• Consult with our Privacy and Legal Team during security audits to ensure compliance. 
• Oversee Security Architecture/Engineering:
• Build, mentor, and lead a high-performing security team, fostering a culture of security awareness and continuous improvement.
• Oversee the design and implementation of robust security architectures for both on-premises and cloud-based environments.
• Ensure that security solutions and technologies enhance the company’s overall security posture and align with industry standards.
• Integrate security throughout the software development lifecycle and IT infrastructure, incorporating best practices and innovative approaches to strengthen security measures.
• Manage Governance, Risk, and Compliance (GRC):
• Formulate and enforce security policies, procedures, and standards that adhere to industry best practices and regulatory requirements.
• Identify, assess, and mitigate security risks across the organization, ensuring alignment with relevant laws and regulations (e.g., GDPR, CCPA, ISO 27001).
• Coordinate internal and external audits, manage compliance initiatives, and oversee remediation efforts to address audit findings and compliance gaps.
• Lead Security Operations and Incident Response:
• Lead the development and automation of incident response playbooks and runbooks to enhance operational efficiency and minimize manual efforts.Be an escalation point and ensure effective monitoring, detection, and response to security incidents.
• Oversee processes for threat detection, vulnerability management, and incident response, ensuring swift and effective resolution of security issues.

Who You Are:

• 10+ years in security leadership, providing a blend of strategic leadership, architectural leadership and hands-on expertise as a Security Architect or Security Engineering Manager.
• 5+ years of experience working with public clouds (AWS-preferred, Azure, GCP) and infrastructure security. DevOps experience is a plus (Terraform, Kubernetes, etc.).
• Experience in building, mentoring, and leading security teams, promoting a culture of security awareness.
• Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or other relevant information security certifications are a plus.
• Strong understanding of network and system security technology and practices, including firewalls, intrusion detection systems, anti-virus software, data encryption, and other industry-standard techniques and practices.
• Experience with risk management methodologies and ensuring compliance with laws and regulations such ISO 27001, NIST, SOC 2, HIPAA, GDPR, etc. Experience with international data protection laws for global organizations is a plus.
• Experience managing internal and external audits, coordinating compliance initiatives, and overseeing remediation efforts.
• Experience with emerging technologies such as AI and machine learning in the context of enhancing security postures.
• Proven ability to enhance operational efficiency in monitoring, detection, and response to security threats. Demonstrated experience in incident response and digital forensics.
• Demonstrated experience managing relationships with a range of stakeholders, from technical experts to senior leaders to board members.
• Strong communication and interpersonal skills, capable of effectively articulating complex security risks and controls to stakeholders, including cross-functional and non-technical partners.

The salary range for this position is $220,000-$320,000. Actual compensation on this range varies based on a variety of non-discriminatory factors, including location, job level, experience, and skill set. This role may be eligible for bonuses, commissions, or other forms of compensation, please ask your recruiter for details.

Reasons To Join Us:

• Health Insurance: All full-time employees are eligible to enroll in Medical, Dental, and Vision
• Additional Benefits: Full-time employees are eligible for fertility, commuter, and educational assistance benefits.
• 401(K) Matching Plan: We are proud to offer a competitive 401k matching plan to our employees to support their future financial goals
• Vacation: All salaried employees are eligible for flexible time-off
• Holiday Pay: All regular, full-time employees are eligible for ten company paid holidays
• Employee Discounts: Employees receive discounts on select grading services for approved submissions
• Flexible Hours: Many of our teams offer flexible schedules with varying shifts and will work with you to accommodate your needs
• Fun Working Environment: Our team members are invited to participate in celebrations, holiday events, and team building activities

Candidates must be authorized to work in the United States. 

This role is open to visa sponsorship. If you require sponsorship, please let your recruiter know during the initial phone screen.

Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. 

 #LI-remote