We are looking for a Director of Security and IT to join the MyFitnessPal team. Our users rely on MyFitnessPal to power their health and fitness journeys every day. As a leader within the MyFitnessPal team, you’ll have the opportunity to positively impact those users with your expertise in securing the people, systems, and processes that drive the MyFitnessPal ecosystem. In addition to technical expertise, you’ll find that your teammates value collaboration, mentorship, and inclusive environments.
MyFitnessPal has offices in San Francisco, CA and Austin, TX. For this position, we are open to candidates that are remote in the United States.
What you'll be doing:
You’ll lead our Security and IT programs. Your focus will be on Security, but you’ll also carry responsibility for IT needs of our 150-person and growing business. You’ll work closely with Engineering and Product to strengthen, grow and evangelize effective IT and information security programs enterprise wide.
You’ll lead a team of subject matter experts on information security, and will increase information integrity, confidentiality and availability through the integration of security policies, security awareness, access controls, environmental controls, and the implementation of security-related technology. You’ll also lead a small-but-effective IT team of both in-house and outsourced talent, building and growing an IT services roadmap that focuses on managing cloud business services, office networking infrastructure, and employee hardware, measured by delivery at high service levels.
Qualifications to be successful in this role:
- Build up your team, and help other teammates, grow through mentorship and coaching
- Willingness to take ownership and responsibility for your team and their work
- Enterprise information security leadership, hands-on experience, and the ability to be a hands-on leader
- Built an information security program or grown an existing one
- Ability to work across multiple teams including Product, Engineering, Business Support, Legal, and Executive Leadership, getting buy in from each division with respect to the security program
- Industry knowledge of border testing, security policies, remediation strategies and risk assessments.
- Implemented and/or managed security information and event management solutions (SIEM), experience performing security incident response and/or investigation
- Understanding of, and experience in developing mitigation strategies to combat the risks associated with, current and emerging threats, vulnerabilities, and attack vectors used to compromise enterprise and critical infrastructure
- Experience with placement of security services such as firewalls, IDS/IPS, and content filtering
- Experience with data protection & archiving, disaster recovery, business continuity and implementation
- Experience with tools including: Vulnerability scanners, Endpoint protection, IPS/IDS, SIEM, Malware
- Ability to create documentation that describes technical details to a non-technical audience
- Knowledge of industry best practices from organizations such as International Standards Organization (ISO), Center for Internet Security (CIS) and National Institute of Standards (NIST)
- Strong knowledge of IT controls, including security concepts and terminology related to applications, databases, operating systems, and IT operations
- Strong understanding of privacy issues (e.g. GDPR, CCPA, COPPA) and experience with implementing and assessing compliance for information security and cyber security with respect to web and integrated mobile apps
- Ability & desire to learn new product lines and technologies quickly & efficiently
- Proven project management and organizational skills, specifically managing multiple concurrent projects
- Broad understanding of cloud computing, modern IT architectures, and IT delivery models
- Knowledge of JIRA is a plus
- Education and/or certifications equivalent to BS in Computer Science or IS related field, CCNA, MCITP/MCSE, CCSP, Security+, CISSP, CISA, CISM, SANS, or vendor-specific certifications
Please consider applying even if you don’t meet 100% of the qualifications. Research shows you can still be considered for a position if you meet some of the requirements. At MyFitnessPal, we’re building a fitness product for everyone and believe our team should reflect that. We encourage people of different backgrounds, experiences, abilities and perspectives to apply.