Senior Manager, Infrastructure Security

At Scribd (pronounced “scribbed”), our mission is to spark human curiosity. Join our team as we create a world of stories and knowledge, democratize the exchange of ideas and information, and empower collective expertise through our three products: Everand, Scribd, and Slideshare.

We support a culture where our employees can be real and be bold; where we debate and commit as we embrace plot twists; and where every employee is empowered to take action as we prioritize the customer.

Our flexible work benefit - Scribd Flex - enables employees, in partnership with their manager, to choose the daily work-style that best suits their individual needs. As an organization, we prioritize collaboration and intentional in-person moments to build culture and connection. For this reason, occasional in-person attendance is required for all Scribd employees, regardless of their location.

About the role

In the role of Senior Manager of Infrastructure Security, you will be a key player in shaping and executing the strategic direction for our Security department, influencing all aspects of our business. We are in search of a proactive, experienced Senior Manager of Security to supervise and implement our Security strategy, lead our Infrastructure Security team, and collaborate with our senior leadership to achieve our business goals.Reporting to our Director of Infrastructure, your responsibilities will include ensuring the integrity, robustness, and scalability of our Security Platforms, both developed in-house and procured, as our business continues to expand. You will also be tasked with identifying gaps in our security posture and implementing adequate controls to preserve the accuracy and integrity of our cloud-native systems. We are firm believers in doing things correctly with the appropriate tools, and this role will be crucial in propelling our collective vision forward.

Responsibilities

Strategic Leadership:• Develop and execute the strategic vision for the Infrastructure Security department• Advocate for Security’s importance in our organization, prioritize mitigating risk exposure, while endorsing technology to boost efficiencies and, where feasible, augment cost savings• Collaborate with Executive Management to align both strategic and tactical plans with business goals and priorities• Collaborate across multiple teams within Engineering including our Product and IT Security teams to manage the organizational Security vision and co-lead the maturation of our security posture

Governance and Metrics:• Establish an effective Infrastructure Security Governance function, prioritizing Security tasks and defining service-level agreements• Develop reporting and metrics to measure Security impact and value while ensuring compliance with regulatory requirements and internal policies

SaaS Infrastructure Management:• Design and implement an integrated security solution for cloud-native SaaS applications, ensuring their robustness and scalability• Evaluate and optimize solutions based on SaaS platforms, such as AWS, Datadog, and other security vendors

Security and Controls:• Ensure data accuracy and integrity, including the use of vulnerability tracking systems, to support timely and accurate business decisions, for the implementation of security measures to protect against cyber threats• Collaborate with our Engineering, IT, and Legal teams to mature our Security Platform and implement controls to meet regulatory requirements, including access control policies, vulnerability management, security training, PCI, and SOX

Operational Excellence:• Develop and implement Infrastructure Security operational processes, including improvements to change management and incident/service request management• Ensure the secure operation of infrastructure and application systems, including our cloud SaaS platform, with a focus on proactively addressing vulnerabilities and mitigating risks

Team Development:• Recruit, lead, and mentor a high-performing Infrastructure Security team, fostering growth and maturity within the department• Define roles, responsibilities, and team structure for the Infrastructure Security team• Operate within the Infrastructure Security budget constraints while optimizing resource allocation and assisting with license negotiations

Qualifications:

• 10+ years of progressive Engineering and Security experience, with 4+ years in a leadership role• Proven experience in developing an Infrastructure Security strategy, building Security teams in a SaaS environment, and implementing cybersecurity controls• Expertise with Infrastructure Security control Platforms, including defining and implementing Security controls such as access control policies, vulnerability management, security training, PCI, and SOX• Strong leadership skills, with excellent written and spoken communication abilities, enabling effective engagement with stakeholders at the Director, VP, and Executive levels• Proven ability in identifying and remediating security gaps and vulnerabilities, with a strong engineering background that enables a deep understanding of complex architectures and technologies• Experience in conducting security audits, bug detection, secure coding practices, and implementing proactive risk management strategies• Ability to articulate Security issues and recommendations in non-technical terms• Familiarity with Security governance such as NIST’s Cybersecurity Framework• Knowledge of project management and systems development methodologies, including waterfall and Agile approaches• Strong technical expertise in Security architecture, data integration, and networking infrastructure• Experience integrating and optimizing solutions based on cloud-native SaaS platforms, and proficiency in maintaining SaaS Infrastructure applications, including AWS, Datadog, GCP, and more• Strong team-building, organizational, and staff development skills• High degree of initiative and ability to make informed decisions based on industry best practices and standards