Job Description:
-Responsibilities:
Department Overview
Information Risk Management (IRM) at Yahoo is responsible for all aspects of Information Security and is centralized to meet that goal. With a broad range of requirements, IRM is broken down into five main functions, Threat Response, Strategy and Planning, Infrastructure Resiliency, Product Security and Security Management. Yahoo’s Information Risk Management group consists of experts in many fields to ensure that Yahoo’s data and technical resources are protected and available.
As the Director of International Paranoids, you will lead a team to design and implement controls to mitigate the threats that Yahoo and our customers face. Your team will drive security process maturity across the international company locations to ensure security is included in all relevant processes.
Overview of tasks
This position will be in the Security Governance team in Information Risk Management within SE&O
Developing controls to mitigate threats for the entire company
Driving projects to implement needed controls to mitigate the threats
Participating, via governance, in the projects that are happening that are of security importance
Developing and driving security standards across the company
Designing and implementing mature process hooks into company processes to ensure risk is identified, remediated and/or accepted
Assist in the overall IRM implementation of a mature risk model and driving it into roles and responsibilities within your group
Assist and drive with an ongoing companywide communications program to promote the concept of security awareness
Assist in facilitating compliance with established IRM policies, procedures and security controls
Requirements:
10+ years of information security experience
5+ years experience as a leader of security organizations
Bachelor Degree, preferably in Computer Science
Significant experience with security regulations in compliance legislation and other directives including PCI, Sarbanes-Oxley, ISO 27001 and OWASP
Excellent experience in various risk and control models and demonstrated capability in implementing them in a large enterprise environment
Demonstrated experience performing general security risk assessments at the business unit or department level.
Have a solid working knowledge of networking technology and tools, firewalls, proxies
Excellent technical writing and presentation skills
CISSP, CIMP, SANS desirable
If you are interested, please send your CV, including your name and the position you are applying for in the subject line, to sea-jobs@yahoo-inc.com.
No comments:
Post a Comment