Head of Corporate Information Security

(Menlo Park, CA)

Facebook's mission is to give people the power to share, and make the world more open and connected. Through our growing family of apps and services, we're building a different kind of company that helps billions of people around the world connect and share what matters most to them. Whether we're creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to make the world more open and accessible. Connecting the world takes every one of us—and we're just getting started.

As a global company that is unique in the world, Facebook faces a unique set threats to its corporate infrastructure. From nation states to financial threat actors, Facebook has to defend itself from a variety of actors who try to take advantage of our employees to compromise the environment. With nearly 20k employees and contractors across the globe, our corporate infrastructure is a critical part of helping us move fast and we work hard to ensure that our employees can move fast securely. The Head of Corporate Information Security will be responsible for leading a team that helps protect Facebook against the variety of threats to Facebook's corporate infrastructure. As a successful candidate, you will take a strong leadership role in the challenge to drive security in a company that prides itself on it's ability to move fast. You will be able to build, grow, and motivate a high performing team that is bold, innovative, and technically skilled. You will be an effective communicator regardless of audience or medium; able to explain complex security issues and articulate the threat model for Facebook's corporate environment. You will be a sound decision maker and rationalize between difficult choices on technical merit and real world risks.


  • Lead a team of security engineers researching, developing, and supporting company-wide security capabilities, especially those dealing with endpoint, mobile, and corporate infrastructure services (e.g. database, email, cloud services, directory services)
  • Develop and maintain a threat model for Facebook's corporate infrastructure
  • Collaborate with internal stakeholders to define and drive the security agenda for Facebook's corporate information security program
  • Partner with leaders across the company, especially those in Facebook's IT team, to ensure that corporate information security efforts receive appropriate prioritization and resources
  • Take a leadership role in working across the company on security projects and provide security guidance on a constant stream of new projects and technologies
  • Develop and maintain metrics to measure Facebook's security posture within the corporate environment
  • Regularly provide the CSO, CIO and CFO with useful measurements of corporate security risks and an action plan to mitigate
  • Develop and maintain security control frameworks/guidelines to ensure consistent application of technical security controls for all corporate infrastructure
  • Support key information security efforts in the corporate space including, but not limited to, authentication, authorization, security configuration management, vulnerability management, PKI, and cryptography

Minimum Qualifications

  • 10+ years of relevant work experience, including hands-on technical management, experience developing and leading large corporate information security programs, and proven ability to contribute at both strategic and operational levels
  • B.S. or M.S. Computer Science or related field, or equivalent experience
  • Demonstrated ability to recruit and manage technical teams, including performance management
  • Must be able to develop and communicate information security strategies and architectures
  • Demonstrated ability on building solutions for a corporate culture such as Facebook's
  • Ability to translate technical concepts into language for audiences, including software engineers, business and technical leaders and external security community members and press
  • Experience in host, network and application security
  • Knowledge of attacker lifecycles and strategies to inhibit attacker activity
  • Demonstrated experience developing, evangelizing, and managing a security vision in partnership with end-users and key stakeholders throughout the organization
  • Familiarity with control frameworks such as ISO 27001/2, NIST Cybersecurity Framework, and Center for Internet Security Controls for Effective Cyber Defense

Meet Some of Facebook's Employees

Peipei Z.

Manager, Global Client Solutions

Peipei helps Facebook’s top clients devise solution-based and results-driven social media strategies. She creates strategic partnerships to help people and brands connect in a more meaningful way.

Cristina T.

Sr. Manager, WhatsApp Customer Support & Localization

Cristina manages the WhatsApp customer experience, translating the application into multiple languages and troubleshooting communication services worldwide.

Back to top