Manager, InfoSec Policy & Third Party Security

Facebook's mission is to give people the power to build community and bring the world closer together. Through our family of apps and services, we're building a different kind of company that connects billions of people around the world, gives them ways to share what matters most to them, and helps bring people closer together. Whether we're creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to empower people around the world to build community and connect in meaningful ways. Together, we can help people build stronger communities - we're just getting started.

The Manager of Information Security Policy and Third Party Security is a key member of the Facebook Security organization. The team is responsible for owning Facebook's Information Security policy framework along with the development, maintenance, and interpretation of our internal portfolio of Information Security policies. The team is also responsible for defining and maintaining Facebook's overall Information Security Third Party Security program to classify, assess, and report on broad, specific, and technical Information Security risks as they relate to our third parties. The team utilizes Facebook's technologies to approach third party security and policy awareness in novel ways such as through real-time policy awareness.
The person that fills this role has a passion for leading a team of technical security professionals. This role requires a mix of broad business and technical acumen with strong people-management skills, the ability to inspire and influence decisions around Information Security Policy and Third Party Security, and a polished ability to communicate with key senior executives, external third parties, and the public.


  • Understand technical implementation details necessary to assess general and situational Information Security risk
  • Support team's development and execution of:
  • - Strategic plans for Policy and Third Party Security management
  • - Action plans, schedules, budgets, status reports and metrics to support the Information Security Policy and Third Party Security programs at Facebook
  • - Mitigation plans relating to policy exceptions and Third Party Security risks
  • - Policies, procedures, guidelines, and plans to internal stakeholders
  • Lead, build, retain, and develop a team of Information Security professionals that are passionate about Information Security while empowering Facebook's rapid innovation and growth
  • B.S. in a technical discipline or equivalent experience
  • 8+ years of experience in Information Security
  • 5+ years of experience in people management and team leadership
  • Experience in Information Security policy development and Third Party Security at tech companies
  • Knowledge of Information Security strategy, practices, technologies, and tools
  • Demonstrated leadership experience with experience working and communicating at executive levels
  • Experience providing technical knowledge appropriate to delivery of essential security protections
  • Experience with applications, networks, and databases
  • Experience with security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc.
  • Understanding of Cloud technologies (e.g. SaaS, PaaS, IaaS)

Meet Some of Facebook's Employees

Lauren W.

Global Marketing Lead, Facebook Blueprint

As the marketing lead for Facebook’s Blueprint program, Lauren focuses on building awareness around the program and the adoption of education and training by businesses and advertisers.

Ariane J.

Software Engineer

Ariane works to improve Android performance for various Facebook products. She drives the entire tooling system and the way it should operate, and fixes logging and instrumentation APIs.

Back to top