Director, Information Security

The Honest Company is currently seeking a Director, Information Security to guide the evolution of our security programs as we continue to experience dynamic company growth and expand our product offerings.

As our Director, Information Security, you will be responsible for maintaining a safe, secure, and compliant ecosystem for both employee and customer data. You’ll also direct Honest's security strategy to control our ability to detect and efficiently respond to threats. You’ll establish best practices, achieve supporting certifications, and monitor regulatory compliance. In a nutshell? You’ll work to earn and sustain customer trust and enable the business to take smart risks. 

What you’ll do:

  • Own and develop Honest Company's information security program, encompassing IT and employee technology systems (e.g. devices, applications), regulatory compliance, legal interactions for security, employee security awareness, employee identity, and corporate infrastructure security
  • Support cloud-hosted and local environments to ensure they meet strict regulatory guidelines and follow information security best practices
  • Develop, mentor and manage a team of information security professionals
  • Effectively add security into continuous monitoring/continuous deployment environments, collaborating closely with our DevOps team members
  • Manage PCI compliance initiative
  • Anticipate threats and address security incidents across production and corporate environments
  • Instill security best practices and awareness into Honest’s culture and business processes by leading training and educational programs

 You’ll love this job if you’re:

  • Articulate and approachable. You can clearly explain IT concepts to both technical and non-tech team members and stakeholders
  • Dedicated and fast moving. You’re known to operate with, urgency, focus and discipline
  • A dynamite problem solver and project manager. You’re always thinking (at least) one step ahead
  • A talented juggler. You successfully manage competing priorities, and you make it look easy
  • A terrific teacher. Mentoring comes naturally -- you love helping people learn and grow
  • Adaptable and ambitious. You will enthusiastically take on other assignments as needed to support your team!

What you’ll need:

  • Bachelor’s degree in computer science or an engineering discipline
  • 10+ years of years of experience in Information Security
  • 4+ years in information security team management with people leadership experience
  • Specialization in one or more security areas such as encryption/key management, risk management, threat modeling, data loss prevention, security automation, public and private cloud security, or security architecture
  • Advanced understanding of foundational IT networking, operating systems, and application development
  • Extensive experience with PCI DSS and ITIL
  • Technical expertise securing complex environments, seeking remediation, and delegating actions through to completion
  • Knowledge of PCI, SOX, ISO27k, or other security frameworks
  • Demonstrated experience in the development and management of a comprehensive information security program
  • Solid track record of improving the security posture in a dynamic environment with diplomacy, earning the reputation as a valued business partner
  • Demonstrated success working with internal and external auditors, outside consultants, security researchers, and legal teams in a lead capacity

Bonus points for:

  • CISSP, CISM, & GIAC certifications

 


Back to top