• You will define the functional strategies and specific objectives around policies and procedures to support overall company security to assure the safety of physical and digital assets from internal and external threats.
• You will maintain and present documentation as it relates to cloud security operations, processes, standards, architectures, and provide guidance for security remediation to business and engineering partners by demonstrating real, practical risk and value.
• You will define the types of security education and training needed, partnering with HR to ensure compliance.
• You will champion Nerdy's security strategy collaborating with the organization's key partners to establish the vision ensuring the mitigation of risk and the protection of internal data, customer data, and intellectual property.
• You will drive oversight of all activities related to security compliance, focusing specifically on Information Security and Risk Management across departments
• You will mentor and inspire the security team to continually develop skills, capabilities and partnerships across the organization.
• You will represent the security posture to Nerdy's leadership team.
• You will stay abreast of current and emerging security threats and design security architecture to mitigate them.
• You will ensure alignment between security architecture frameworks and standards and overall business strategy.
• You will manage the Security and IT teams.

Required Qualifications:

• You bring 10+ years of security experience developing and leading company wide security, risk management, and other related programs.
• You bring a Bachelor's degree in computer science, engineering or equivalent required.
• You bring demonstrated success as a security leader in a consumer facing business of substantial scale and complexity.
• You bring an in-depth understanding of all related compliance issues in a consumer business to include Privacy, GDPR, CCPA, SOX, NIST, etc.
• You bring demonstrated understanding of the use of data and analytics in breach detection, monitoring and forensics of the security environment.
• You bring deep expertise in audit and assessment methodologies, procedures, and policies that relate to information networks, systems and applications.
• You bring strong verbal and written communication skills, especially in the areas of presentation and interaction with people at all levels across the organization.
• You bring an ability to inspire investment from the broader population of employees to ensure active participation and championing of key security initiatives.
• You bring a background in software engineering at product development companies, preferably SaaS or PaaS and experience in start-ups as well as larger enterprises.
• You bring experience with modern cloud infrastructure such as AWS and GCP
• You bring experience with automation to scale yourself and the team to identify, audit, and remediate.
• You bring decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one

Preferred Qualifications:

• CISA- Certified Information Systems Auditor (auditing, monitoring, and assessing IT and business systems).
• CISM - Certified Information Security Manager (affirms ability to assess risks, implement effective governance, and proactively respond to incidents).
• CRISC - Certified in Risk and Information Systems Control - IT risk management

NA