Office Tour Photos
Brightcove is revolutionizing the way organizations deliver video experiences. We are passionate about online video, and day in and day out we help our customers focus on using video to move their business in meaningful ways, whether thats in broadcasting or publishing, marketing, or enterprise communications. We do this through continuous technical innovation, nurturing a broad video-centric ecosystem, and by being a true partner to our customers. Video moves us and it moves our customers, thousands of them in over 70 countries.
As the Head of Business Information Security at Brightcove, you'll play an instrumental role in ensuring best practices in systems, software, people and processes in the information security function at Brightcove. This role demands a broad understanding of security risk analysis and audit, security controls across physical, staff, tech, and business domains. The ideal candidate will have deep expertise in one or more of these areas. This role offers a unique opportunity for a dynamic individual to help us continue to build and operate a world class security program.
This multi-functional role collaborates with Engineering, IT, Operations, Legal and Sales, touching on all areas of our security operations and compliance, including information security, change management policy and implementation, as well as customer spearheading compliance / due-diligence requirements. You will establish, administer and communicate the overall strategies and procedures for the business security function. Evaluate risk on a continual basis and promote security awareness within the organization.
More specifically, you will:
- Be the voice of Brightcove and its security operations in discussions with customers and vendors
- Produce internal and customer facing vulnerability and risk assessment documentation
- Evaluate and assess third party security risks for vendors, partners and subcontractors
- Provide business and technical advice on a wide variety of IT risk issues, concerns, and problems, making sure all business processes incorporate adequate information security
- Develop and communicate security and compliance requirements to Information Services and key business partners.
- Engage with customers and prospects regarding security during the RFI, vendor assessment processes or periodic security audits
- Interpret, implement and maintain information security policies and standards specific to the business
- Monitor current and proposed laws, regulations, industry standards and ethical requirements related to IT risk, privacy, and information security
- Demonstrated personal integrity, the ability to professionally handle confidential matters and exhibit the appropriate level of judgment and decision making commensurate with the position and responsibilities
- Work with Security Engineering to drive the adoption of core security services (PKI, Identity, Key Management, Detection and Response, and Vulnerability Management)
- Be a technical leader in periodic information systems and applications risk assessments
- Obtain relevant organizational security certifications, ex. Service Organization Control (SOC2), Digital Production Partnership (DPP) Committed to Security, Trusted Partner Network (TPN).
- Improve Business Continuity Plan (BCP) in collaboration with teams across the organization and establish a periodic testing and reviews
- 8-12+ years experience working in a security focused role in the technology or other technology heavy industry; 5+ years experience in management positions
- Bachelor's degree in Computer Science, Information Systems, Engineering or a related discipline is preferred
- Strong understanding of IT risk, information security fundamentals, defense-in-depth practices, IT risk assessment fundamentals and risk management practices
- Strong executive presence and ability to engage with external customers and internal stakeholders
- Solid understanding of security frameworks (e.g. CIS, NIST)
- Good understanding of SSO, PKI, Secure Software Development practices, penetration testing, vulnerability scanning, static and dynamic code analysis
- Desirable tool knowledge of JIRA, Loopio, Salesforce, cloud based threat management and detection tools is a plus
- Knowledge of GDPR, CCPA
- Video security features like DRM is a plus
- Past experience establishing information security policies and practices is a plus
- Strong executive presence and ability to engage with customers regarding security (e.g. Executive Briefings and incident communications)
- InfoSec certification such as CISSP or CISM preferred
Working at Brightcove:
As the undisputed global leader in powering premium video for our customers, Brightcove recruits and retains highly qualified and motivated individuals, creating an environment where people can innovate and achieve their best, and we reward them for their performance by giving them the opportunity to share in the companys success. We offer competitive compensation, stock options, 401k matching, and tuition reimbursement, as well as unlimited PTO - and we expect you to use it!
This role is located in our Boston office which is located downtown, right on Fort Point harbor. The office has an open yet focused working space layout with beautiful water views. Employees enjoy access to fully-stocked kitchens and social activities including: happy hours, trivia and movie nights, ping pong tournaments, and philanthropy events.
If you've gotten all the way to the bottom of this description, thank you for your interest in Brightcove! If this role sounds like something that is exciting to you please don't hesitate to apply, even if you don't meet all of our qualifications. We recognize that no candidate is perfect and Brightcove would love to have the chance to get to know you.
Send us your resume if you are interested and want to learn more!