Mitek (NASDAQ: MITK) is a global leader in digital & biometric identity authentication, fraud prevention, and mobile deposit solutions. Our verified identity platform and advanced image capture solutions are built on the latest advancements in biometric recognition, artificial intelligence, computer vision and machine learning, and trusted by over 7,500 organizations worldwide. We are headquartered in San Diego, California, with operations in the United Kingdom, Spain, France, Mexico, and the Netherlands. Visit us at www.miteksystems.com.
At Mitek, we believe that teams are stronger and more innovative when they have the range of opinions and perspectives that come from diversity. Very simply, we know that diversity is a foundational strength for our organization. A diverse workforce makes for stronger teams as a wider breadth of thinking and experience broadens the power of our collective mind. Building stronger teams is foundational to serving our customers comprehensively, innovating our products and solutions, and enabling more impactful decision-making across our business.
We are Virtual 1st! Whether you choose to work remotely from your home office or in-person from one of Mitek’s offices, our practices, processes and tools are designed to enable your success. At Mitek, the Future of Work is about flexibility and preference wherever and whenever we are working.
The Director, Information Security is responsible for Mitek's Security posturing and works closely with cross functional teams across the business to provide security technology strategy, architecture leadership, and direction to Mitek’s product and corporate enterprises. The candidate will be responsible for building and designing security strategy, growing the capability model, and framework to keep Mitek’s products and infrastructure secure, in support of Mitek’s business strategies and processes. This role is a hybrid position focusing on strategy, planning, and execution.
What you'll do (Core Responsibilities):
- Develop and maintain IT Security Strategy, Standards, and Roadmap for cloud on-premises products, and internal corporate infrastructure.
- Define the principles that guide security technology decisions and tradeoffs for the enterprise.
- Lead or consult on security architecture implementation activities for new/existing shared security solutions. Work closely with Product, IT, Engineering, Cloud Operations, and Compliance to define effective security technology architecture, controls and roadmaps.
- Facilitate the evaluation and selection of security technologies and product standards, and the design of standard configurations/implementation patterns for security solutions.
- Maintain Security Roadmap and Portfolio projects to deliver on IT Security Strategy.
- Articulate the security strategies, architecture, and roadmaps to various stakeholders in the Organization.
- Analyze enterprise business context/needs (trends and business strategy) to derive security program architecture.
- Research emerging security technologies and trends to support the security program.
- Analyze the current technology environment to detect critical deficiencies and work with stakeholders to implement solutions.
- Conduct product design & architecture reviews with product managers and engineering teams.
- Manage and evaluate vulnerability assessments on infrastructure and testing (SAST, DAST) on company’s products and provide recommendations for improvements.
- Conduct vendor assessments for supply chain security.
- Oversee external pen testing engagements and remediation coordination.
- Respond to audit and security questions from internal and external partners. (ISO, SOX, NIST, SOC2, PCI, etc.).
- Coordinate investigation of significant security incidents and provide thorough post-event analyses.
- Review system security measures and implement necessary enhancements.
- Verify security systems by interviewing and auditing defined controls and technology.
Who you are (Soft Skills and Attributes):
- Exceptional interpersonal skills in areas such as teamwork, facilitation and negotiation along with demonstrated ability to communicate effectively and influence technology decisions at all levels (senior management & leaders to technical contributors & staff)
- Comfortable working on a multi-functional team with Product Managers, Engineering, Customer support &IT
What You'll Need (Knowledge, Skills, and Abilities):
- Bachelor's degree in Computer Science, IT, or a related field
- Knowledge and skills typically associated with 12+ years’ experience in IT risk management and information security.
- Strong experience with mid-sized global enterprises with large geographical topologies
- Excellent understanding & ability to develop and articulate a vision for security domain and understand short-term and long-term ("big picture") strategy
- Strong track record of designing security architecture for complex solutions and ability to deliver results through partnering with stakeholders
- High level understanding of the security landscape, such as: Audit and Monitoring, Risk Response & Recovery, Cryptography, Malicious Code, Computer Operations Security, IAM, Vulnerability assessments, Network Security, End-point Client security (Fixed and Mobile), Investigation & Ethics
- Solid understanding of Cloud Architectures (e.g., SaaS, PaaS, IaaS) and the ability to address the unique security considerations of secure Cloud computing
- Strong Knowledge of IS and Privacy Frameworks/standards such as SSAE16 Type II, Safe Harbor, ISO/IEC 2700x series, NIST 800-53, COBIT, HITRUST, HIPAA, PCI etc.
- Knowledge of tooling requirements for SIEM, IDS/IPS, Firewalls, VPNs and endpoint protection.
- Should have advanced understanding of security/compliance standards SOC, ISO, PCI-DSS, Fed Ramp, NIST, CIS etc.
- Good understanding of Azure and AWS security.
- Understanding of Linux security considerations.
- Knowledge of containers and container orchestration security considerations. Able to apply knowledge of financial models and cost-benefit analysis for efficiency of security tooling purchases
What Would be Nice (Preferred Qualifications):
- Certifications preferred (CEH, CISSP, CISA)
- Azure and AWS security
$160,000 - $212,000 a year