Mistplay is looking for a talented Information Security, Privacy and Data Governance Lead to join Mistplay’s team. You will report to Mistplay’s General Counsel and Chief Privacy Officer while also working closely with Mistplay Chief Data and AI Officer and our Head of Engineering. This role is responsible for leading a cross-functional team charged with building and managing Mistplay’s Information Security, Privacy and Data Governance program and supporting the monitoring, reporting and mitigation of Mistplay’s information security and privacy risks.
What You'll Do:
Establish, maintain, and execute a comprehensive information security, privacy, and data governance program.
Develop, implement, and enforce information security, privacy and data governance standards, policies, procedures, and guidelines.
Lead, monitor and advise on the execution of various information security and privacy assessments, including, for example, periodic vulnerability and penetration testing, privacy impact assessments, and audits.
Provide regular management reporting to demonstrate measurable progress of the information security, privacy, and data governance programs.
Ensure continuous improvement to drive the effectiveness and maturity of the program
Collaborate with business, data, and technology stakeholders to ensure that systems, processes, services, and data adhere to industry standard best practices for data security and privacy.
Determine the enterprise's specific privacy-related requirements and potential vulnerabilities.
Support the privacy impact assessment process in close collaboration with legal and business stakeholders.
Partner with the Operations, Data and Engineering teams to maintain a complete and accurate inventory of all non-public data including but not limited to the type of data & classification, where it is stored, how it is used, who can access it, how/where the data is routinely shared and how the data is secured/protected.
Partner with members of Legal team to ensure full alignment on all current and upcoming data privacy regulations, including our responsibilities and obligations.
Provide training, coaching and guidance across all stakeholders.
Knowledge of the privacy aspects of the application development life cycle, data handling and asset classification, and knowledge of the role of a privacy professional in ensuring that customer and employee data is properly managed
Articulate the importance of customer privacy and promote privacy up and down the management chain, including audiences who have varying levels of familiarity with the topic.
What We're Looking For:
Bachelor’s degree in Computer Science, Management Information Systems, Engineering, or other relevant field; or equivalent combination of education and experience required.
5+ years of experience in Information Security or Information Risk project/program management, or comparable role.
Working knowledge of state, federal and international privacy laws, regulations, and industry best practices.
Experience with third-party assessments and cloud risk assessment methodologies.
Familiarity with some or all the following types of tools: GRC, Data Privacy, Data Lineage & Data Loss Prevention.
Experience with GDPR, CCPA, SSAE18 SOC 2, ISO, NIST, PCI, SOX standards and compliance assessments.
Experience with cloud computing, online services, mobile applications, web and enterprise applications, and data analytics.
Ability to understand business process flows and to provide recommendations for operationalizing compliance requirements.
Experience with data discovery, data lineage, authorization and access management, and pseudonymization technologies.
Superior project management and time management skills.
Self-motivated with ability to not only work in group/individual setting, but able to drive action and make decisions independently with little to no direction.
The ability to communicate effectively with people at all levels.
Must be a confident communicator and presenter.
Must possess excellent organizational and planning skills.
Strong interpersonal skills, written and verbal communication.
Bonus Points if you Come With:
Has knowledge of information security frameworks, best practices, and regulations (GDPR, PCI, NIST, ISO,…)
Possesses one or more relevant professional certifications (CISSP, SANS, CISM, or other).
Has demonstrated successful experience in a related area, such as security engineering or operations, management consulting, or management and has the ability to discuss and articulate more technical and complex security topics (in addition to risk management concepts and the process of risk assessments).
Has confidence in their expertise, but also knows who to look to for help. Achieving greater skill sets and expanding their understanding of security control techniques should be an on-going goal.
Understands they must gain experience in other areas of technical or operational engineering. Ongoing education to maintain their certs and challenge their expertise will motivate this person.
Understands workload management including understanding and seeking help prioritizing. They help others on the team that may need their leadership, but their leadership qualities enable them to also lead people outside of their team or department.
Is able to communicate reports to coworkers in any department and help them understand proper information security controls, especially to non-technical team mates
They help coworkers figure out good security controls without compromising ethics or introducing unacceptable risk.
We work hard to make our work atmosphere as inviting and fun as possible! Working at Mistplay is coupled with a whole array of perks that we've adopted virtually and in-person: Team Lunches, game nights, company-wide events, and so much more.
Our culture is deeply rooted in growth and upheld by a team of smart, dynamic, and enthusiastic people. We utilize data to constantly learn, improve, and adapt. We foster an environment where everyone is encouraged to share their ideas, push boundaries, take calculated risks, and witness their visions come to life.
Think you have what it takes? We'd love to meet you!