Head of Information Security
Quizlet’s mission is to help students (and their teachers) practice and master whatever they are learning. Every month more than 50 million active learners from 130 countries practice and master more than 300 million study sets on every conceivable topic and subject. We are developing new learning experiences by modeling how students learn and by drawing upon knowledge acquisition, retention, and pedagogy in cognitive science. We are always seeking to help students master any subject by optimizing study efficiency and engagement.
To learn effectively, Quizlet’s users need to trust that their personal information is protected. To that end, Quizlet seeks an experienced leader to join and lead our Information Security team. Situated within Quizlet’s diverse Engineering team, the Head of Information Security (HOIS) partners across all aspects and organizational levels of Quizlet to implement and drive a secure and private experience for all our users. Working within the Player/Coach and Servant/Leader models, Quizlet’s HOIS will be driving change across the organization by affecting both the bits and the culture.
Quizlet is a leading company in consumer learning technology with proven traction and huge growth ahead. Our business model is robust with two strong revenue streams — advertisements and paid subscriptions. Our ads business allows us to offer amazing study tools to millions of students around the globe for free. Our premium subscriptions give students and teachers the ability to create custom content and access learning analytics tools. Come help us scale one of the fastest growing and highest quality consumer learning brands, as we develop innovative simple-to-use study tools that help students everywhere.
Head of Information Security (HOIS) is responsible for protecting Quizlet and protecting Quizlet’s users by ensuring the Confidentiality, Integrity, and availability of Quizlet’s digital assets (CIA).
- Digital assets are the users’ data, partner data, and intellectual property as contained within or accessible by Quizlet’s Corporate and Product technological footprints.
- Digital assets are confidential when they are accessible (read or write) only to authorized parties, either users or employees.
- Digital assets have integrity when confidence is high that assets as read to an authorized party are exactly as written by an authorized party.
- Digital assets are available when they are accessible to all authorized parties within an agreed upon SLO, and when innovation (product or corporate) related to such access can occur within an agreed upon SLO.
HOIS is expected to meet these responsibilities by:
- Partner and align with stakeholders to drive tradeoff decisions among technical risks and business velocity.
- Drive technical implementation by directly implementing mitigations, coordinating implementation of mitigations with other teams, and providing primitives to other team to enable their development to be secure by default.
- Own and curate Quizlet’s technical security roadmap and steady-state penetration and vulnerability programs.
- Partner with stakeholders to provide security visibility into production systems.
- Foster a company-wide security culture through training and socialization of best practices.
- Own and support policies and procedures surrounding appropriate access to digital assets.
- Align with established Behavioral Norms for all engineering managers.
- Align with established Roles and Responsibilities for product engineering managers, and call out when those Roles and Responsibilities don’t align with InfoSec needs.
- HOIS is not responsible for Physical Security.
5+ years experience as owner of an information security program & team(s) in a growing hosted Services company.
Qualifications are described below next to plan for evaluation.
- Growing and managing teams, coaching and developing engineers.
- Testing and directly mitigating against common application security issues such as the OWASP Top 10.
- Specific experience in application or cloud security.
- Authoring or contributing to information security documentation and policies.
- Working within one or more public cloud providers (GCP, AWS, Azure, Alibaba).
- Collaborating and building strong working relationships with internal stakeholder teams.
- Explain technical concepts clearly and concisely to engineers and non-engineers
- Owning, building and scaling a well rounded, cross-functional security program.
- Organizational and project management skills.
- Experience in a UGC (user generated content) environment
Quizlet's Team Culture
We are here to make education better and more accessible. We strive to improve the lives of students and teachers at every stage and in every setting. We have a bias for action, take initiative, and hustle to deliver results. We make informed decisions whenever possible but are unafraid to take calculated risks on great ideas to promote learning. We embrace challenges and see effort as the path to mastery. We’re constantly seeking opportunities to learn and we embrace curiosity. Quality matters at Quizlet, and we hold the bar high on everything we do. We sweat the details and take personal accountability and pride in anything that carries the Quizlet name. We speak up, jump in and work with each other to fix problems, and never say "that's not my job." We treat each other with honesty and respect, encourage vigorous debate, and seek critical feedback. We value diversity, humility, transparency, and collaboration as the best paths to our success — as individuals, as a team, and as a company.
Quizlet’s success as an online learning community depends on a strong commitment to diversity, equity and inclusion. We are actively working to build a team that is representative of the diverse communities we serve, and an open, inclusive work environment where all employees can thrive. As an equal opportunity employer and a tech company committed to societal change, we welcome applicants from all backgrounds. Women, people of color, members of the LGBTQ+ community, individuals with disabilities, and veterans are strongly encouraged to apply. Come join us!