Dir, Information Security Engineering & Operations, Golf Entertainment Business

Callaway Golf Company is a leader in total performance, premium golf equipment and active lifestyle products while also being a great place to work! We are passionate and push the limits of innovation. We dare to be great while acting with integrity and respect. We stay hungry, yet humble. All while having fun and making golf enjoyable for everyone!

Our company is a blend of experience and diverse backgrounds, and our leaders have a strong history of building and selling successful initiatives. We are working to build a truly groundbreaking company, and we want top-notch people to join us in that mission.

ROLES AND RESPONSIBILITIES

• Manage and oversee a global team of security engineers and analysts to deliver projects to execute against the company’s cybersecurity strategy.
• Develop overall cybersecurity strategy in coordination with the Sr. Director of Global Information Security and Sr. VP of Global IT.
• Manage and oversee assessments of our security program and IT architecture to identify gaps, and recommend actionable and realistic changes or improvements.

• Design and create solutions that align enterprise security architecture frameworks and standards (e.g. NIST CSF, ISO 27002, and CIS benchmarks), and overall business and security strategy.

• Oversee and perform security risk assessments and testing for new technologies and IT projects.
• Support the Sr. Director of Global Information Security in the development of periodic Board of Directors and Executive Management presentations.
• Design information security policies and playbooks for information security processes and controls that align with enterprise security architecture frameworks and standards and the overall cybersecurity strategy. This position will build information security standards and governance with franchisees in existing countries and new countries that the Company is launching outside the US.
• Help design a secure infrastructure layer in coordination with Global IT Infrastructure that isolates sensitive data from general access.
• Integral member of the Incident Response Team for all major, high-risk cybersecurity incidents. Communicates and responds to incident details, risks, and response recommendations clearly and in a collaborative manner with Information Security and IT leadership, IT teams impacted, and the Law department.
• Works with external law enforcement, Information Security and IT leadership, physical security, Human Resources, Legal, and Finance to provide technical expertise regarding information security events and incidents.
• Documents security requirements and controls for protecting information, systems, and technology assets.
• Defines and documents how the implementation of a new technology impacts the security posture of the current environment.
• Provides input on security requirements to be included in request for proposals (RFPs), statements of work (SOWs), and other procurement documents.
• Participate in architectural reviews and threat modeling of systems and applications across IT teams.
• Self-motivated and solutions oriented. Willing to take on challenges while adapting to an ever-changing global threat landscape across our global brands.
• Provides coaching, direction, and leadership support to employees in order to achieve the department and company results that align with the cybersecurity, IT, and business strategies.

TECHNICAL COMPETENCIES (KNOWLEDGE, SKILLS, ABILITIES)

• Advanced in at least one of the following programming languages (C, Java, or Python).
• Well versed in network security, security policies, cryptography, authentication, and secure communication protocols.
• Must be able to review and design rules and policies on firewalls, including web application firewalls (WAFs) in coordination with the network team with a strong understanding of application data.
• Experience in installation and configuration of endpoint security tools such as antivirus and EDR, configuration management, and asset recognition.
• Ability to design, build, and implement enterprise monitoring capabilities for security event monitoring and vulnerability management.
• Expert knowledge of Security Information & Event Management systems (SIEMs).
• Complete command on dealing with security systems, intrusion detection systems (IDS), intrusion prevention systems (IPS), firewalls, antivirus software, log management, authentication systems, content filtering, etc.
• Strong technical knowledge of on prem and Cloud environments including Windows, Linux, SQL and Hana databases, MS Azure, AWS, VMware, Nutanix, etc.
• Technical knowledge of mobile app, gaming software, and SDLC processes to ensure security of the Company’s technology.
• Work experience in cybersecurity designs for systems, networks, and multi-level security requirements or requirements for processing multiple classification levels of data.
• Knowledge of risk management processes and experience in conducting risk assessments in coordination with Governance, Risk, and Compliance teams.
• Familiarity with the application of privacy principles to organizational requirements.

• Exceptional written, oral, and interpersonal communication skills.

• Experience managing large budgets and working with Finance and Legal teams on budget and forecast, contracts, procurement, and billing

• Ability to effectively work, collaborate, and communicate in a global-team and global-brand environment to define project requirements and deploy projects and train end users for major projects. This position will work with our golf entertainment businesses headquartered in the US and Europe.

• Ability to react quickly, and deliberately in high-stress, high-impact situations.
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
• Ability to effectively influence others to modify their opinions, plans or behaviors.
• An understanding of business needs and commitment to delivering high-quality, prompt and efficient service to the business.
• An understanding of organizational mission, values and goals and consistent application of this knowledge
• Provides coaching, direction, and leadership support to employees in order to achieve the department and company results that align with the cybersecurity, IT, and business strategies.
• Innovative thinker who is self-directed and resourceful.

EDUCATION AND EXPERIENCE

• Bachelor’s degree in Computer Science or equivalent work experience.

• Minimum 8 years in IT, with 5 years of information security experience especially on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC).
• Minimum 3 years of information security leadership experience specific to security engineering.
• Experience and proven track record working on large scale, global, enterprise information security projects and programs.

• Proven work experience as an information security manager, architect, and/or engineer. Experience in using software / hardware / networking tools for White-Hat Hacking is a plus. Hands on Linux and Windows Administrator functions.
• Previous experience working in a highly regulated industry that collects personally identifiable information (PII).

• Experience with Incident Response (IR), forensic, and “hunting” for security events.
• Experience in entertainment, media, or food service businesses would be a plus.

• Security certifications, such as AWS Certified Solutions, PenTest+, CEH, OSCP, would be a plus.
• CSSP, CCSP, CISSP, CISM or similar certification required.
• Strong knowledge and competence in a variety of industry and regulatory frameworks for cybersecurity, data privacy, and IT such as ISO 27001, ISO 27017, PCI-DSS, SOX-404, NIST CSF, NIST SP 800-53/ITSG-33, CCPA and CPRA, GDPR, ITILv3, SOC 2, and SOC 3.

WORK ENVIRONMENT (if applicable)

• Work is performed in a Hybrid work environment with part time in a designated professional office workstation and environment.
• This position will include travel to the Carlsbad office and international venues on a regular basis.