Callaway Golf Company is a leader in total performance, premium golf equipment and active lifestyle products while also being a great place to work! We are passionate and push the limits of innovation. We dare to be great while acting with integrity and respect. We stay hungry, yet humble. All while having fun and making golf enjoyable for everyone!
Our company is a blend of experience and diverse backgrounds, and our leaders have a strong history of building and selling successful initiatives. We are working to build a truly groundbreaking company, and we want top-notch people to join us in that mission.
This position is responsible for managing and overseeing the Company’s technology and data are secure from malicious attacks that may breach or expose the Company’s IT systems, employee information, or intellectual property. This position designs and develops security architecture patterns that meet regulatory obligations and data protection requirements as well as align with the business and company cybersecurity strategy. The Information Security Director will lead global team of security engineers and analysts to build security controls and solutions that align with best in class architecture frameworks and standards.
ROLES AND RESPONSIBILITIES
- Direct and oversee a global team of security engineers and analysts to deliver projects to execute against the company’s cybersecurity strategy.
- Develop overall cybersecurity security strategy in coordination with the Director of Global Information Security and VP of Global IT.
- Manage and oversee assessments of our security program and IT architecture to identify gaps, and recommend actionable and realistic changes or improvements.
- Design and create solutions that align enterprise security architecture frameworks and standards (e.g. SABSA, NIST 800-53, ISO 27002), and overall business and security strategy.
- Oversee and perform risk assessments and testing for new technologies and IT projects.
- Develop periodic Board of Directors and Executive Management presentations in coordination with the Director of Global Information Security and VP of Global IT.
- Design policies for systems and software development with the goal of protecting sensitive data.
- Help design a secure infrastructure layer that isolates sensitive data from general access in coordination with Global IT Infrastructure.
- Integral member of the Incident Response Team for all major, high risk incidents of security breaches.
- Works with external law enforcement, management, physical security, Human Resources, Legal, and Finance with the Director of Global Information Security and VP of Global IT to provide technical expertise regarding information security events and incidents.
- Document security requirements and controls for protecting information, systems, and technology assets.
- Define and document how the implementation of a new technology impacts the security posture of the current environment.
- Provide input on security requirements to be included in request for proposals (RFPs), statements of work (SOWs), and other procurement documents.
- Implement and improve Secure Software Development Lifecycle (SSDL) across organizational teams.
- Participate in architectural reviews, threat modeling of applications across development teams.
- Knowledge of application security standards like OWASP ASV, SCVS along with the knowledge and understanding of maturity models like BSIMM, OWASP SAMM or similar models.
- From a CI/CD perspective, create and evolve continuous strong process across software code development reviews by influencing dev teams to write clean code and follow best development practices.
- Self-motivated and solutions oriented. Willing to take on challenges while adapting to an ever-changing global threat landscape across our global brands.
TECHNICAL COMPETENCIES (KNOWLEDGE, SKILLS, ABILITIES)
- Expert in at least one of the following programming languages (C, Java, or Python).
- Well versed in network security, security policies, cryptography, authentication, and secure communication protocols.
- Must be able to review and design rules and policies on firewalls, including web application firewalls (WAFs) in coordination with the network team with a strong understanding of application data.
- Experience in installation and configuration of endpoint security tools such as antivirus and EDR, configuration management, and asset recognition.
- Ability to design and build enterprise monitoring capabilities.
- Expert knowledge of Security Information & Event Management systems (SIEMs) such as ArcSight or Splunk.
- Complete command on dealing with security systems, intrusion detection systems (IDS), intrusion prevention systems (IPS), firewalls, anti-virus software, log management, authentication systems, content filtering, etc.
- Strong technical knowledge of on prem and Cloud environments including Windows, Linux, SQL and Hana database, MS Azure, VMware, Nutanix, etc.
- Work experience in cybersecurity designs for systems, networks, and multi-level security requirements or requirements for processing multiple classification levels of data.
- Knowledge of risk management processes and experience in conducting risk assessments.
- Familiarity with the application of privacy principles to organizational requirements.
- Exceptional written, oral, and interpersonal communication skills.
- Ability to work and collaborate in a global-team and global-brand environment.
- Ability to effectively work, collaborate, and communicate with global business teams to define project requirements and deploy projects and train end users for major projects.
- Ability to meet tight deadlines and to prioritize tasks.
- Innovative thinker who is self-directed and resourceful.
EDUCATION AND EXPERIENCE
- Bachelor’s degree in Computer Science or equivalent work experience.
- Minimum 10 years in IT, with 5 years of information security experience across a combination of Antivirus, EDR, IDS/IPS, Firewall, SIEM, FIM, Database, and application monitoring technologies.
- Minimum 3 years’ experience in leading technical teams.
- Experience and proven track record working on large scale, global, enterprise information security projects and programs.
- Proven work experience as an information security manager, architect, and/or engineer. Experience in using software / hardware / networking tools for White-Hat Hacking is a plus. Hands on Linux and Windows Administrator functions.
- Previous experience working in a highly regulated industry that collects personally identifiable information (PII).
- Experience with Incident Response (IR), forensic, and “hunting” for security events.
- Security certifications, such as AWS Certified Solutions, PenTest+, OSCP, would be a plus.
- CSSP, CCSP, CISSP, CISM or similar certification required.
- Strong knowledge and competence in a variety of industry and regulatory frameworks for cybersecurity, data privacy, and IT such as ISO 27001, ISO 27017, PCI-DSS, SOX-404, NIST CSF, NIST SP 800-53/ITSG-33, CCPA and CPRA, GDPR, ITILv3, SOC 2, and SOC 3.
Callaway Golf is an Equal Opportunity Employer