Emerald Talent Group
Whitepages Inc. is a global leader in digital identity verification. Our solutions include Whitepages Premium for consumers and Whitepages Pro for businesses. Whitepages Premium provides subscribers access to U.S. public records to verify contact details, mobile numbers, bankruptcy history, criminal records, and more to facilitate trusting interactions in today’s sharing economy. Whitepages Pro provides businesses with global identity verification solutions via enterprise-scale APIs and web tools to help companies identify the legitimate customers from the fraudulent ones.
Our foundation is data at massive scale. Our open search web properties serve 55 million visitors per month and account for more than 90% of free people searches in North America. To support these users, Whitepages has developed its own fully-integrated, high-availability Identity Graph database which houses more than 5 billion global identity records. These records have been curated and corroborated from hundreds of different sources and made available to our users to deliver unparalleled coverage, accuracy, and performance. Whether you are looking up an old friend, checking out someone you’ve met online, or powering a fraud solution for your enterprise, Whitepages can help you verify identities worldwide.
The Head of Information Security and Compliance is a position responsible for developing, implementing and maintaining information security measures to safeguard Whitepages key data, ensuring the confidentiality, integrity and availability of its information assets. This role will consult with stakeholders across the company (including IT, legal, engineering, HR, sales, marketing) regarding the company’s information security risks and responsibility in minimizing and developing compensating controls for those risks. This includes a general understanding of the financial, legal, regulatory, and technical risks to Whitepages’ information assets, and developing, implementing, and maintaining pragmatic security controls to mitigate this risk.
Essential Functions & Responsibilities
- Hands-on development and maintenance of an information security control framework scoped to Whitepages’s business in accordance with applicable security regulations, guidance, policies and standards
- Implement and maintain enterprise-wide security policies, standards, procedures and guidelines
- Conduct regular Information Security Risk Assessments, including interviews of applicable stakeholders, designed to evaluate and compile inherent risks, controls and residual risks. Ensure appropriate security controls are in place to mitigate unacceptable risks
- Develop parameters for and provide periodic reporting on security metrics to measure the effectiveness of the information security program
- Manage security awareness programs and coordinate associated training testing, and meetings as appropriate
- Serve as Whitepages’s primary resource on industry best practices related to information security
- Consult with Engineering teams during project and product development efforts. Ensures that appropriate security controls are considered during vendor selection and development efforts
- Implement, maintain and monitor security and vulnerability tools to protect Whitepages key data assets in both the corporate and production environments
- Serve as a key member of the incident response team, working across departments to coordinate responses to security incidents, as needed
- Develop and maintain BCP/DRP/Pandemic plans in accordance with FFIEC guidance
Knowledge and Skills:
- Bachelor’s Degree in information security and business management disciplines or equivalent experience
- 5+ years of experience working with network and operating system security concepts
- 3+ years of information security and risk management experience
- Experience managing projects or programs from inception to implementation to achieve information security objectives
- Experience working with Host- and Network-based Intrusion Detection/Prevention systems (NIDS/NIPS), including signature development and event/alert analysis
- Experience with SIEM systems, including automating analytic tasks and correlation rule development
- Experience working with cyber threat intelligence, including identification and categorization of APT actors and integrating threat intel with cyber defense capabilities
- Windows, Linux and Mac experience