Chief Information Security Officer

Overview

Get ready to lead the charge in information security at the forefront of our modern SaaS company! Reporting directly to the Chief Executive Officer (CEO), the Chief Information Security Officer (CISO) is not just a guardian of digital assets – you're the strategic force behind our information security compliance and risk function.

In this critical leadership role, you'll ensure compliance with PCI, HIPAA, CCPA, CPRA, GCPR, and other privacy laws, showcasing your prowess in maintaining the security, privacy, and integrity of our digital assets and customer data. Picture yourself at the helm of strategic planning, governance, and operational oversight, shaping and executing the company's information security program. As a high-visibility player, your communication skills will shine as you positively represent the organization, maintaining the highest level of integrity and leading by example in all areas. Join us in this digital safeguarding adventure, where your leadership ensures that our information landscape is secure, private, and always in integrity.

Here’s just some of what you will be doing daily…

• Develop and implement a comprehensive cybersecurity strategy that aligns with the company's business objectives and industry best practices.
• Establish and oversee security governance, risk management, and compliance programs to ensure adherence to relevant regulations and standards.
• Develop and implement policies and procedures to ensure compliance with PCI, HIPAA, CCPA, CPRA, GDPR, and other privacy laws and regulations.
• Identify and assess potential risks to the organization's security and privacy posture and recommend remediation strategies.
• Collaborate with cross-functional teams, including Legal, Technology, Operations, and Business units, to implement security and privacy initiatives.
• Ensure appropriate security and privacy controls are in place, including monitoring, testing, and reporting.
• Work with the Legal team to respond to regulatory inquiries, investigations, and audits.
• Manage relationships with external auditors, regulators, and vendors to ensure compliance with applicable laws and regulations.
• Lead the development and implementation of the organization's privacy program, including data governance, data mapping, and data retention policies.
• Monitor and maintain the ministry-wide security infrastructure and frameworks while analyzing, planning, and making recommendations for changes to ensure consistency across the ministry.
• Perform periodic security compliance audits and assessments, and data forensic review for vulnerability or compromise and ensure implementation of a resolution.
• Analyze requirements and make recommendations to optimize performance of security software programs or information systems.
• Ensure compliance with the changing laws and applicable regulations. Stay current with security technologies and make recommendations on business value. Stay updated on the latest cybersecurity threats, vulnerabilities, and trends, adapting security measures accordingly. Translate that knowledge to identification of risks and actionable plans to protect the business.
• Ensure that Information Security policies and procedures are communicated to all personnel and that compliance is enforced. Communicate best practices and risks to all parts of the ministry, outside of Technology group.
• Foster a learning environment where training, risk management, operational best practices, and biblical values go hand in hand with innovative solutions that best fulfill the ministry’s mission.
• Utilize the EMF Leadership Framework in setting professional goals for self. Actively seek and partake in training & education to deepen Biblical understanding, media/business acumen, leadership knowledge, interpersonal awareness, and communication skills.

We are looking for a very specific skill set and business acumen. If you can say yes to each of these requirements, then we want to meet you!

• MS/MA Degree, or additional 6 years of relevant information and network security experience. Master of Science in Information Security or Cybersecurity is preferred.
• Minimum 8 plus years’ experience in Management/Leadership.
• Minimum of 8-12 years or work experience as an information security practitioner, compliance, or related role.
• Certified Chief Information Security Officer (CCISO), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or Certified Information Security Auditor (CISA) and formal information security education is required.
• Experience in the evaluation and implementation of enterprise-wide information security technologies and concepts. These may include but are not limited to: Data Loss Prevention, Security Event Management, GRC Tools, Data Classification, Data Mapping, Data Retention.
• Proven experience of effectively managing through an information security incident, external attack, or data breach, and as a result, strengthening the organization’s information security posture to prevent future events or can demonstrate how their proactive efforts and foresight as an information security leader have prevented such an incident from occurring in the first place.
• Requires well developed communication, business, and Cyber security skills.
• Strong written and verbal communication skills and presentation skills.
• Requires proven and effective team leadership and collaboration skills, with the ability to work effectively with others through conflicting pressures and priorities while resolving complex issues.
• Excellent interpersonal skills with the ability to develop sincere business/ministry relationships.
• Demonstrated ability to work independently; establishing and meeting performance/ministry goals.
• Exhibits versatility and flexibility. Regularly adapts to change while maintaining a positive attitude and high productivity.
• Demonstrated ability to represent ministry and executive staff professionally and maintain confidentiality.

Why work for Educational Media Foundation, K-LOVE/Air1?

Educational Media Foundation (EMF) is a nonprofit, multi-platform media company on a mission to draw people closer to Christ. Founded in 1982 in Santa Rosa, CA, with a singular radio station, EMF today owns and operates the nation's two largest Christian music radio networks (K-LOVE and Air1) with over 1,000 broadcast signals across all 50 states, streaming audio reaching around the world, and a growing family of media ministries including podcasts, books, films, concerts, and events. EMF employs nearly 500 team members between its offices in Nashville, TN, Rocklin, CA, and field locations around the country. You can view our mission and values here Mission, Beliefs & Values. 

What can we offer you?

• Industry leading Medical, Dental & Vision coverage
• Short/long term disability and life insurance
• Robust 401K with company match
• Parental leave with Baby Bonding pay
• Generous PTO, holiday and sick pay
• Unique company culture that includes exclusive access to concerts, movie premieres, media industry events, and more
• Leadership and Career Development Programs including free access to LinkedIn Learning platform

“As an Equal Opportunity Employer, EMF makes employment decisions based on merit and other legitimate reasons. The Company is committed to a diverse and inclusive work environment and the promotion of equal employment opportunities regardless of protected class, characteristic or status.  However, EMF is also a religious non-profit organization where all team members contribute to the Company’s mission of encouraging our audiences “to have a meaningful relationship with Christ.” Therefore, pursuant to the Civil Rights Act of 1964, Section 702 (42 U.S.C. 2000e I(a)), EMF has the right to hire only candidates who agree with the Company’s Statement of Faith.  Also, as a religious non-profit organization, the Company is not governed by the CA Fair Employment and Housing Act.”