iHerb, LLC

Director of Information Security

iHerb, LLC

full-time

Posted on:

Origin:  • 🇺🇸 United States • California

Visit company website
AI Apply
Apply

Salary

💰 $205,956 - $275,834 per year

Job Level

Lead

Tech Stack

CloudCyber SecuritySDLC

About the role

  • Lead global information security program with emphasis on Governance, Risk, and Compliance (GRC), Data Governance, and Application/Product Security
  • Drive strategy, execution, and oversight of enterprise-wide security initiatives to protect customer trust and sensitive data
  • Develop a vision and multi-year strategy for governance and risk management with measurable goals and metrics
  • Design, develop, coordinate, and document the secure operation of information systems and enterprise-wide data protection best practices
  • Ensure application/product security practices align with industry standards, regulations, and compliance frameworks and maintain necessary certifications
  • Oversee implementation of advanced security monitoring and analysis tools to detect and respond to security incidents and vulnerabilities
  • Evaluate the security posture of third-party cloud providers and vendors and implement strategies to manage and mitigate associated risks
  • Build, mentor, and lead security engineering, product security, cloud security, and GRC teams; foster a collaborative and innovative environment
  • Oversee penetration testing, vulnerability management, and remediation processes for applications and APIs
  • Partner with engineering teams to embed security into SDLC and CI/CD pipelines and champion DevSecOps practices
  • Act as a trusted advisor to executive leadership and the board on emerging security threats and business risks
  • Foster a security-first culture across the enterprise through training and awareness programs

Requirements

  • Master’s degree in an Information Technology related field of study or equivalent post-high school education and/or work-related experience
  • 10+ years of experience in Cybersecurity, GRC, Data Governance, Application or Product security
  • Strong team leadership skills directing teams in Cybersecurity, Governance Risk and Compliance, Data Governance, Application/Product Security
  • Experience leading and developing a strategic, comprehensive enterprise information security management program
  • Experience implementing security practices in CI/CD environment and familiarity with DevSecOps
  • Knowledge of GDPR, CCPA, PCI DSS, SOX, ISO 27001, NIST CSF
  • Experience with third-party risk management and vendor security assessments
  • Experience supporting regulatory audits and certifications in partnership with Legal, Compliance, and Internal Audit
  • Experience defining and enforcing data governance: data classification, retention, and handling
  • Experience driving adoption of DLP, encryption, and monitoring solutions
  • Application security experience: secure coding standards, OWASP Top 10, SAST, SCA, DAST, threat modeling, penetration testing, vulnerability management
  • Hands-on familiarity with cloud security and DevSecOps practices
  • Excellent problem solving, analytical, oral and written communication skills
  • Self-motivation and ability to work under minimal supervision
  • Excellent at multitasking and open to constant learning
  • Energetic and positive attitude