Director, Information Security and Compliance

Information Technology
H0700562 Requisition #

The Director of Information Security is a senior leadership role within the STS organization, reporting to the CISO, responsible for the development and execution of the overall enterprise information security roadmap that includes creation and implementation of effective and reasonable security standards and policies to secure protected and sensitive data and ensure information security and compliance with relevant legislation as well as identification, selection and deployment of security services and tools to identify, address and mitigate security risk.


• Define and drive the overall information security strategy and roadmap for the company including fortification of existing enterprise assets, implementation and constant revalidation of policies and procedures that enable consistent, effective information security practices which minimize risk and ensure the integrity, confidentiality, and availability of information that is owned, controlled, and processed within the organization.
• Ensure creation, validation and execution of clearly defined and executable information security policies, standards, and procedures with appropriate governance to ensure ground level adoption.
• Create a culture of cyber security from the ground up both within the business lines and the technology team, starting with business requirements all the way through design, development and validation of code and configuration.
• Initiate, facilitate, and promote activities to foster information security awareness within the organization. Establish the policies, procedures, tools, configurations, training, and audits that comprise the program.
• Collaborate actively with the Chief Architect and the architecture team in the Agile software development process as a security subject matter expert, to ensure that the product architecture conforms with all company security policies and security best practices. And to ensure that all software developed by the company will meet all security audit, compliance, and control requirements.
• Work directly with business units and other internal departments and organizations to facilitate IS risk analysis and risk management processes, identify acceptable levels of residual risk, establish roles and responsibilities related to information classification and protection, and to ensure that other managers are taking effective remediation steps.
• Ensure ongoing compliance with applicable laws and regulations, in coordination with the Legal Department and establish the policies, procedures, tools, configurations, training, and audits that comprise the program.
• Manage security incident response planning as well as the investigation of security breaches including convening a Security Incident Response Team (SIRT), as needed, while serving as the primary control point during such incidents.
• Coordinate and track all information technology and security-related audits including scope of audits, timelines, auditing agencies, and outcomes; work withoutside consultants as appropriate for independent security audits.
• Ensure that security policies and procedures are regularly communicated to all staff, and that compliance is enforced. Continuously update the organization’s security strategy to leverage new technology or adapt to new and emerging threats.


• A bachelor's degree in information systems, engineering or equivalent work experience; an M.B.A. or M.S. in information security is preferred.
• Candidates with the following certifications are preferred: ISC2, SANS, ISACA, or other recognized security professional credentialing organization.
• 5-7 years of experience in security roles with increasing responsibility and business-leadership exposure, culminating in a leadership role. Previous roles may include information security analyst, application security or penetration testing, network-related security roles (firewall, intrusion detection, data loss prevention), or audit/compliance such as working to maintain SOX, PCI, and/or HIPAA compliance.
• 8-10 years or experience in an enterprise technology environment, ideally with customer-facing systems and services. Numerous roles are applicable – operations, application development, networking, systems and infrastructure architecture, or other as applicable
• Strong infrastructure security skills including IDS/IPS, firewall, SIEM, server and OS hardening, malware detection, physical security, transport and at-rest encryption on file systems, DB, and other data persistence mechanisms.
• Previous experience driving strategic planning and associated processes for budgeting and portfolio decision-making for business or technology goals is required. The ability to distill requirements from non-technical staff and working relations and build road-maps and prioritize over time is also required.
• Experience driving SOX/PCI compliance audit initiatives with internal and external auditors.
• Excellent written and verbal communication skills — including the ability to effectively compile and present security- and risk-related concepts to technical and nontechnical audiences — and strong interpersonal and collaborative skills
• High level of personal integrity, with the ability to handle confidential and otherwise sensitive matters professionally and with the appropriate level of judgment and maturity.
• Demonstrated experience in leading and executing/delivering cross functional projects in a dynamic, fast-paced matrixed environment with a sophisticated ability to balance between security strategies and other priorities at the organizational level.


Scholastic Corporation (NASDAQ: SCHL) is the world's largest publisher and distributor of children's books, a leading provider of core literacy curriculum and professional services, and a producer of educational and entertaining children's media. The Company creates quality books and ebooks, print and technology-based learning programs for pre-K to grade 12, classroom magazines and other products and services that support children's learning both in school and at home. With operations in 14 international offices and exports to 165 countries, Scholastic makes quality, affordable books available to all children around the world through school-based book clubs and book fairs, classroom collections, school and public libraries, retail and online. True to its mission of 100 years to encourage the personal and intellectual growth of all children beginning with literacy, the Company has earned a reputation as a trusted partner to educators and families. Learn more at

Some benefits that we offer:

• 100% vested of 401(k) Retirement Plan after 5 years employment
• Up to 1M worth of supplemental Life Insurance
• Tuition Reimbursement
• Purchase Scholastic stock at a 15% discount

Thank you for your consideration in choosing Scholastic.

Equal Employment Opportunity

Scholastic is an Equal Opportunity Employer. Our policy is clear: there shall be no discrimination on the basis of race, religion, color, sex, pregnancy, national origin, marital status, sexual orientation, gender identity or expression, age, non-disqualifying physical or mental disability, or status as a disabled veteran or Vietnam veteran.

Those factors shall not influence the determination of qualifications for a job or other opportunity within the company. Further, all personnel actions (such as compensation, tuition aid, benefits, transfers, promotions, and dismissals, company-sponsored training, social and recreational programs) shall be administered without discrimination.

To view the full EOE policy, click here.

To view the Scholastic Inc. EEO Policy statement, click here.

To view the Pay Transparency provision, click here.​

My Profile

Create and manage profiles for future opportunities.

Go to Profile

My Submissions

Track your opportunities.

My Submissions

Similar Listings

New York, United States

📁 Information Technology

New York, United States

📁 Information Technology

New York, United States

📁 Information Technology