Director, Security Engineering

Facebook's mission is to give people the power to build community and bring the world closer together. Through our family of apps and services, we're building a different kind of company that connects billions of people around the world, gives them ways to share what matters most to them, and helps bring people closer together. Whether we're creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to empower people around the world to build community and connect in meaningful ways. Together, we can help people build stronger communities - we're just getting started.

The role of Director of Security, Privacy, Access, Risk and Compliance (SPARC) will lead the multi-disciplined organization that works directly with Facebook product and engineering teams, as well as global Policy, Legal and Regulatory teams. This team ensures that Facebook complies with applicable regulations, that we constantly assess our security posture, and ensures that we have well documented controls in accordance with regulation for both internal and external audits. This organization also supports the program and project management teams that work across the company to ensure security programs and objectives are met in a timely manner.

The ideal candidate will have demonstrated scaled organizational leadership capabilities, a passion for driving program impact through operational excellence and rigor, experience navigating complex regulatory constraints, familiarity with software product development cycles, and a collaborative and positive attitude.

• Lead Information Security Governance, Risk, and Compliance function.
• Define operating metrics and team goals and manage the organization to meet them.
• Build and lead a high-performing team, including mentoring and developing managers of managers.
• Responsible for people management of a team, providing performance reviews, continual feedback, coaching and career growth for direct reports.
• Establish clear Security review processes and practices with sufficient rigor to serve as controls in the Facebook Security Program, and regularly assess efficiency of control systems and recommend effective improvements.
• Design and coordinate policy and procedure reviews, training materials and communication to ensure departments meet security compliance requirements.
• Work with a cross functional team on risk-based monitoring and evaluation activities, including risk assessment, monitoring and testing, analysis of findings, and reporting to ensure effective, sustainable risk management processes exist.
• Design, implement, maintain, and improve programs to address key company risks and prepare internal teams for independent assessments against a wide variety of regulatory and compliance frameworks.
• Ensure security projects are delivered with high quality and timeliness, design and develop scalable solutions that meet the goals and objectives of our Security operations while streamlining and scaling the process optimization is key.
• Understand product roadmaps and key strategic priorities so your team can continually refine company policies as they relate to the Security Posture while taking into consideration rapid innovation needs.
• Utilize knowledge of data analysis tools and techniques to analyze, quantify, and/or assess risks and to evaluate controls to identify potential weaknesses and/or control gaps.
• Develop tools and processes to scale the team's operation where needed to minimize manual efforts for compliance and technical audit.

• Support teams within the org that coordinate with internal and external auditors regarding security controls (SOX, SOC2, PCI-DSS, etc.) and privacy frameworks (CCPA, GDPR, etc.) and work to resolve identified gaps.

• 10+ years of work experience, including hands-on management and proven contribution.
• Experience in global security policy and risk management, either for products and/or creating policies at a corporate level at both strategic and operational levels.
• Proven experience managing teams and managing managers.
• Experience or familiarity with security, legal or policy frameworks and operations.
• Experience in technical concepts similar to cloud computing environments, including logical access control, agile development process, secure coding principles, security architecture, information security, network security, and privacy.
• Experience working cross-functionally with all levels of management, both internally and externally, as well communicating and influencing decisions at the executive level.
• Experience in companies that deliver software solutions or products/services that touch data use, security and privacy.

• Experience driving strategy and end-to-end implementation of projects, while maintaining confidentiality and discretion.

• Understanding of common software weaknesses, penetration testing, and the security development lifecycle.
• 4+ years experience of active participation in a security or privacy related field, including but not limited to: identity management, information protection, threat detection, penetration testing, or incident response.

• Familiarity with regulatory compliance programs, such as: Sarbanes Oxley, GDPR, CCPA, SOC2, etc.

Facebook is proud to be an Equal Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.Facebook is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at [email protected]