Stay in Touch



Director, Information Security






San Francisco, CA, US


Udemy is looking for an experienced and results-oriented Information Security and Compliance Director to develop Udemy’s comprehensive Information Security Program and improve its policies, processes, and technology in the area of Information Security and Compliance. This leader will partner with Engineering, Legal, HR and other Udemy stakeholders to identify gaps in security posture, help define information security framework strategy, build a roadmap, and then deliver world-class solutions.

Here’s what you’ll be doing:

    • Management of Udemy’s ongoing Information Security operations to ensure adherence to established procedures and protocols. Information protection responsibilities will include network, application and systems security, system access controls, vulnerability management, penetration assessments, and employee security awareness.
    • Maintain organizations’ awareness of regulatory requirements and emerging threats. Implement a plan to satisfy regulatory and compliance requirements related to security.  Work with Legal team to ensure that information systems adhere to GDPR European data privacy laws.
    • Review and enhance internal security protocols. Develop and maintain consistent metrics to measure program effectiveness.
    • Conduct ongoing risk assessments and policy review processes. Provide periodic reports to executive management as necessary.
    • Assist Udemy Sales organization with information security questionnaires during due diligence process with customers. Lead 3rd party security reviews for prospective providers and partners.
    • Lead security incident response, change management, SDLC, and other security operations processes including system acquisition/disposal, patch management, testing, sensitive data handling, encryption key management and system access control procedures.
    • Work with outside vendors as appropriate for items such as scanning, incident response and penetration assessments.

We’re excited about you because you have:

    • BS Computer Science (or equivalent) degree is required.
    • 8-10 years’ experience in the Information Security field with 5+ years of progressively growing responsibilities managing security professionals and building security and compliance teams.
    • CISSP, CISM, CRISC and/or CISA certification is strongly preferred.
    • Expert knowledge and prior experience with industry frameworks and standards like SSAE16 SOC2, ISO27001, PCI DSS.
    • Working knowledge and experience with Sarbanes-Oxley is strongly preferredWorking knowledge of EU data privacy laws. Practical implementation of GDPR.
    • Thorough understanding of the current threat and attack landscape, latest security trends and principles.
    • Knowledge and practical experience with modern security technologies and controls in datacenter and cloud environments: IAM, Federated Identity Management (OAuth 2.0, OpenID Connect, SAML), remote access and multi-factor security technologies, MDM, SSL, Cloud security, etc.
    • Familiarity with securing web related technologies (Web applications, Web Services, APIs, Service Oriented Architectures).
    • Experience in implementing and complying with CIS standards.
    • Excellent communication skills and ability to document and explain technical details clearly and concisely to technical and non-technical audiences
With a mission to improve lives through learning, Udemy is a global marketplace for learning and teaching online. More than 24 million students learn from an extensive library of over 80,000 courses taught by 35,000 instructors in over 50 languages. Whether learning for professional development or personal enrichment, students can master new skills through self-paced, on-demand courses, while instructors have a way to share their knowledge with the world. For companies, Udemy for Business offers subscription access to a collection of business-relevant courses as well as a simple platform to host and distribute their own content in one central place.
We’re a close-knit bunch that enjoys problem-solving and collaboration, and we share a serious commitment to delivering the best possible learning and teaching experiences. Udemy’s culture encourages innovation, creativity, passion, and teamwork. We also celebrate our milestones and support each other every day.
Founded in 2010, Udemy is privately owned and headquartered in San Francisco’s SOMA neighborhood with offices in Dublin, Ireland, Sao Paulo, Brazil, and Ankara, Turkey. Compensation includes full-time salary, equity compensation plan, and competitive benefits including healthcare, commuter benefits, parental leave, and a discretionary time off policy.
Udemy in the News:

Apply for the job

Subscribe to our blog.


Blog & Newsletter Signup