Stay in Touch



Director, Information Security






San Francisco, CA, US


Udemy is looking for an experienced and results-oriented Information Security and Compliance Director to develop Udemy’s comprehensive Information Security Program and improve its policies, processes, and technology in the area of Information Security and Compliance. This leader will partner with Engineering, Legal, HR and other Udemy stakeholders to identify gaps in security posture, help define information security framework strategy, build a roadmap, and then deliver world-class solutions.

Here’s what you’ll be doing:

    • Management of Udemy’s ongoing Information Security operations to ensure adherence to established procedures and protocols. Information protection responsibilities will include network, application and systems security, system access controls, vulnerability management, penetration assessments, and employee security awareness.
    • Maintain organizations’ awareness of regulatory requirements and emerging threats. Implement a plan to satisfy regulatory and compliance requirements related to security.  Work with Legal team to ensure that information systems adhere to GDPR European data privacy laws.
    • Review and enhance internal security protocols. Develop and maintain consistent metrics to measure program effectiveness.
    • Conduct ongoing risk assessments and policy review processes. Provide periodic reports to executive management as necessary.
    • Assist Udemy Sales organization with information security questionnaires during due diligence process with customers. Lead 3rd party security reviews for prospective providers and partners.
    • Lead security incident response, change management, SDLC, and other security operations processes including system acquisition/disposal, patch management, testing, sensitive data handling, encryption key management and system access control procedures.
    • Work with outside vendors as appropriate for items such as scanning, incident response and penetration assessments.

We’re excited about you because you have:

    • BS Computer Science (or equivalent) degree is required.
    • 8-10 years’ experience in the Information Security field with 5+ years of progressively growing responsibilities managing security professionals and building security and compliance teams.
    • CISSP, CISM, CRISC and/or CISA certification is strongly preferred.
    • Expert knowledge and prior experience with industry frameworks and standards like SSAE16 SOC2, ISO27001, PCI DSS.
    • Working knowledge and experience with Sarbanes-Oxley is strongly preferredWorking knowledge of EU data privacy laws. Practical implementation of GDPR.
    • Thorough understanding of the current threat and attack landscape, latest security trends and principles.
    • Knowledge and practical experience with modern security technologies and controls in datacenter and cloud environments: IAM, Federated Identity Management (OAuth 2.0, OpenID Connect, SAML), remote access and multi-factor security technologies, MDM, SSL, Cloud security, etc.
    • Familiarity with securing web related technologies (Web applications, Web Services, APIs, Service Oriented Architectures).
    • Experience in implementing and complying with CIS standards.
    • Excellent communication skills and ability to document and explain technical details clearly and concisely to technical and non-technical audiences
We believe anyone can build the life they imagine through online learning. Today, more than 30 million students around the world are advancing their careers and passions by exploring and mastering new skills on Udemy, and expert instructors are able to share their knowledge with the world. Through our global marketplace and our solutions for businesses and governments, we connect people everywhere with the skills they need for success in work and life. We’re a close-knit bunch that enjoys problem-solving and collaboration, and we share a serious belief in the power of learning and teaching to change lives. Udemy’s culture encourages innovation, creativity, passion, and teamwork. We also celebrate our milestones and support each other every day.
Founded in 2010, Udemy is privately owned and headquartered in San Francisco’s SOMA neighborhood with offices in Denver (Colorado), Dublin (Ireland), Ankara (Turkey), and São Paulo (Brazil).

Apply for the job

Subscribe to our blog.


Blog & Newsletter Signup