Pearson Director, Global Product Information Security Officer (PISO) in Centennial, Colorado

Director, Global Product Information Security Officer (PISO)


At Pearson, we have a once in a generation opportunity to transform teaching & learning to prepare people for a changing economy. The educational ecosystem is changing at a ferocious pace. Our company is changing rapidly. We no longer have the luxury of waiting to see how the market will change; we need to operate differently. Learners today are preparing to enter a world of work in which the skills required for employment are rapidly changing. Lifelong learning & ongoing re-skilling will become a reality for most.

In addition - Technology has changed our expectations of how we live, work, communicate. Learners expect education to be engaging and inspiring. They expect digital learning to be as responsive, secure, fast and effective as the other apps in their pocket - Facebook, iTunes. They expect to have access to learning anytime, anyplace, any device and get help when they need it - Consumer Grade without being a target of cyber attacks.

Role purpose

The Director, Global Product Information Security Officer (PISO) is responsible for the overall security and assurance of all Pearson global digital platforms and products,.Key success criteria for this role include: driving security into all customer facing Pearson’s digital platforms and products. Ensure risk remediations and backlogs are prioritized appropriately within global product teams. Influence the executive community on the state and efficacy of security controls for their products, maintaining two-way communications between Product Technology Team’s (GPT) and CISO. Secure ongoing security funding for special / complex projects, and evangelizing DevSecOps across all product teams.


As a direct report to theVP, Security Architecture and Engineering, you will have the following accountabilities:

  • Own the global product security blueprint and architecture for all Pearson’s customer facing products

  • Be the change leader for global product teams to embrace DevSecOps through automation and security integration to CI/CD processes

  • Ensure all Pearson’s cloud digital platforms and products meet key security and compliance requirements

  • Strong leadership skill driven both from business and security perspectives to ensure delivery of product security solutions which are aligned to Pearson’s business needs;

  • Evangelize secure cloud platform & product requirements

  • Serve as a security leader in application development, database and microservice design, container and/or virtual machine technologies, helping project teams comply with enterprise and CISO security policies, industry regulations, and best practices

  • Coordinate incident response, investigation, and resolution of security incidents across global products

  • Provide strategic and tactical security guidance for existing and new product and service deployments across global product teams

  • Effectively consume services from CISO matrix teams providing application security services

  • Communicate the importance and promote awareness of information security, information risk, and privacy to business units, customers and partners within the global product teams;

  • Work closely with fellow CISO teams to ensure consistent value-added security services for the global products and core platforms;

  • Work collaboratively with a diverse, global, and multicultural community;

  • Maintain confidentiality of work related information and materials;

  • Establish and maintain effective working relationships throughout the company;

  • Able to present information to large and small groups, and convey messages to both technical and non-technical audiences;

  • Contributes to the development and maintenance of the information security strategy, policies and standards;

  • Embrace a culture of continuous service improvement and service excellence; and

  • Stay up to date on security industry trends.

Key Success Criteria

  • Security state of global platforms and products measured through a formalized dashboarding process

  • Extent of which security Non Functional Requirements (NFRs) and implemented and tested for new platforms and products

  • Successful adoption of DevSecOps by product teams

  • Extent to which a risk aware culture and secure coding practices are adopted by product teams



  • 12 years in Information Security space; with a focus on digital platform and product security

  • Minimum of 10 years of relevant experience in secure SDLC (i.e., Agile, DevOps), threat modelling, risk management, vulnerability management, incident response and security monitoring.

  • In-depth knowledge of application security tool sets used for static and dynamic testing such as Checkmarx, AppSpider

  • Extensive experience in the designing and implementing product and application security controls for both cloud and on-prem

  • BA/BS degree, or equivalent experience, security qualifications and accreditation appropriate to the region.

  • In-depth understanding of application security frameworks such as OWASP

  • Strong experience in cloud provider ecosystems, including Amazon AWS, Microsoft Azure, and OpenStack.

  • Experience with a broad range of security technologies, including nextgen firewalls, DLP, NAC, IDS/IPS, IdAM, certificate management, SIEM, endpoint protection, anti-malware, vulnerability management and cloud security;

  • Strong oral, written, and presentation abilities - able to convey risk to all levels of the business, from C-level executives to operations and development teams;

  • Strong business acumen with the ability to build business cases for technology initiatives and to effectively communicate the value proposition to non-technical stakeholders

  • Some proven ability in securing the CI/CD pipeline

  • Solid working experience of continuous integration practices & tools (Jenkins, Travis CI, etc…)

  • An established history of working in agile teams


  • An industry recognized professional with proven contribution to product security

  • Knowledge of scripting JSON, Python

  • Well-rounded background in network, host, database, and application security

  • Professional security accreditations (CISM, CCSA, CCSE, JNCIA, CCNA, CISSP, CCIE Security).

Competences and Behaviours

  • Customer orientated

  • Working within an international environment

  • Builds networks with customers, other team members and other relevant teams is essential

  • Keeps all relevant people appropriately informed

  • Very good communications, presentation and negotiations skills

  • Technically innovative

  • Able to express technical and non-technical concepts in clear verbal and written English

  • Very good written skills to document complex concepts in a comprehensive, yet readable manner

  • Encourages people to be open and share their views

  • Considers a range of options that meet the needs of all stakeholders

  • Ability to use own initiative to solve technical problems

  • Delivery Focused

  • Takes responsibility for targets

  • Drive efficacy into all solutions delivered, demonstration clear and measurable results through the development of KPIs

  • Ambitious and competitive

  • Drive innovation and best practice

  • Strive for standardisation and simplification in all aspects of work

  • Always cost conscious balancing the needs of the business against the provision of the best solutions possible


Pearson is an Equal Opportunity and Affirmative Action Employer and a member of E-Verify. All qualified applicants, including minorities, women, protected veterans, and individuals with disabilities are encouraged to apply.

Primary Location: US-CO-Centennial

Other Locations US-CA-San Francisco, US-TX-San Antonio

Work Locations: US-CO-Centennial-2154 East Commons 2154 East Commons Avenue Centennial 80122

Job: Technology

Organization: Technology & Operations

Employee Status: Regular Employee

Job Type: Standard

Shift: Day Job

Job Posting: Sep 14, 2017

Req ID: 1714973