Information Security Officer

Sourcebooks is seeking an Information Security Officer to own and manage key components of the company’s Information Security Management System (ISMS) and help strengthen our security and compliance program. This role plays an important part in protecting company systems, data, and operations by leading risk management activities, coordinating security audits, managing policy governance, and supporting business continuity planning.

The Information Security Officer will work closely with IT, Legal, and business stakeholders across the organization to ensure the company maintains strong security governance, regulatory compliance, and operational resilience.

This is an exempt, salaried position with a range of $110, 000 - $120,00/annually. Starting pay is based on a thoughtful evaluation of job-related factors including geographic location, market conditions, relevant experience, training, and education to ensure a fair and competitive offer.

This is a hybrid role based out of our Naperville, IL office with training 5 days/week in office for the first 90 days. Hybrid schedule will be discussed after 90 days.

What you’ll do

• Manage and help mature the company’s Information Security Management System (ISMS).
• Lead risk assessments, control gap assessments, and Business Impact Analyses (BIA).
• Maintain the organization’s risk register and track key risk indicators (KRIs) and security metrics.
• Coordinate remediation activities to address security risks and control gaps.
• Support internal and external security audits and regulatory compliance initiatives.

Business Continuity & Resilience

• Maintain and coordinate the company’s Business Continuity and Disaster Recovery program.
• Lead Business Impact Analyses with stakeholders to identify critical systems and operational dependencies.
• Support periodic testing of continuity and recovery plans.

Policy Governance

• Develop, maintain, and enforce information security policies, standards, and guidelines aligned with regulatory requirements and industry best practices.
• Partner with the Legal team to ensure policies address regulatory, privacy, and contractual obligations.
• Promote adoption of security policies across the organization and support compliance monitoring.

Third-Party Risk

• Assess security risks related to vendors and service providers that access company systems or data.
• Support security reviews for new vendors and coordinate remediation activities related to third-party security findings.

Fraud & Threat Monitoring

• Monitor external threat intelligence to identify potential fraud or malicious activity.
• Coordinate with Legal and external services to address domain spoofing, impersonation, and related threats.

Security Awareness & Program Support

• Support cybersecurity awareness initiatives including phishing simulations and employee training.
• Track security initiatives and communicate program progress, risks, and accomplishments to leadership.
• Develop security metrics and reporting to communicate the organization’s risk posture and program maturity.

What you bring:

• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field.
• 5+ years of experience in cybersecurity, technology risk, governance/risk/compliance (GRC), or technical compliance roles.
• Strong understanding of security governance, policy development, and risk management practices.
• Experience supporting security audits and regulatory compliance initiatives.
• Familiarity with security frameworks such as ISO 27001, ISO 27701, NIST Cybersecurity Framework, NIST SP800-53, NIST SP800-171, PCI-DSS, HITRUST, or CMMC.
• Experience evaluating and implementing security controls.
• Strong analytical, project management, and communication skills.
• Familiarity with Governance, Risk & Compliance (GRC) tools.

Nice to have

• Security certifications such as CISSP, CISM, CISA, or CRISC.
• Experience supporting Business Continuity Planning or Disaster Recovery programs.
• Experience working within an ISO-aligned Information Security Management System.

Why Sourcebooks?
As Newsweek’s #2 Most Loved Workplace in 2024 and a recognized leader in innovation by Fast Company (2024 Most Innovative Companies, 2023 Best Workplaces for Innovators), we use a mission-driven, data-centered approach to drive success for our authors and their books. We’re a thriving entrepreneurial company that creates books that transcend categories and defy odds, and we’ve been honored with hundreds of national bestsellers and awards. We are passionate book lovers dedicated to connecting books to readers in innovative ways. Story by story, book by book, we have changed more than 300 million lives. Join us as we change 300 million more!

Ready to Apply
Please submit your resume, salary requirements, and cover letter detailing your relevant experience and interest in this role. Applications without a cover letter will not be considered. Show us your passion and creativity — we’re looking for someone who’s as enthusiastic about this opportunity as we are!

Full-time employees are eligible for our comprehensive benefits program. Our range of benefits include, but are not limited to, Medical/Prescription drug insurance, Dental, Vision, Health Care, Dependent Care, Flexible Spending Account, Health Savings Account, 401(k), Short and Long-Term Disability Insurance, Life/AD&D Insurance, and generous paid time off.

Sourcebooks values the array of talents and perspectives that a diverse workforce brings. All qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status.