Cybersecurity Program Manager
- Full-time
- Department: Product & Engineering
Company Description
Have you ever worked for a company that wanted you to bring your whole self to work every single day?
We are disrupting a typically stagnant environment by connecting companies of all sizes and providing them with the platform and network needed to create value from old processes like procurement, invoicing, payments, and workflow. We recognize that business is both messy and social - two revelations that have driven the development of Tradeshift, a platform for all your business interactions.
Tradeshift Culture. Our culture began day one when three Danes poured their brains, heart, and guts into creating a platform that could connect every business in the world. We expect each colleague to approach their work with the same amount of pride and passion. TradeShifters come from various backgrounds and nations, and we all thrive off challenging the status quo. We take pride in nurturing employee happiness, encouraging personal development, and welcoming teammates from all walks of life.
Job Description
Tradeshift is looking for a Cybersecurity Program Manager within our security compliance team to work on a variety of challenges related to scaling security and compliance programs in a rapidly growing organization. Our security compliance group is very dynamic and has their feet in both the compliance world as well as the technical side of things where we’re collaborating on the build and implementation of technical controls and mitigations as well as coordinating across engineering teams to help them understand how compliance intersects with their own work.
You will become a member of a very international, skilled, cross-functional, and self-driven team that spans the planet. At Tradeshift, we are changing the way companies operate by building the largest business network in the world with over 500 billion USD transacted so far and we’re just getting started. We have a deep drive to take data protection and information security as seriously as that goal suggests and are seeking out fellow security practitioners who share that passion to join us.
What you’ll be doing in the first 6 months:
Leading existing and building new security initiatives
Participating in audit readiness and annual audits
Working across teams on security and compliance initiatives
Evaluating control compliance by partnering with engineering teams and hands-on assessing systems
Defining and acting on control requirements and implementation schedules
Tracking and following up on controls evidence for SOC1, SOC 2 and ISO 27001
Documenting and centralizing controls, policies and training details
Reviewing and commenting on operational business for continued risk reduction
What you’ll be doing in the role:
Lead existing and new compliance initiatives including GDPR data protection
Building a robust internal security and data protection compliance program
Working across teams on both technical and process based security initiatives
Build controls, training and policies where needed with automation and code-as-policy always being the preferred solution
Taking a risk-based and security approach to compliance
Communicate with security researchers on our bug bounty program
Work with existing and new customers to answer any security related questions
Assist with security incident detection and response
Qualifications
Education, certification and work experience we’re looking for:
Experience in a technical security/compliance role
Solid grasp of Linux and cloud technical fundamentals
3 years technical experience with Linux and cloud systems
Experience both auditing and engineering is a big plus
CISSP certification is preferred
Theoretical and practical knowledge around securing systems
Understanding of security standards, i.e. SOC 1 / SOC 2, ISO 27001
Additional Information
You might like working here if:
↠ You love autonomy and the freedom to get your work done the way you want to
↠ You like sharing your thoughts & opinions and have the feeling that they do matter (a healthy internal culture)
You'll enjoy:
↠ An ambitious international startup, with a fresh, positive culture
↠ Competitive compensation package
↠ Career and professional development opportunities
↠ Flexible working hours
↠ Cool company laptop
↠ Medical Subscription, meal tickets for each working day, Bookster access
When we used to go to the office, we also had:
↠ Free drinks & snacks daily, fresh fruits
↠ Safe outdoor bike parking spot
↠ Relaxing spots
↠ Cool team-bonding events such as Team Camps, Hackathons, Game & Field Days,
↠ Welcome Breakfast, Happy Hours, Birthdays Celebrations and more
↠ Friendly and chill working atmosphere overall ♣