Technical Program Manager - CYBERSECURITY
- Full-time
- Department: Infosec
Company Description
Tradeshift is a unicorn in the fintech industry. We are disrupting a typically stagnant environment by connecting companies of all sizes and providing them with the platform and network needed to create value from old processes like procurement, invoicing, payments, and workflow. We recognize that business is both messy and social - two revelations that have driven the development of Tradeshift, a platform for all your business interactions. We work hard and our teams have great freedom and responsibility to choose the best solutions, technologies and approaches to evolve the product to the next level.
We believe that being a global, multicultural company is a tremendous strength and we have people working from 18 different countries with hubs in Bucharest, Copenhagen, Kuala Lumpur, and San Francisco. We believe that if we truly focus on how to work distributed and collaborate across locations and (home) offices, we will not only enjoy work more but also build better products for our customers, and ultimately be a better company.
Job Description
Tradeshift is looking for a Cybersecurity Program Manager within our security compliance team to work on a variety of challenges related to scaling security and compliance programs in a rapidly growing organization. Our security compliance group is very dynamic and has their feet in both the compliance world as well as the technical side of things. We’re collaborating on the build and implementation of technical controls and mitigations as well as coordinating across engineering teams to help them understand how compliance intersects with their own work.
You will become a member of a very international, skilled, cross-functional, and self-driven team that spans the planet. At Tradeshift, we are changing the way companies operate by building the largest business network in the world with over 500 billion USD transacted so far and we’re just getting started. We have a deep drive to take data protection and information security as seriously as that goal suggests and are seeking out fellow security practitioners who share that passion to join us.
What you’ll be doing:
- Taking a risk-based approach to security compliance
- Defining and executing projects to assess and lower cybersecurity risk
- Continually improving internal security and data protection compliance program
- Working across teams on both technical and process based security initiatives
- Building controls, training and policies where needed with automation and code-as-policy always being the preferred solution
- Work with existing and new customers to answer security related questions
- Assist with security incident detection and response
What you’ll be doing in the first 6 months:
- Leading existing and building new security initiatives
- Participating in audit readiness and annual audits
- Working across teams on security and compliance initiatives
- Evaluating control compliance by partnering with engineering teams and hands-on assessing systems
- Defining and acting on control requirements and implementation schedules
- Tracking and following up on controls evidence for SOC1, SOC 2 and ISO 27001
- Documenting and centralizing controls, policies and training details
- Reviewing and commenting on operational business for continued risk reduction
Qualifications
Education, certification and work experience we’re looking for
- Familiarity with security standards - PCI / SOC 1 & 2 / ISO 27001 / NIST CSF
- Experience with cloud native environments - AWS a plus
- Theoretical and practical knowledge around securing systems
- Experience in a technical security/compliance role
- Solid grasp of Linux fundamentals
- Experience both auditing and engineering is a big plus
Additional Information
All your information will be kept confidential according to EEO guidelines.