Zx-944 - Chief Information Security Officer

Detalles de la oferta

At Swapcard, we build communities by empowering meaningful connections and know it all begins with a strong community of our own. We believe that diverse collaboration brings us closer to embracing change and propels us to form the ideas of tomorrow in an ever-evolving world. Powered by artificial intelligence, Swapcard is the only end-to-end community platform for virtual and hybrid events. Behind this vision stands a passionate, curious, and down-to-earth team. We believe an environment of trust, autonomy, and support is integral to our success. As a result of putting people first, career evolution and rapid growth have become regular commodities. With 42 nationalities amongst a team of more than 200 innovative minds, we enjoy an open-minded environment where opinions and ideas are encouraged and exchanged freely in order to create a product and company we can all be proud of. We've also learned that the more moments we share, the more comfortable, communicative, and confident we are when working together. That's when the real magic occurs. And the best part? Swapcard offers full remote opportunities, which means you'll be able to bring your best self to the table no matter where in the world you are located! We fully support and empower an international environment, where all cultures, mindsets, and backgrounds are equally welcome and appreciated.

Our Values Curiosity: Rapid growth and evolution are the results of our endless quest for new knowledge and understanding. We're interested in our peers and their concerns. Anything novel or innovative excites us.Open-mindedness: Feedback and ideas can be exchanged freely, without being taken personally. We welcome Swapcardians of all sorts and learn from each other's personal and professional experiences.Humanity: Empathy encourages a kind and down-to-earth environment where we all feel comfortable and free to be human. We never have to wear a mask or hide who we are.Resilience: We have a desire to win and don't take no for an answer. We prefer the term "experiment" over "failure". We are solution-oriented and find innovative approaches to succeed.Ambition: Nothing is impossible. We're always striving to get better, seize opportunities, and reach the top. We are encouraged to dream big and believe in ourselves. What you'll be doing:
Governance - Build a great security departmentDefine and implement the IS Security strategyDefine and maintain IS security policies and processesMaintain SOC 2 Type 2 compliance (year-long audit period)Implement ISO 27001 certificationWork with all business units to determine possible risks and risk management processes, deploy a risk analysis methodology (especially cyber)Manage Security product vendors and contractsManage and organize internal/external audits, including our annual external penetration testRaise security awareness across the company and for each teamThird-party security and internal projects - secure our ecosystemAccompany internal teams to ensure that newly-acquired technology is secure and complies with internal security policiesAccompany internal teams on projects to ensure security is taken into account by designProduct SecurityHelp secure our product - via securing our CI/CD pipeline, maintaining our SAST/DAST tools, and securing our infrastructureHelp shape security features of our productReview the security of new featuresRespond to security questionnaires from clientsHelp customers when there are security escalationsOperational SecurityManage our SOC (external provider)Manage our public Bug Bounty programManage our vulnerability scanning and patching program, including threat intelligenceManage security incidents and response (with help from Engineering team)Manage security crisis (with help from all other teams)Endpoint ProtectionManage the security configuration of Endpoint Protection tools deployed by IT team: MDM, EDR, ProxyIdentity and Access ManagementConduct access reviews What you should have:
A bachelor's degree in computer science, information technology, or a related field.A minimum of five years' experience in risk management, information security, or programming.Understanding of scripting and source code programming languages, such as Python, Golang, NodeJS.Knowledge of information security management frameworks and certifications such as ISO 27001/2 and SOC 2.Experience in managing your own budget.Negotiation skills for negotiating contracts and IT/Security support services to be rendered.Excellent understanding of current security-related legislation and regulations relevant to our organization.Excellent project management and leadership skills.First-rate written and verbal communication skills.Experience building secure and compliance focused vendor program.Highly motivated, goal driven, and committed.
#J-18808-Ljbffr


Salario Nominal: A convenir

Fuente: Jobleads

Requisitos

Speculative Application

Univrse is a Barcelona-based VR studio developing Univrse Framework, a solution that revolutionizes location-based VR experiences (www.univr.se ). Our multid...


Univrse - Barcelona

Publicado 6 days ago

Programador/A Fullstack Php

¿Estas buscando una nueva oportunidad como Fullstack Developer? ¿Quieres trabajar para una empresa puntera en el sector tecnológico y del deporte? Pue esta e...


Talent Match - Barcelona

Publicado 21 days ago

Freelance Headhunter & Candidate Sourcing Specialist (High-Volume)

Bringing a personalized approach to connecting exceptional talent with unique opportunities. Specializing in recruitment for diverse roles, leveraging extens...


Salve.Inno Consulting - Barcelona

Publicado 6 days ago

Devops Engineer

Are you ready for the next step? We are looking for someone with a developer's mindset who can strengthen our team with expertise in modern application opera...


Sd Worx - Barcelona

Publicado 6 days ago

Built at: 2024-11-22T07:58:48.986Z