At Swapcard, we build communities by empowering meaningful connections and know it all begins with a strong community of our own. We believe that diverse collaboration brings us closer to embracing change and propels us to form the ideas of tomorrow in an ever-evolving world. Powered by artificial intelligence, Swapcard is the only end-to-end community platform for virtual and hybrid events. Behind this vision stands a passionate, curious, and down-to-earth team. We believe an environment of trust, autonomy, and support is integral to our success. As a result of putting people first, career evolution and rapid growth have become regular commodities. With 42 nationalities amongst a team of more than 200 innovative minds, we enjoy an open-minded environment where opinions and ideas are encouraged and exchanged freely in order to create a product and company we can all be proud of. We've also learned that the more moments we share, the more comfortable, communicative, and confident we are when working together. That's when the real magic occurs. And the best part? Swapcard offers full remote opportunities, which means you'll be able to bring your best self to the table no matter where in the world you are located! We fully support and empower an international environment, where all cultures, mindsets, and backgrounds are equally welcome and appreciated.
Our Values
Curiosity : Rapid growth and evolution are the results of our endless quest for new knowledge and understanding. We're interested in our peers and their concerns. Anything novel or innovative excites us.
Open-mindedness : Feedback and ideas can be exchanged freely, without being taken personally. We welcome Swapcardians of all sorts and learn from each other's personal and professional experiences.
Humanity : Empathy encourages a kind and down-to-earth environment where we all feel comfortable and free to be human. We never have to wear a mask or hide who we are.
Resilience : We have a desire to win and don't take no for an answer. We prefer the term "experiment" over "failure". We are solution-oriented and find innovative approaches to succeed.
Ambition : Nothing is impossible. We're always striving to get better, seize opportunities, and reach the top. We are encouraged to dream big and believe in ourselves.
What you'll be doing :
Governance - Build a great security department Define and implement the IS Security strategy
Define and maintain IS security policies and processes
Maintain SOC 2 Type 2 compliance (year-long audit period)
Implement ISO 27001 certification
Work with all business units to determine possible risks and risk management processes, deploy a risk analysis methodology (especially cyber)
Manage Security product vendors and contracts
Manage and organize internal/external audits, including our annual external penetration test
Raise security awareness across the company and for each team
Third-party security and internal projects - secure our ecosystem Accompany internal teams to ensure that newly-acquired technology is secure and complies with internal security policies
Accompany internal teams on projects to ensure security is taken into account by design
Product Security Help secure our product - via securing our CI/CD pipeline, maintaining our SAST/DAST tools, and securing our infrastructure
Help shape security features of our product
Review the security of new features
Respond to security questionnaires from clients
Help customers when there are security escalations
Operational Security Manage our SOC (external provider)
Manage our public Bug Bounty program
Manage our vulnerability scanning and patching program, including threat intelligence
Manage security incidents and response (with help from Engineering team)
Manage security crisis (with help from all other teams)
Endpoint Protection Manage the security configuration of Endpoint Protection tools deployed by IT team: MDM, EDR, Proxy
Identity and Access Management
Conduct access reviews
What you should have :
A bachelor's degree in computer science, information technology, or a related field.
A minimum of five years' experience in risk management, information security, or programming.
Understanding of scripting and source code programming languages, such as Python, Golang, NodeJS.
Knowledge of information security management frameworks and certifications such as ISO 27001/2 and SOC 2.
Experience in managing your own budget.
Negotiation skills for negotiating contracts and IT/Security support services to be rendered.
Excellent understanding of current security-related legislation and regulations relevant to our organization.
Excellent project management and leadership skills.
First-rate written and verbal communication skills.
Experience building secure and compliance focused vendor program.
Highly motivated, goal driven, and committed.
#J-18808-Ljbffr