Spiraledge

Overview of job

At Spiraledge, we take the responsibility of managing our customer and enterprise data seriously. This position will work closely with Product Owners, third party service providers, the Chief Technology Officer (CTO) and Legal to drive our security strategy. This role will encompass technology, policy and security operations across the enterprise.

The IT & Security Manager must possess deep technical knowledge, strong awareness of cyber security trends, experience with PCI compliance and the ability to work in a highly matrixed work environment with strong communication and influencing skills.

• Manage the Technical Security Product Portfolio for delivery of the Security Strategy and core security services
• Assume a lead role in developing, implementing, and monitoring security strategies to achieve the organization’s long-term goals and objectives
• Develop, track, assess and communicate key performance measures across IT & Security
• Oversee general day-to-day operations of the security services and IT operations
• Work closely with security and IT vendors to ensure optimal deployment and configurations, ongoing maintenance and contract management
• Work closely with Legal and the CIO to drive awareness of security related trends and key policies (GDPR and PCI) to key stakeholders.
• Strong working knowledge and direct experience with the following technologies, practices and standards:
• Web Application Firewalls
• Content Delivery Networks
• Bot Mitigation technologies
• Incident Detection Services
• File Integrity Monitoring
• Penetration Testing
• Antivirus Technologies
• Phishing and malware protection services
• Endpoint Protection
• Prepare, maintain and communicate security procedures and documentation including incident response procedures
• Maintain a positive work atmosphere that strengthens the team
• Perform detailed system and application analysis and develop recommendations for improvement
• Perform other duties and projects as assigned
• Conform with and abide by all regulations, policies, work procedures and instructions

We're always looking for superstars to join our team in any of our three offices and we have 12 core values that make us who we are today and define where we are going tomorrow: 
• Build a family spirit 
• Focus on users and all else will follow 
• Recognize and reward results 
• Move fast 
• Keep things simple 
• Be honest and direct 
• Stay lean 
• Leverage technology 
• Embrace change 
• Don't take success for granted 
• Aspire to improve and change the world 
• Live Healthy

• College or university grad with a Bachelor's degree in Informational Technology, Computer Science, or a related field
• Security professional with 5+ years experience working in a security role with C-Level executives, product managers and developers
• Self-starter with ability to work independently and as part of a multinational and multi time zone team
• Possess strong written and verbal skills and can effectively communicate technical and complex concepts
• Experience in completing PCI AOCs or working with third party vendors to complete PCI ROCs.
• Strong knowledge of and experience in ecommerce and online retail, including ShopifyPlus
• Excellent written and verbal communication skills
• Experience with common web-based application technologies and Google Cloud Platform (GCP) security layers & tools including:
• Managing Virtual Private Clouds (VPCs)
• Encryption (data in transit and at rest)
• Cloud Armor
• BeyondCorp / IAP
• Cloud Data Loss Prevention
• Identify and Access Management
• Java, Tomcat, Spring Security, OAUTH MySQL, ASP Classic, .NET, Microsoft SQL Server

Bonus points

• Certification: CISSP, SSCP, CCSP or CISSP-ISSMP