WeTransfer
Job title:
Senior Information Security Specialist
Company:
WeTransfer
Job description
Every day, millions of people from over 190 countries trust us to handle their precious creative ideas.Since making our name with quick & simple file-sharing, WeTransfer has evolved to help creators organize, share, and get feedback on their work – from inception right up to delivery. We showcase the best brands to more than 80 million users per month, and our editorial platform WePresent has championed unexpected stories of creativity from around the globe and features collaborations from world-famous artists, too.Sounds like fun, right? Allow us to sweeten the deal: as a certified B Corporation, we do all of this while using business as a force for good, balancing people, the planet, and profit along the way.In March 2020, , confirming its ambition to strengthen its values-driven approach to responsible technology and business. As a certified B Corporation™, WeTransfer supports issues such as climate change by maintaining a climate-neutral status and aiming to reduce its carbon footprint by 30% by 2025. The company is also focused on promoting diversity and inclusion and championing employee mental health.Senior Information Security SpecialistAt WeTransfer we are trusted everyday by millions of people with their professional, creative and personal content. We focus on making ‘beautifully obvious’ products, and our goal is to bring ‘beautifully secure’ to life as well. Security should not come at the expense of user experience, rather it is an integral part of keeping our users in their flow, creating comfort in the knowledge that their hard work is well protected.As a Senior Information Security Specialist at WeTransfer you will focus on information security governance risk and compliance and will contribute to our commitment to maintaining the highest standards of information security by continually enhancing our security posture. You will perform a key role in driving forward, expanding and implementing our security program, raising the awareness level across the organization and ensuring that we follow the security best-practices. You will be part of the team that is responsible for helping to build a persistent, positive, and most of all sustainable security culture. We believe in a security culture that is less about jumping down people’s throats than it is teaching them how to improve.What you’ll be doing :The Senior Information Security Specialist will play a pivotal role in both the strategic and operational aspects of our information security program. You will work on key projects and initiatives throughout the organization and you will collaborate closely with stakeholders across teams. You will have to coordinate with colleagues across the organization to drive an effective implementation of our security program, standards and guidelines by providing fit for purpose security recommendations. You are expected to lead the efforts around maintaining our security certification, managing our risk management program, advising on new investments, recognise areas of improvement and come up with implementation plans. We expect you to have a pragmatic and positive approach while solving complex problems and overcoming challenges.We aim to balance the stiffness of security standards with the creative way of working that WeTransfer has.Amongst other things, you will:Together with the Director of Security develop, implement, and maintain a comprehensive information security strategy aligned with business objectives and regulatory requirementsDrive our ISMS maintenance and improvement within the ISO27001 frameworkOwn our Governance, Risk and Compliance tooling and operationsSuccessfully drive the organization through (re)certification processes, including internal and external audit preparations and remediation effortsIdentify areas of future investments and guide the organization towards successful completion of the goalsWork closely with Legal, People & Places and IT-ServicesWork on cultivating a security mentality across the organizationEnsure that our third party relationships are meeting our security standardsDevelop and maintain comprehensive documentation, including security policies, procedures, and quarterly reportsWhat we are looking for :Solid and proven knowledge of ISO27001 and SOC2 standards and familiarity with PCI-DSSProven experience in working within a product organization in a cloud native environmentProven experience in operating GRC toolsHolding an ISO/IEC 27001 Lead Implementer/Auditor certificationHands-on experience in developing, implementing and maintaining Information Security policiesBeing able to define initiatives, with defined timelines and clear business purposes, as well as deliver within the agreed timeframeProven experience with InfoSec audits and a successful track of record in achieving and maintaining certificationsAbility to lead complex projects and establish collaborative relationships with different teamsDeep technical knowledge of security concepts covering network security, application security, cloud security, and threat managementExcellent problem-solving, analytical, and communication skills.It’s a plus if you hold a CISSP, CISM, CISA or comparable certification. Coding or scripting skills are also welcome.
Expected salary
Location
Amsterdam, Noord-Holland
Job date
Sat, 13 Jul 2024 04:08:38 GMT
To help us track our recruitment effort, please indicate in your email/cover letter where (vacanciesineu.com) you saw this job posting.