Head Of Security
Remote job description
We are on a mission to liberate businesses and people to do their best work.
We are an ambitious, international team with more than 30 nationalities represented today. We believe that people do their best work when they're given the freedom to thrive and grow. Thinking big, bringing a positive attitude, and taking full ownership are three characteristics that thread our team together.
Founded in 2016 Spendesk today serves thousands of businesses in Europe and the US, and we recently raised a further ?100m investment bringing our series C funding to over ?200m and in the process becoming one of Europe's latest Tech Unicorns. Our team of 350+ Spendeskers is spread across four offices in Paris, Berlin, London and San Francisco, alongside many teammates working remotely from various cities in Europe.
And we're growing fast. Come join us!
Spendesk is looking for a Head of Security to implement Spendesk's cybersecurity strategy. We are looking for an experienced leader with strong technical skills who will help develop the security technology.
As Head of, you will report to the Director of Engineering ad will help build and develop the team, and implementing the right level of security for Spendesk. Your role is to enable Spendesk engineering team to increase velocity while building a secure platform for our customers, partners and Spendesk.
You are expected to work in close collaboration with our clients, business leaders, legal, IT, developer, infra teams.
The role is 360, we expect our new Head Of Security to be able to own every topic related to security. Here is a non-exhaustive list.
Build long term Security Roadmap
- Implement clear, efficient, and non-obtrusive information security in both governance and operations.
- Manage Spendesk cyber risks management process and work to minimize possible business - impacts/breach scenarios.
- Deploy, Integrate, operate security tools and solutions, or coordinate cybersecurity services vendors in daily operations.
- Ensure robust vendor management and cyber due diligence processes applications.
- Be part of the interview process for new security hire.
- Define the interview process and hire the team you need.
Compliance and Regulation
- Achieve Spendesk's goal to get ISO27001 certified in 2022.
- Manage and help achieve regulatory compliance jointly with the legal team (Data Privacy, Payment).
- Work closely with business directors, dev, and ops teams to ensure projects are risk assessed and a suitable SDLC is implemented.
- Coach key operational stakeholders on security topics.
- Define a strategy to secure offices and IT resources like laptops.
- Identify, contain and resolve security incidents
- Define crisis management processes.
What we are looking for
- A bachelor degree of computer science or equivalent technical degree is required. A masters in an equivalent field is preferred.
- At least 5 years of professional experience in cybersecurity.
- Proven operational experience in a cybersecurity branch (organizational and/or technical).
- Robust technical knowledge (previous experience in defensive, SOC or offensive operations is a big plus).
- Specific knowledge and experience with one or several of the following frameworks: GDPR, Anti Money Laundering, PCI DSS, ISO 27001 is important.
- Knowledge of Cloud security challenges and specific AWS security mechanisms, best practices, and tools.
- CISSP certification would be ideal.
- ISO 27001 Lead Implementer/Auditor certification is a real plus.
- Pentest certifications are appreciated but not mandatory.
- Habits of staying up to date with the threat landscape by reading specific cybersecurity sources online, participating to cybersecurity events and/or ideally contributing to the online cybersecurity community.
- As we are an international team, please submit your application and CV in English.
- Exciting time to join Spendesk in terms of growth and opportunities
- Competitive compensation package with equity (everyone is an owner of the company!)
- Flexible and remote-friendly work environment
- The best equipment for your needs (Macbook Pro, secondary screen, ...)
- Internal social events (hackathon, company-wide parties, offsite, ...)
- Brand-new offices in the heart of Paris, Berlin & London
- A purple Spendesk card (for your work purchases)!
- And more!
What you can expect from the process:
- 1. A video call with one of our Talent Acquisition Partners to fully understand your career aspirations and answer any questions you have
- 2. A series of videos calls with members of the team to align on what they will expect from you, and assess your technical skills and job fit
- 3. A final video call with the Hiring Manager, Head-Of, or C-Level (CEO included) to review any remaining questions
Company name: Spendesk
Remote job title: Head Of Security
Job tags: saas / subscription, business services