Senior Information Security Manager

A home is the biggest investment most people make, and yet, it doesn't come with a manual. That's why we're building the only app homeowners need to effortlessly manage their homes ?" knowing what to do, when to do it, and who to hire. With Thumbtack, millions of people care for what matters most, and pros earn billions of dollars through our platform. And as one of the fastest-growing companies in a $500B industry ?" we must be doing something right.

We are driven by a common goal and the deep satisfaction that comes from knowing our work supports local economies, helps small businesses grow, and brings homeowners peace of mind. We're seeking people who continually put our purpose first: advocating for pros and customers, embracing change, and choosing teamwork every day.

At Thumbtack, we're creating a new era of home care. If making an impact and the chance to do good inspires you, join us. Imagine what we'll build together.

Thumbtack by the Numbers

• Available nationwide in all 3,143 U.S. counties
• 70 million projects started on Thumbtack
• More than 4 million customers in the last 12 months
• Pros earn billions on our platform
• More than 8 million 5-star reviews for our stellar pros
• 1000+ employees and $3.2 billion valuation (June, 2021)

About the Team

This role will be part of the Global Information Security team. This team consists of a security application engineer, security infrastructure engineer, technical program manager, cyber security analyst, and compliance analyst. This team is in charge of the overall security processes within the organization and ensures alignment with Thumbtack's business objectives. Members of this team are responsible for advocating and educating security best practices throughout the organization.

About the Role

As a Senior Information Security Manager, you are a guardian of data and cybersecurity: you think on your feet and can make quick and effective decisions for every information security situation that may arise within the organization. You are keen on details, have a good understanding of the Philippine Cybersecurity regulations, and can analytically assess processes, systems, data, and events relevant to Information Security. You are able to provide valuable recommendations to the management team and mitigate security risks; thereby contributing to providing our employees, pros, and customers the utmost information security that they deserve.

This role will be an individual contributor with the potential to evolve to a people manager position should there be a need to grow the team, or as may be required by the business in the future.

Key Duties & Responsibilities

As a Senior Information Security Manager, you will be the "Analyst-in-chief" in Thumbtack PH when it comes to assessing an information security situation and responding appropriately. You will own the implementation, execution, and monitoring of Information Security processes and procedures in compliance with Thumbtack's policies and government regulations. You will help in ensuring that the IS Framework, IS Strategic Plan, and IS Programs are aligned with both the Global IS and Thumbtack's business goals.

• Working closely with the Global IS Director, TPH & US IT, and SiteOps Managers
• Monitor regional network, system and tooling usage to ensure compliance with global security policies
• Partner with IT Systems & Network, IT Endpoint, and Platform Engineering to monitor, assess vulnerabilities, develop and implement plans to improve our security posture.
• Keep up to date with developments in IT security standards and threats
• Perform penetration tests to find any flaws and creating mitigation plans
• Simulate security breaches and creating disaster recovery plans
• Collaborate with management and the IT department to improve security
• Seek to build in security during the development stages of SaaS/software, systems, networks, and cloud platforms
• Document any security breaches, assess their damage, and liaise with the concerned government agency if necessary
• Educate colleagues about security software and best practices for information security
• Recommend, test, and evaluate security products as needed

Must-Have Qualifications

If you don't think you meet all of the criteria below but still are interested in the job, please apply. Nobody checks every box, and we're looking for someone excited to join the team.

• Bachelor's Degree in Information Technology, Computer Science, Computer Engineering, or related fields
• At least 8 years of relevant work experience in IT and Information Security and IT
• IS Certification in CompTIA Security+ is highly preferred
• Working knowledge of different security technologies and concepts such as but not limited to VA/PT, SIM/SIEM, DLP gateway, and endpoints, IPS/IDS, WAF, CASB, Cloud security, IAM, Cyber Incident Response, Digital Forensics
• Working knowledge on different IT domains ?" Network, Infrastructure, Systems Administration, Software Development, Database Administration, Change Management, Incident Management
• Strong knowledge and experience in building control frameworks and has the ability to design and evaluate the effectiveness of controls in compliance with the Philippine IS requirements
• Excellent oral and written communication skills

Nice-to-Have Qualifications

• IS Certifications such as CISM, CISA, CISSP, etc.
• Programming knowledge (Golang, Python, PHP, UNIX shell scripting, etc. )
• Understanding of IT and information security principles and best practices (e.g., ITIL, ISO 27001)
• PCI-DSS compliance experience and certification

Thumbtack is a virtual-first company, meaning you can live and work from any one of our approved locations across the United States, Canada or the Philippines*. When it is safe to gather, we will begin to host in-person events on a regular basis. Remote employees will be expected to travel occasionally for these events to a Thumbtack library or offsite team-building location. In cities with 5+ employees, we are establishing local communities, where employees can gather for local events. Additionally, employees in the San Francisco, Salt Lake City, Toronto and Manila areas will have opt-in access to communal workspace at one of our Thumbtack libraries. We always prioritize the health and safety of our employees. Currently, participation in these events and Thumbtack library use are optional. Both require employees to be fully vaccinated.

#LI-Remote

• Virtual-first working model coupled with quarterly in-person events and Camp Thumbtack
• 20+ company-wide holidays including two week-long shutdowns
• Libraries (collaborative workspaces) in San Francisco, Salt Lake City, Toronto, and Manila
• Stipends for remote work support, home office set-up and internet
• Subscriptions and Employee Assistance Program for mental health and well-being
• Cell Phone Reimbursement, Thumbtack services (North America only)

Thumbtack embraces diversity. We are proud to be an equal opportunity workplace and do not discriminate on the basis of sex, race, color, age, pregnancy, sexual orientation, gender identity or expression, religion, national origin, ancestry, citizenship, marital status, military or veteran status, genetic information, disability status, or any other characteristic protected by federal, provincial, state, or local law. We also will consider for employment qualified applicants with arrest and conviction records, consistent with applicable law. If you are a California resident, please review information regarding your rights under California privacy laws contained in Thumbtack's Privacy policy available at https://www.thumbtack.com/privacy/.

Thumbtack is committed to working with and providing reasonable accommodation to individuals with disabilities. If you would like to request a reasonable accommodation for a medical condition or disability during any part of the application process, please contact recruitingops@thumbtack.com.

*Currently, Thumbtackers can live anywhere in Ontario or British Columbia, Canada or the Philippines or in any of the following US states: AZ, CA, CO, CT, FL, GA, HI, ID, IL, IN, KS, KY, MD, MA, MI, MN, MO, NE, NV, NH, NJ, NM, NY, NC, OH, OK, OR, PA, SC, TN, TX, UT, VA, WA, WI, Washington DC. Our long term vision is to hire across all of the United States and Canada, but this expansion will take a few years.