See all jobs
Feb 3rd, 2022
Senior Information Security Risk Manager
Full Time
Spreedly is the world’s first, and leading, Payments Orchestration solution. Our vision is that the world is better with a diversified, inclusive payment ecosystem. Our mission is to accelerate commerce with an open, secure, and flexible payment platform that welcomes all payment participants. Backed by Spectrum Equity, with a $75M investment, Spreedly is experiencing rapid growth.
Connecting to multiple payment services, known as payment orchestration, is the new standard. With Spreedly’s PCI-compliant cloud solution, merchants can connect to multiple payment services simultaneously, optimize their payment stack, control card data, and accept alternative payment types.
Our employees help us execute against our vision through building a culture focused on autonomy, transparency, and collaboration in a dynamic, high-growth organization.
The Senior Information Security Risk Manager is a key member of the Information Security team and works closely with cross-functional engineering and business-led teams to ensure that the Spreedly environment is effectively maintaining and protecting applications, infrastructure, and business functions in accordance with information security governance process, policies, standards, and compliance requirements so that the risk is managed appropriately. The candidate will work autonomously in developing and implementing several areas of the Information Security programs including but not limited to:
•Information security vendor due diligence
•Customer inquiries regarding the information security program and controls
•Risk assessment and management
•Cyber security awareness, training, and education
•Maintenance and enhancement of information security controls
•Business continuity planning
•Security compliance
•Crisis and incident response
Responsibilities Include
- Act as the lead for the key components of the information security program which will include several domains including vendor due diligence, supporting customer inquiries, risk management, awareness activities, control assessment, business continuity plan management, and security compliance needs
- Drive various new and emergent information security initiatives as we grow and mature as an organization
- Act as an information security liaison for the team supporting internal and external facing needs
What You Bring
- 5 years minimum of information security experience focused on governance, risk and compliance, and/or IT audit
- Prior experience in the financial services industry
- Extensive experience with information security frameworks, control frameworks, and regulations (NIST CSF, ISO-27001, NIST 800-53, GDPR, CCPA, CCM, etc.)
- CISSP, CRISC, or CISA certification preferred
- ITIL foundation certification preferred; experience with managing crisis, IT, and cyber security incidents
- The ability to operate autonomously, sorting your own immediate priorities out of the ever-shifting needs of a startup environment
- Flexibility, approachability, and creativity in conducting and completing work in a collaborative environment
- Detail and process-oriented mindset
- Willingness to be a generalist and dig into new things you've never done before
- Excellent written communications and an inclination to use them to document your work as necessary
- Readiness to work cross-functionally across a variety of internal teams
- A holistic approach to problem-solving with scalability in mind
Spreedly is an equal opportunity employer. We are committed to fostering, cultivating and preserving a culture of diversity, equity and inclusion. We actively work to drive out even unintentional discrimination in our hiring processes via practices like blindly graded work samples, structured interviews, and diversity awareness training.
Due to the sensitive nature of what Spreedly does- handling payment data- candidates must complete a successful background check. If you have concerns along those lines, please discuss with us sooner rather than later- we do not want you to waste time in the hiring process and get disqualified at the end if we can help it.
Spreedly has implemented a mandatory COVID-19 vaccination policy for all in office and in-person company meetings, including mandatory quarterly all hands event.
Some of our positions are open to remote applicants. If this is the case it will be sited in the job posting just below the position name. Unless otherwise stated, remote positions are open to candidates in the contiguous US only. We are not set up to support remote employees from CA, NY, or outside the contiguous US. All applicants must have a US work visa.
We appreciate your interest in our company. Because of the high volume of resume flow, we may only respond to those candidates that we think will be a potential fit.