Golang Job: Chief Information Security Officer

Job added on

Company

Swapcard

Location

Barcelona - Spain

Job type

Full-Time

Golang Job Details

At Swapcard, we build communities by empowering meaningful connections and know it all begins with a strong community of our own. We believe that diverse collaboration brings us closer to embracing change and propels us to form the ideas of tomorrow in an ever-evolving world.

Powered by artificial intelligence, Swapcard is the only end-to-end community platform for virtual and hybrid events. Behind this vision, stands a passionate, curious, and down-to-earth team. We believe an environment of trust, autonomy, and support is integral to our success. As a result of putting people first, career evolution and rapid growth have become regular commodities.

With 42 nationalities amongst a team of more than 200 innovative minds, we enjoy an open-minded environment where opinions and ideas are encouraged and exchanged freely in order to create a product and company we can all be proud of. We’ve also learned that the more moments we share, the more comfortable, communicative, and confident we are when working together. That’s when the real magic occurs.

And the best part? Swapcard offers full remote opportunities, which means you’ll be able to bring your best self to the table no matter where in the world you are located! We fully support and empower an international environment, where all cultures, mindsets, and backgrounds are equally welcome and appreciated.

Our Values
Curiosity: Rapid growth and evolution are the results of our endless quest for new knowledge and understanding. We’re interested in our peers and their concerns. Anything novel or innovative excites us.
Open-mindedness: Feedback and ideas can be exchanged freely, without being taken personally. We welcome Swapcardians of all sorts and learn from each other’s personal and professional experiences.
✊ Humanity: Empathy encourages a kind and down-to-earth environment where we all feel comfortable and free to be human. We never have to wear a mask or hide who we are.
Resilience: We have a desire to win and don’t take no for an answer. We prefer the term “experiment” over “failure”. We are solution-oriented and find innovative approaches to succeed.
  • ️ Ambition: Nothing is impossible. We're always striving to get better, seize opportunities, and reach the top. We are encouraged to dream big and believe in ourselves.

What you'll be doing:

Governance - Build a great security department
  • Define and implement the IS Security strategy
  • Define and maintain IS security policies and processes
  • Maintain SOC 2 Type 2 compliance (year-long audit period)
  • Implement ISO 27001 certification
  • Work with all business units to determine possible risks and risk management processes, deploy a risk analysis methodology (especially cyber).
  • Manage Security product vendors and contracts
  • Manage and organize internal/external audits, including our annual external penetration test
  • Raise security awareness across the company and for each team

Third-party security and internal projects - secure our ecosystem
  • Accompany internal teams to ensure that newly-acquired technology is secure and complies with internal security policies
  • Accompany internal teams on projects to ensure security is taken into account by design

Product Security
  • Help secure our product - via securing our CI/CD pipeline, maintaining our SAST/DAST tools, and securing our infrastructure
  • Help shape security features of our product
  • Review the security of new features
  • Respond to security questionnaires from clients
  • Help customers when there are security escalations

Operational Security
  • Manage our SOC (external provider)
  • Manage our public Bug Bounty program
  • Manage our vulnerability scanning and patching program, including threat intelligence
  • Manage security incidents and response (with help from Engineering team)
  • Manage security crisis (with help from all other teams)

Endpoint Protection
  • Manage the security configuration of Endpoint Protection tools deployed by IT team: MDM, EDR, Proxy
  • Identity and Access Management
  • Manage the security configuration of our IAM tool and downstream applications
  • Help onboard new applications in our IAM tool
  • Conduct access reviews

What you should have:

  • A bachelor's degree in computer science, information technology, or a related field.
  • A minimum of five years' experience in risk management, information security, or programming.
  • Understanding of scripting and source code programming languages, such as Python, Golang, NodeJS.
  • Knowledge of information security management frameworks and certifications such as ISO 27001/2 and SOC 2
  • Experience in managing your own budget
  • Negotiation skills for negotiating contracts and IT/Security support services to be rendered.
  • Excellent understanding of current security-related legislation and regulations relevant to our organization.
  • Excellent project management and leadership skills.
  • First-rate written and verbal communication skills.
  • Experience building secure and compliance focused vendor program.
  • Highly motivated, goal driven, can-do approach.
  • Innovative, entrepreneurial, team player, ability to multi-task.
Reasons to join us
  • International team with 42 nationalities (more on the way!)
  • Remote-first policy with offices in Paris, USA, UAE, CA, UK, & IN
  • Fast-growing startup with many opportunities for growth
  • Open-minded culture that appreciates differences
  • Feedback driven, supportive & curious team with DIY mindset
  • Family leave and remote work to ensure you have time for what matters most ❤️
  • Generous paid time off program to ensure your happiness
  • Team vacations to celebrate our achievements ✈️