Manager, Information Security

Localised was established in 2016 and in a short time has become a world leader in local-first ecommerce. With our own all-inclusive global ecommerce platform, we rapidly design, build, operate, optimize and market highly localised country-specific ecommerce sites in foreign markets for coveted brands.    Our team of experts hail from Borderfree, Shopify, Google, Apple, The Walt Disney Company, Alphabet, GAP, H&M, Walmart, Starbucks, Mastercard, Burberry and other leading technology and retail companies. Together, we have reimagined how brands and shoppers transact across borders, languages, currencies and cultures. We help iconic brands go global by being local.   We are what brands expanding globally do next.  We are hiring an Information Security Manager who will report to the Lead Architect.    The successful candidate will be responsible for the effective management of the information security function within the business on a day-to-day basis. You will partner with engineers, administrators, operation team and management team to perform the analysis, implementation, maintenance and testing of information security requirements and practices.  Cloud security experience with AWS and office suites such as GSuite is mandatory.

What you’ll be doing:

• Analyze SOC2 and PCI DSS reports and engage engineering and operation teams to implement security controls and process improvement initiatives.
• Take ownership and maintenance of technical security and SOC2 policies and procedures, and relationships with security vendors.
• Review security scan, penetration test, security monitoring, compliance reports on a regular basis.
• Perform security risk assessments and work with stakeholders to review IT security objectives and goals through interviews and other audit techniques.
• Participate in data governance and business continuity planning.
• Review change requests from security perspective and lead the team through security related incidents.
• Perform secure code review and deliver security code training to engineering teams.
• Implement security monitoring.
• Keep the company’s security technology and system current and stay aware of trending security threats.

What we are looking for:

• Bachelor’s degree in Computer Science, Information Systems or other related field, or equivalent work experience.
• An expert in cyber security, with hands on experience managing security standards and requirements in full software development lifecycle.
• Hands-on experience with AWS security management using tools such as AWS GuardDuty, Security Hub, Inspector and Detective.  Good understanding of AWS services such as S3, lambda, ECS and Cognito.  
• Hands-on experience with WAF, Access Management, SIEM, Anti-Malware, Vulnerability Scanning, Data Loss Prevention.
• Previous experience as an Information Security Manager and all aspects of the specified responsibilities.
• Solid understanding of data security and encryption standards.
• Experience in one or more scripting languages such as python.
• Knowledge of various framework and standards, most importantly with SOC2 and PCI DSS.
• Master’s degrees or certifications in information security and management, such as CISSP, CISM, CISA, AWS Certified Security, are an asset.
• Exposure to international data privacy law is advantageous.
• High attention to detail & excellent written and oral communications.
• Coding experience with React, Java, Python, Node.js or application development experience in AWS is a bonus, but not a replacement for security focus experience.

What we offer:

• Highly competitive base salary
• Equity
• Paid holidays
• Birthday day off
• Free food Friday
• Choice of equipment

What we value:   We seek the truth. We are empathetic. We listen intently. We do not pretend to know when we don’t. We ask questions. We are objective. We are open-minded.   We speak the truth. We are transparent. Opacity takes too much work. We have a point of view. We share our point of view. We say what we mean. We mean what we say.   We optimize for outcomes. We celebrate results. We do things that make a difference. We hold ourselves and each other accountable. We are driven. We know what we need to do. We got this.   We innovate together. We are collaborative. We accomplish more together. Our broad perspective is a superpower. We are clever and resourceful. We solve hard problems in clever ways. We are strength in numbers.   We are brave. We are bold and ambitious. We are adventurous. We choose paths not travelled. We choose the hardest problems. We are the ones in the arena. We are the ones who knock.     The full recruitment and onboarding process will take place remotely due to COVID-19, although we do expect to return to local offices when it is safe to do so.