Senior Manager, Cybersecurity

A home is the biggest investment most people make, and yet, it doesn’t come with a manual. That's why we’re building the only app homeowners need to effortlessly manage their homes —  knowing what to do, when to do it, and who to hire. With Thumbtack, millions of people care for what matters most, and pros earn billions of dollars through our platform. And as one of the fastest-growing companies in a $500B industry — we must be doing something right. 

We are driven by a common goal and the deep satisfaction that comes from knowing our work supports local economies, helps small businesses grow, and brings homeowners peace of mind. We’re seeking people who continually put our purpose first: advocating for pros and customers, embracing change, and choosing teamwork every day.

At Thumbtack, we're creating a new era of home care. If making an impact and the chance to do good inspires you, join us. Imagine what we’ll build together. 

Thumbtack by the Numbers

• Available nationwide in all 3,143 U.S. counties
• 70 million projects started on Thumbtack
• More than 4 million customers in the last 12 months
• Pros earn billions on our platform
• More than 8 million 5-star reviews for our stellar pros 
• 1000+ employees and $3.2 billion valuation (June, 2021)

About the Information Security Team

Our Information Security team is an internal cybersecurity consultation and audit team for whose mission is to safeguard the confidentiality, integrity, and availability of information systems, identity, and data assets by providing proactive security expertise, creating and maintaining a resilient and secure infrastructure, and fostering a culture of security awareness and compliance throughout Thumbtack. We oversee the development and execution of all cybersecurity programs.

Challenges

Challenges are opportunities in disguise. Some opportunities that you can make a difference:

• People: continue growing the cybersecurity team in size and expertise. You will be challenged to develop existing members’ careers and learn from their expertise. 

• Product: Thumbtack has many product lines. We aim to weave cybersecurity application development best practices into the fabrics of Thumbtack products. 
• Process: continue formalizing many policies, processes, procedures, etc. This is also an opportunity for defining these best practices from the ground up. 

About the Role

As an Information Security Manager, you are a guardian of data and cybersecurity. You can make quick and effective decisions for every information security situation that may arise within the organization. You can provide valuable recommendations to the team and mitigate security risks, thereby providing our employees, pros, and customers the utmost information security they deserve.

Responsibilities

• Lead a team of information security specialists, analysts, engineers
• Monitor regional network, system, and tooling usage to ensure compliance with global security policies
• Partner with IT Systems & Network, IT Endpoint, and Platform Engineering to monitor, assess vulnerabilities and develop and implement plans to improve our security posture
• Perform penetration tests to find any flaws and create mitigation plans
• Simulate security breaches and create disaster recovery plans
• Seek to build in security during the development stages of SaaS/software, systems, networks, and cloud platforms and educate colleagues about security software and best practices for information security
• Document any security breaches, assess their damage and liaise with the concerned government agency if necessary

Must-Have Qualifications 

If you don't think you meet all of the criteria below but still are interested in the job, please apply. Nobody checks every box, and we're looking for someone excited to join the team.

• Bachelor’s Degree in Information Technology, Computer Science, Computer Engineering, or related fields
• At least eight years of relevant work experience in application and information security, especially in the cloud computing environment 
• At least five years of experience in team management
• Information security certification in CompTIA Security+ is highly preferred.
• Working knowledge of different security technologies and concepts such as but not limited to VA/PT, SIM/SIEM, DLP gateway, and endpoints, IPS/IDS, WAF, CASB, Cloud security, IAM, Cyber Incident Response, Digital Forensics
• Working knowledge of different IT domains – Network, Infrastructure, Systems Administration, Software Development, Database Administration, Change Management, Incident Management
• Strong knowledge and experience in building control frameworks and can design and evaluate the effectiveness of controls in compliance with the United States IS requirements

Nice-to-Have Qualifications

• Information Security Certifications such as CISM, CISA, CISSP, etc.
• Programming knowledge (Golang, Python, PHP, UNIX shell scripting, etc)
• Understanding of IT and information security principles and best practices (e.g., ITIL, ISO 27001)
• PCI-DSS compliance experience and certification

Thumbtack is a virtual-first company, meaning you can live and work from any one of our approved locations across the United States, Ontario or the Philippines. When it is safe to gather, we will begin to host in-person events on a regular basis. Remote employees will be expected to travel occasionally for these events to a Thumbtack library or offsite team-building location. In cities with 5+ employees, we are establishing local communities, where employees can gather for local events. Additionally, employees in the San Francisco, Salt Lake City, Toronto and Manila areas will have opt-in access to communal workspace at one of our Thumbtack libraries. We always prioritize the health and safety of our employees. Currently, participation in these events and Thumbtack library use are optional. Both require employees to be fully vaccinated.

#LI-Remote

• Virtual-first working model coupled with quarterly in-person events and Camp Thumbtack
• 20+ company-wide holidays including two week-long shutdowns
• Libraries (collaborative workspaces) in San Francisco, Salt Lake City, Toronto, and Manila
• Stipends for remote work support, home office set-up and internet
• Subscriptions and Employee Assistance Program for mental health and well-being
• Cell Phone Reimbursement, Thumbtack services (North America only)

Thumbtack embraces diversity. We are proud to be an equal opportunity workplace and do not discriminate on the basis of sex, race, color, age, pregnancy, sexual orientation, gender identity or expression, religion, national origin, ancestry, citizenship, marital status, military or veteran status, genetic information, disability status, or any other characteristic protected by federal, provincial, state, or local law. We also will consider for employment qualified applicants with arrest and conviction records, consistent with applicable law. If you are a California resident, please review information regarding your rights under California privacy laws contained in Thumbtack’s Privacy policy available at https://www.thumbtack.com/privacy/. 

Thumbtack is committed to working with and providing reasonable accommodation to individuals with disabilities. If you would like to request a reasonable accommodation for a medical condition or disability during any part of the application process, please contact recruitingops@thumbtack.com. 

*Currently, Thumbtackers can live anywhere in Ontario or British Columbia, Canada or the Philippines or in any of the following US states: AZ, CA, CO, CT, FL, GA, HI, ID, IL, IN, KS, KY, MD, MA, MI, MN, MO, NE, NV, NH, NJ, NM, NY, NC, OH, OK, OR, PA, SC, TN, TX, UT, VA, WA, WI, Washington DC. Our long term vision is to hire across all of the United States and Canada, but this expansion will take a few years.