Chief Information Security Officer
Barcelona
Swapcard
Manage your in-person and hybrid events in a single, user-friendly app that supports registration, lead generation, networking, and so much more.Powered by artificial intelligence, Swapcard is the only end-to-end community platform for virtual and hybrid events. Behind this vision, stands a passionate, curious, and down-to-earth team. We believe an environment of trust, autonomy, and support is integral to our success. As a result of putting people first, career evolution and rapid growth have become regular commodities.
With 42 nationalities amongst a team of more than 200 innovative minds, we enjoy an open-minded environment where opinions and ideas are encouraged and exchanged freely in order to create a product and company we can all be proud of. We’ve also learned that the more moments we share, the more comfortable, communicative, and confident we are when working together. That’s when the real magic occurs.
And the best part? Swapcard offers full remote opportunities, which means you’ll be able to bring your best self to the table no matter where in the world you are located! We fully support and empower an international environment, where all cultures, mindsets, and backgrounds are equally welcome and appreciated.
Our Values📚 Curiosity: Rapid growth and evolution are the results of our endless quest for new knowledge and understanding. We’re interested in our peers and their concerns. Anything novel or innovative excites us.👽 Open-mindedness: Feedback and ideas can be exchanged freely, without being taken personally. We welcome Swapcardians of all sorts and learn from each other’s personal and professional experiences.✊🏾 Humanity: Empathy encourages a kind and down-to-earth environment where we all feel comfortable and free to be human. We never have to wear a mask or hide who we are.🎯 Resilience: We have a desire to win and don’t take no for an answer. We prefer the term “experiment” over “failure”. We are solution-oriented and find innovative approaches to succeed.🏋🏽♀️ Ambition: Nothing is impossible. We're always striving to get better, seize opportunities, and reach the top. We are encouraged to dream big and believe in ourselves.
What you'll be doing:
Governance - Build a great security department *Define and implement the IS Security strategy *Define and maintain IS security policies and processes *Maintain SOC 2 Type 2 compliance (year-long audit period) *Implement ISO 27001 certification *Work with all business units to determine possible risks and risk management processes, deploy a risk analysis methodology (especially cyber). *Manage Security product vendors and contracts *Manage and organize internal/external audits, including our annual external penetration test *Raise security awareness across the company and for each team
Third-party security and internal projects - secure our ecosystem *Accompany internal teams to ensure that newly-acquired technology is secure and complies with internal security policies*Accompany internal teams on projects to ensure security is taken into account by design
Product Security *Help secure our product - via securing our CI/CD pipeline, maintaining our SAST/DAST tools, and securing our infrastructure *Help shape security features of our product *Review the security of new features *Respond to security questionnaires from clients *Help customers when there are security escalations
Operational Security *Manage our SOC (external provider) *Manage our public Bug Bounty program *Manage our vulnerability scanning and patching program, including threat intelligence *Manage security incidents and response (with help from Engineering team) *Manage security crisis (with help from all other teams)
Endpoint Protection *Manage the security configuration of Endpoint Protection tools deployed by IT team: MDM, EDR, Proxy *Identity and Access Management *Manage the security configuration of our IAM tool and downstream applications *Help onboard new applications in our IAM tool *Conduct access reviews
What you should have:
*A bachelor's degree in computer science, information technology, or a related field. *A minimum of five years' experience in risk management, information security, or programming. *Understanding of scripting and source code programming languages, such as Python, Golang, NodeJS. *Knowledge of information security management frameworks and certifications such as ISO 27001/2 and SOC 2 *Experience in managing your own budget *Negotiation skills for negotiating contracts and IT/Security support services to be rendered. *Excellent understanding of current security-related legislation and regulations relevant to our organization. *Excellent project management and leadership skills. *First-rate written and verbal communication skills. *Experience building secure and compliance focused vendor program. *Highly motivated, goal driven, can-do approach. *Innovative, entrepreneurial, team player, ability to multi-task.Reasons to join us* International team with 42 nationalities (more on the way!) 🌍* Remote-first policy with offices in Paris, USA, UAE, CA, UK, & IN 🇫🇷 🇺🇸 🇦🇪 🇨🇦 🇬🇧 🇮🇳 🇸🇬* Fast-growing startup with many opportunities for growth 🌱* Open-minded culture that appreciates differences 👽* Feedback driven, supportive & curious team with DIY mindset 🤔 🛠* Family leave and remote work to ensure you have time for what matters most ❤️ 🏡* Generous paid time off program to ensure your happiness 🎁* Team vacations to celebrate our achievements ✈️
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Artificial Intelligence Audits CI/CD CISO Compliance Computer Science DAST EDR Golang Governance IAM ISO 27001 Node.js Product security Python Risk analysis Risk management SAST Scripting Security strategy SOC SOC 2 Strategy Threat intelligence
Perks/benefits: Career development Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Manager Pentest H/F jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open IT Security Engineer jobs
- Open Senior Cyber Security Specialist jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open CI/CD-related jobs