Information Security Engineer

At Talkdesk, we are courageous innovators focused on redefining customer experience, making the impossible possible for companies globally. We champion an inclusive and diverse culture representative of the communities in which we live and serve. And, we give back to our community by volunteering our time, supporting non-profits and minimizing our global footprint. Each day, thousands of employees, customers and partners all over the world trust Talkdesk to deliver a better way to great experiences. 

We are recognized as a cloud contact center leader by many of the most influential research organizations, including Gartner and Forrester. With $498 million in total funding, a valuation of more than $10 Billion, and a ranking of #8 on the Forbes Cloud 100 list, now is the time to be part of the Talkdesk legacy to help accelerate our success in a new decade of transformational growth.

Talkdesk is currently seeking a Information Security Risk and Operations Analyst to join our Information Security team. The right candidate will be a key driver of information security strategy, prioritization efforts, and will help improve the Information Security Program at Talkdesk. The analyst will work to secure the environment using a defense in-depth approach while enabling Talkdesk to provide effective and secure services.

This individual will use a risk-based approach in evaluating the effectiveness of security capabilities against industry accepted standards and security frameworks. They are responsible for evaluating and enhancing the overall security posture and program at Talkdesk. The Analyst will work collaboratively with technology and application owners to drive adherence to secure and consistent management and configuration practices. They will also provide guidance and subject matter expertise to business and senior leadership stakeholders in maintaining a secure environment.

The Analyst will assist in reporting to senior management on the overall program health, key metrics, and milestones and liaising with other teams to ensure adherence to information security inquiries and requirements. They will lead third party risk management efforts to ensure that third parties meet our security requirements and drive the Talkdesk’s incident management program to ensure effective identification and remediation of incidents throughout the environment.

Who you're committed to being:

• Forward-thinking, phenomenal at multitasking and ready to handle the often unexpected demands facing a growing, global company
• Strong communicator who can get the point across quickly and optimally no matter the audience
• Open to being challenged and crafting solutions that drive business results while protecting the company
• Reliable, trusted partner and able to collaborate across teams and regions
• Self-starter who is not afraid to dive in and navigate thorny or novel problems

What you'll own:

• Perform third party security reviews as part of the risk management program and serve as a cyber risk subject matter expert for third parties
• Conduct periodic cyber security training to new staff as well and ensuring content stays relevant and up to date
• Assist in performing control testing on periodic basis and ensuring status of controls is maintained
• Audit systems and create security baselines for Talkdesk used systems
• Research the latest risk trends in IT / Cybersecurity and recommend enhancements to the risk management program
• Assist in policy / standard training and awareness campaigns throughout the year. In addition, primarily responsible for providing input into key technology and security policies and standards
• Help with Role Based Access Control (RBAC) IDP implementation and ensure that it is is kept updated
• Contribute to the maintenance and assessment of the Incident Response Plan
• Develop, implement and assess procedures related to incident handling
• Identify, analyze, mitigate and communicate cybersecurity incidents
• Measure cybersecurity incidents detection and response effectiveness
• Evaluate the resilience of the cybersecurity controls and mitigation actions taken after a cybersecurity or data breach incident
• Adopt and develop incident handling testing techniques
• Establish procedures for incident results analysis and incident handling reporting
• Document incident results analysis and incident handling actions
• Create new Playbooks and Runbooks, according to Talkdesk Incident Response Plan
• Manage Talkdesk technological Security Stack (EDR, DLP, SIEM)
• Respond to tickets associated with security issues and risks

Experience you'll need:

• Bachelor’s Degree in Computer Science, Information Security and Risk Management, Information Systems, Engineering, Business or related major or commensurate experience
• 3-5+ years of security risk management and controls experience
• Experience in testing the design and effectiveness of controls and providing recommendations to the business for remediation
• Working knowledge of security frameworks and regulations (e.g, NIST, PCI, SOC2, GLBA)
• Familiarity with cloud technology, vendor risk management platforms (e.g., Onetrust), and SOC technologies (EDR, DLP, SIEM)
• Strong interpersonal and communication skills
• Problem solving skills and ability to work in a dynamic environment

The Talkdesk story hinges on empathy and acceptance. It is the shared goal among all Talkdeskers to empower a new kind of customer hero through our innovative software solution, and we firmly believe that the best path to success for our mission is inclusivity, diversity, and genuine acceptance. To that end, we will hire, promote, work along, cheer for, bond with, and warmly welcome into the Talkdesk family all persons without regard to ethnic and racial identity, indigenous heritage, national origin, religion, gender, gender identity, gender expression, sexual orientation, age, disability, marital status, veteran status, genetic information, or any other legally protected status.