Security Lead
Boston, MA, United States
Shopify
Try Shopify free and start a business or grow an existing one. Get more than ecommerce software with tools to manage every part of your business.Company Description
About Shopify
Opportunity is not evenly distributed. Shopify puts independence within reach for anyone with a dream to start a business. Since 2006, we’ve grown to over 10,000 employees and generated over $500 billion in sales for millions of merchants in 175 countries. Every 28 seconds, an entrepreneur on Shopify makes their first sale.
This is life-defining work that directly impacts people’s lives as much as it transforms your own. This is putting the power of the few in the hands of the many, is a future with more voices rather than fewer, and is creating more choices instead of an elite option.
About you
Moving at our pace brings a lot of change, complexity, and ambiguity—and a little bit of chaos. Shopifolk thrive on that and are comfortable being uncomfortable. That means Shopify is not the right place for everyone.
Before you apply, consider if you can:
- Care deeply about what you do and about making commerce better for everyone
- Excel by seeking professional and personal hypergrowth
- Keep up with an unrelenting pace (the week, not the quarter)
- Be resilient and resourceful in face of ambiguity and thrive on (rather than endure) change
- Bring critical thought and opinion — and embrace differences and disagreement to get shit done and move forward
- Work digital-first for your daily work
Job Description
The Security Lead designs, develops, and maintains product and organizational security policies, processes and artifacts. The Security Lead owns management of the portfolio of SaaS Tools used across the broader organization. The Security Lead guides and governs the implementation and maintenance of security and customer privacy across the organizations tools and product. This position works interdepartmentally within Logistics by Shopify to accomplish goals.
Job Responsibilities:
- Act as Product Security representative and subject matter expert to all groups within Logistics by Shopify.
- Work closely with leadership and work teams to implement security controls in product development and operational security activities.
- Participate in design and cyber security risk reviews to ensure appropriate security controls are implemented.
- Guide software development and architecture documentation related to product security (software requirements specifications, software architecture diagrams, risk mitigation traceability).
- Monitor and communicate security key performance and key risk indicators.
- Identify, implement and maintain the company information security and privacy policies in coordination with company senior leadership and legal counsel.
- Oversees, directs, delivers, or ensures delivery of security and/or privacy training and orientation to all employees, and applicable business associates.
- Lead incident response teams to contain, investigate and prevent future device/system security breaches.
- Manages a small team of specialists to execute and drive outcomes.
- Maintains current knowledge of applicable international, federal and state privacy laws and accreditation standards, and monitors advancements in information security technologies to ensure organizational adaptation and compliance Serves as the contact point for any security and privacy related inquiries for customers.
Qualifications
- Bachelor’s degree or higher in a technical discipline and at least 5 years’ experience in security and privacy related matters.
- CISSP certification, with software development one of the two core areas
- Strong experience with system and software development processes and compliance policies (ISMS)
- Knowledge of CCPA, GDPR and other government technology/security and privacy related laws, standards and regulations and their impact on product architecture, functionality and operational processes.
- Demonstrated abilities in problem-solving and analysis: identities issues, analyzes information to assess root cause and relationships, risks, and potential risk responses; proven ability to synthesize and summarize complex data into concise recommendations and reports.
- Demonstrated organization, facilitation, communication, and presentation skills. Knowledge of ISO27001 and SOC2 certifications, from implementation to maintenance
Additional Information
All your information will be kept confidential according to EEO guidelines.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: CCPA CISSP Compliance GDPR Incident response ISMS ISO 27001 Privacy Product security SaaS SOC 2
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Security Analyst jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open DevSecOps-related jobs