Security Lead

Boston, MA, United States

Applications have closed

Shopify

Try Shopify free and start a business or grow an existing one. Get more than ecommerce software with tools to manage every part of your business.

View company page

Company Description

About Shopify

Opportunity is not evenly distributed. Shopify puts independence within reach for anyone with a dream to start a business. Since 2006, we’ve grown to over 10,000 employees and generated over $500 billion in sales for millions of merchants in 175 countries. Every 28 seconds, an entrepreneur on Shopify makes their first sale.

This is life-defining work that directly impacts people’s lives as much as it transforms your own. This is putting the power of the few in the hands of the many, is a future with more voices rather than fewer, and is creating more choices instead of an elite option.

About you

Moving at our pace brings a lot of change, complexity, and ambiguity—and a little bit of chaos. Shopifolk thrive on that and are comfortable being uncomfortable. That means Shopify is not the right place for everyone.

Before you apply, consider if you can:

  • Care deeply about what you do and about making commerce better for everyone
  • Excel by seeking professional and personal hypergrowth
  • Keep up with an unrelenting pace (the week, not the quarter)
  • Be resilient and resourceful in face of ambiguity and thrive on (rather than endure) change
  • Bring critical thought and opinion — and embrace differences and disagreement to get shit done and move forward
  • Work digital-first for your daily work

Job Description

The Security Lead  designs, develops, and maintains product and organizational security policies, processes and artifacts. The Security Lead owns management of the portfolio of SaaS Tools used across the broader organization.  The Security Lead guides and governs the implementation and maintenance of security and customer privacy across the organizations tools and product. This position works interdepartmentally within Logistics by Shopify to accomplish goals.

Job Responsibilities:

  • Act as Product Security representative and subject matter expert to all groups within Logistics by Shopify.
  • Work closely with leadership and work teams to implement security controls in product development and operational security activities.
  • Participate in design and cyber security risk reviews to ensure appropriate security controls are implemented.
  • Guide software development and architecture documentation related to product security (software requirements specifications, software architecture diagrams, risk mitigation traceability).
  • Monitor and communicate security key performance and key risk indicators.
  • Identify, implement and maintain the company information security and privacy policies in coordination with company senior leadership and legal counsel.
  • Oversees, directs, delivers, or ensures delivery of security and/or privacy training and orientation to all employees, and applicable business associates.
  • Lead incident response teams to contain, investigate and prevent future device/system security breaches.
  • Manages a small team of specialists to execute and drive outcomes.
  • Maintains current knowledge of applicable international, federal and state privacy laws and accreditation standards, and monitors advancements in information security technologies to ensure organizational adaptation and compliance Serves as the contact point for any security and privacy related inquiries for customers.

Qualifications

  • Bachelor’s degree or higher in a technical discipline and at least 5 years’ experience in security and privacy related matters.
  • CISSP certification, with software development one of the two core areas
  • Strong experience with system and software development processes and compliance policies (ISMS)
  • Knowledge of CCPA, GDPR and other government technology/security and privacy related laws, standards and regulations and their impact on product architecture, functionality and operational processes.
  • Demonstrated abilities in problem-solving and analysis: identities issues, analyzes information to assess root cause and relationships, risks, and potential risk responses; proven ability to synthesize and summarize complex data into concise recommendations and reports.
  • Demonstrated organization, facilitation, communication, and presentation skills. Knowledge of ISO27001 and SOC2 certifications, from implementation to maintenance

Additional Information

All your information will be kept confidential according to EEO guidelines.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: CCPA CISSP Compliance GDPR Incident response ISMS ISO 27001 Privacy Product security SaaS SOC 2

Region: North America
Country: United States
Job stats:  11  0  0
Category: Leadership Jobs

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.