Sr. Information Security Specialist


Full Time Senior-level / Expert
Arm Treasure Data logo
Arm Treasure Data
Apply now Apply later

Posted 1 month ago

Treasure Data began by offering data warehousing and processing services, since then we’ve moved further up the value chain with our Customer Data Platform application (CDP), which is seeing a lot of traction with customers new and old. Moreover, CDP is the fastest growing offering we have and is front and center in most major initiatives across the company.We’re looking for an experienced Sr. Information Security Specialist who is excited to change how we practice and deliver a secure and compliant customer data platform hosted in AWS. In this position, you’ll work with various stakeholders in Security, Engineering, IT, Legal, HR and others to build and maintain the Incident Management, Business Continuity, and External Assurance programs of the SaaS CDP Platform with minimal impact on stakeholder’s workload.
At Treasure Data, we put a great deal of emphasis on collaboration and maintaining an open work environment, regardless of location. We believe employees should not just work but enjoy doing it - appreciating and valuing working alongside your co-workers goes a long way towards that goal and we strongly believe in ensuring that’s always the case.
If this sounds like the kind of opportunity you’ve been looking for, then we’re going to need your resume of course, but more importantly include a short note giving us a sense of why you think you are absolutely the right person for this job and how you are going to meet and exceed the objectives outlined below.
Things you will do•Accountable for effective establishment and pragmatic execution of Incident Management, Business Continuity and External Assurance programs.
Incident Management:•Create, implement, and maintain strategic roadmap. Serve as a specialist for incident and problem management processes, with accountability for process strategy, execution, and continual improvement.•Manage the execution of tabletops, audits, pen tests, vendor deliverables, and process improvements.•Create presentation and awareness material for evangelizing the incident response program.•Monitor internal and external policies for compliance.•Support security Trust and Assurance Team to implement program policy, guidelines, methodology, for developing cross-functional incident management plans.•Plan and validate the organization’s Incident Response plan (IR).•Being able to quickly classify an incident and guide the team towards the necessary course of action.•Work with legal compliance, litigation, and privacy for forensics review of company assets.•Lead and/or participate in incident post mortem and problem management meetings with key partners and service owners to review events and opportunities for ongoing improvement.
Business Continuity:•Work closely with stakeholders to develop and implement a transformative world-class Business Continuity program.•Support security Trust and Assurance Team to implement program policy, guidelines, methodology, for developing cross-functional business continuity plans.•Lead Business Continuity life-cycle engagement for Treasure Data’s multiple regions.•Facilitate the development and execution of Tabletop exercises.•Contribute to the documentation and issuance of program calendars.•Lead activity reporting and driving awareness in the regions.•Support the team to develop and participate in presentations of our business continuity information to stakeholders of all levels.•Assist in the development and conduct of business continuity training and exercises.•Track and report teams’ compliance with BC Guidelines.
External Assurance:•Collaborate with Treasure Data Sales and Customer success to respond to customer and prospect security requirements.•Partner with the Vendor Management group to execute an ongoing vendor monitoring program to ensure technology and security risks are managed on an ongoing basis.•Builds and fosters strong business relationships with partners across Treasure Data’s global footprint.•Review and complete customer assessment questionnaires as well as other security documents such as SOC 1, SOC 2, ISO Certifications and independent Pen Test reports.•Engage with internal and external stakeholders to understand context of the product/service usage and assess the functionality of key information security and privacy controls related to vendor or in-house developed software/systems.
Project Management•Provide Security Steering Committee updates to the Treasure Data security leadership on a monthly basis.•Crafting a technical initiative with clarity on what the initiative is and why we should be working on it.•Clarifying the end state vision of the initiative in certain time intervals (quarter, half, 1-3 years).•Ensuring timely and successful execution which include:•Tracking progress across the organization and teams for tracks of work•Managing cross team dependencies•Unblocking execution•Preventing scope creep•Risk management•Communicating project and initiative plans and progress including:•Roadmaps, weekly, monthly, and quarterly plans•Celebration of wins and creating awareness•Setting expectations and timelines•Updating on status•Highlighting risk•Identifying inefficiencies in processes, products, and technology and driving improvements.•Other activities as required.Your background and skills will include•BS degree in Computer Information Systems or related field.•Organizational savvy to steer peers and leadership toward solutions that carefully balance business, risk, and engineering concerns.•Impact oriented who can identify how initiatives and effort can move the needle for the organization.•Detail oriented and ability to drive initiatives to completion.•Ability to influence various stakeholders including technical leaders and executive management.•Experience with global Business Continuity standards and frameworks.•Experience with Incident Management standards and frameworks.•Experience performing security/vulnerability reviews of AWS services and Mac OSX.•Experience with security automation methodologies and solutions.•Experience with creating or auditing Cyber Security programs.•Experience with Python and Shell scripting (or any other programming language)•Ability to work alone or in teams, with minimal oversight, driving positive results while maintaining attention to detail.•Excellent communication skills (written and verbal) as well as comfort and experience in presentation delivery.•Ability to quickly adapt to shifting priorities, demands, and timelines through analytical and problem-solving capabilities.•Experience working in a start-up environment.•Solid Project Management experience is a must.
Working environmentIf you can see the following as opportunities rather than risks, then this is the role for you. We will provide you with the opportunity to grow and support you in this role.
•There are many opportunities for you to make impacts on Treasure Data, because Treasure Data is still a small organization, the systems and processes are not yet set in stone and our business environment has been changing continuously.•You are expected to come up with different solutions to meet each stage of a growing organization.•Ability to clearly and concisely respond to customers is a must. •Must be process oriented and have the ability to transform ambiguity into repeatable and predictable results. •Must strike a reasonable balance between security, usability and practicality. •Must be biased to action, favor automation and have a keen eye for continual improvement.•This role covers large work and geographical area.
Working at Treasure DataWe are an equal opportunity employer dedicated to building an inclusive and diverse workforce. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.You can expect a work environment where the team is collaborative and open to your ideas, while we keep our collective eye on supporting our customers’ needs.
Our team is committed to technical innovation in our product and in the world through customer collaboration, open-source projects, and by continuing to make our product an integral part of our customers’ growth and success.Agencies and recruiters, we cannot consider your candidate(s) without a contract in place. Any resumes received without having an active agreement will be considered gratis referrals to us. Thank you for your understanding and cooperation.

Job tags: Auditing Audits Automation AWS Compliance Forensics Incident response Python Risk management SaaS SOC 1 SOC 2 Strategy Vendor management
Job region(s): Remote/Anywhere
Job stats:  39  5  0
  • Share this job via
  • or

More Information Security position highlights