Information Security Manager
San Francisco, Austin, or Remote
Shippo
Shippo is the best multi-carrier shipping software for e-commerce businesses. Find the best shipping rates, integrate with e-commerce platforms, print shipping labels, track package delivery, and verify addresses with either our shipping API or...At Shippo, our goal is to level the playing field by providing businesses access to shipping tools and terms that would not be available to them otherwise.
Shippo lowers the barriers to shipping for businesses around the world. As free and fast shipping becomes the norm, better access to shipping is a competitive advantage for businesses. Through Shippo, e-commerce businesses, marketplaces, and platforms are able to connect to multiple shipping carriers around the world from one API and dashboard. Businesses can get shipping rates, print labels, automate international documents, track shipments, and facilitate returns.
Internally, we think of Shippo as the building blocks of shipping. Shippos are a diverse set of individuals. We look for cultural and skill fit in every new person. Join us to build the foundations of something great, roll up your sleeves, and get important work done everyday. Founded in 2013, we are a proud team based out of San Francisco. Shippo’s investors include D1 Capital Partners, Bessemer Venture Partners, Union Square Ventures, Uncork Capital, VersionOne Ventures, FundersClub, and others.
About the Role
As an Information Security Manager at Shippo, you will help secure our systems by designing and creating software, processes and policies, and championing their adoption across engineering and the rest of the company. You are responsible for ensuring that Shippo’s corporate and production systems exceed industry security and compliance standards by implementing security measures to monitor and protect sensitive data and systems.
Responsibilities
- Develop and maintain Shippo’s security roadmap
- Perform security risk assessments to identify gaps, come up with recommendations and drive the gaps to completion
- Conduct company-wide information security awareness training
- Draft and maintain information security standards, policies and best practices
- Develop processes, code, or systems that mitigate and prevent vulnerabilities
- Manage the security bug backlog with dev teams
- Advise teams on developing pragmatic solutions that achieve business requirements and also maintain acceptable levels of risk
- Evangelize security best practices across the organization
- Collaborate with dev teams to apply a shift-left security strategy in the development lifecycle
- Respond to security audits and security assessment requests
- Analyze, assess, and respond to various internet threats
- Conduct regular security assessments and penetration tests
- Set-up secure access to cloud production services for administration, deployment, configuration, and debugging
- Conduct in-depth security reviews of core corporate and production infrastructure
- Manage Shippo’s bug bounty program
Requirements
- Minimum 3 years of experience in a combination of risk management, information security and security engineering roles
- BS or MS degree in Computer Science or equivalent experience
- Relevant experience managing security on cloud computing platforms (e.g. AWS, Azure, GCP)Proven expertise in system and network security including authentication and security protocols, cryptography, intrusion detection systems (IDS), firewalls, VPNs, and both wireless and wired security
- Experience building security programs and developing policies, standards and procedures
- Experience with handling incident responses and leading Security Incident Response Teams
- Certification in one or more technical information security disciplines (e.g. CISSP, SSCP, CCSP)Relevant experience working in the SaaS industry with a deep understanding of regulatory frameworks such as ISO, GDPR, etc. is highly desired
- Experience with bug bounty programs
- Deep understanding of customer needs and passion for customer success
- Exceptional verbal, written, and interpersonal communication skills
Benefits
- Healthcare coverage for medical, dental, and vision (90% covered by the company, incl. dependents)
- Take-as-much-as-you-need vacation policy + flexible work hours
- Fun team events outside of work hours
- Awesome people that care about Shippo's mission, product and team
- $2,500 annual budget for professional development
Tags: APIs Audits AWS Azure CCSP CISSP Cloud Compliance Computer Science Cryptography E-commerce Firewalls GCP GDPR IDS Incident response Intrusion detection Network security Risk management SaaS Security assessment Security strategy SSCP Strategy VPN Vulnerabilities
Perks/benefits: Career development Flex hours Flex vacation Health care Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open ISO 27001-related jobs
- Open Clearance-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open CI/CD-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs