Information Security Manager

Before you read on, take a look around you. Chances are, pretty much everything you see has been shipped, often multiple times, in order to get there. E-commerce is exploding, and with it, parcel shipping is becoming a meaningful factor in a business' ability to succeed. Creating a compelling shipping experience for customers is hard but necessary.
At Shippo, our goal is to level the playing field by providing businesses access to shipping tools and terms that would not be available to them otherwise.
Shippo lowers the barriers to shipping for businesses around the world. As free and fast shipping becomes the norm, better access to shipping is a competitive advantage for businesses. Through Shippo, e-commerce businesses, marketplaces, and platforms are able to connect to multiple shipping carriers around the world from one API and dashboard. Businesses can get shipping rates, print labels, automate international documents, track shipments, and facilitate returns.
Internally, we think of Shippo as the building blocks of shipping. Shippos are a diverse set of individuals. We look for cultural and skill fit in every new person. Join us to build the foundations of something great, roll up your sleeves, and get important work done everyday. Founded in 2013, we are a proud team based out of San Francisco. Shippo’s investors include D1 Capital Partners, Bessemer Venture Partners, Union Square Ventures, Uncork Capital, VersionOne Ventures, FundersClub, and others.
About the Role
As an Information Security Manager at Shippo, you will help secure our systems by designing and creating software, processes and policies, and championing their adoption across engineering and the rest of the company. You are responsible for ensuring that Shippo’s corporate and production systems exceed industry security and compliance standards by implementing security measures to monitor and protect sensitive data and systems. 

Responsibilities

• Develop and maintain Shippo’s security roadmap
• Perform security risk assessments to identify gaps, come up with recommendations and drive the gaps to completion
• Conduct company-wide information security awareness training
• Draft and maintain information security standards, policies and best practices
• Develop processes, code, or systems that mitigate and prevent vulnerabilities
• Manage the security bug backlog with dev teams
• Advise teams on developing pragmatic solutions that achieve business requirements and also maintain acceptable levels of risk
• Evangelize security best practices across the organization
• Collaborate with dev teams to apply a shift-left security strategy in the development lifecycle
• Respond to security audits and security assessment requests
• Analyze, assess, and respond to various internet threats
• Conduct regular security assessments and penetration tests
• Set-up secure access to cloud production services for administration, deployment, configuration, and debugging
• Conduct in-depth security reviews of core corporate and production infrastructure
• Manage Shippo’s bug bounty program

Requirements

• Minimum 3 years of experience in a combination of risk management, information security and security engineering roles
• BS or MS degree in Computer Science or equivalent experience
• Relevant experience managing security on cloud computing platforms (e.g. AWS, Azure, GCP)Proven expertise in system and network security including authentication and security protocols, cryptography, intrusion detection systems (IDS), firewalls, VPNs, and both wireless and wired security
• Experience building security programs and developing policies, standards and procedures
• Experience with handling incident responses and leading Security Incident Response Teams
• Certification in one or more technical information security disciplines (e.g. CISSP, SSCP, CCSP)Relevant experience working in the SaaS industry with a deep understanding of regulatory frameworks such as ISO, GDPR, etc. is highly desired
• Experience with bug bounty programs
• Deep understanding of customer needs and passion for customer success
• Exceptional verbal, written, and interpersonal communication skills

Benefits

• Healthcare coverage for medical, dental, and vision (90% covered by the company, incl. dependents)
• Take-as-much-as-you-need vacation policy + flexible work hours
• Fun team events outside of work hours
• Awesome people that care about Shippo's mission, product and team
• $2,500 annual budget for professional development