Senior Information Security Manager
We’re the technology leader building the modern home management platform. Today, millions of people use Thumbtack to effortlessly manage their homes. We help them confidently know what to do, when to do it and who to hire.
Our goal is simple: to be the only platform homeowners need to fix, maintain and improve their homes. As a long-term partner for homeowners, our promise is to turn what was once confusing and intimidating into something straightforward — and a lot less stressful.
At Thumbtack, we're not just creating a new era of homeownership. We’re supporting local economies and building stronger communities. Each day, we connect local professionals across America with busy homeowners so they can grow their businesses.
Thumbtack is for everyone. Our customers and pros come from all walks of life and every county in the country. We want our team to reflect that. If you come from an underrepresented background in tech, we strongly encourage you to apply.
Our North Star is bright and our ambitions are big. We’ve been at this for over a decade, but the way we see it: we’re just getting started.
Thumbtack by the Numbers
- Available in all 3,143 U.S. counties.
- Nearly 4.5 million customers in the last 12 months
- Hundreds of thousands of local professionals on our platform
- 65 million projects started on Thumbtack
- Over 7 million 5-star reviews left for stellar pros
About the TPH Site Operations Team
This role will be part of the TPH Site Operations team, the shared services unit of Thumbtack Philippines enabling value delivery via effective governance of business operations that are utilized by multiple divisions within Thumbtack, globally. The team focuses on providing cost-efficient and high-quality specialized services (IT & BusApps, WFM, Finance, Risk and Compliance, Project Management, and Marketing) within the required or agreed service level agreements for specific tasks and/or projects within the organization.
Functionally, this role will be reporting to the Global IS team in charge of the overall security processes within the organization and ensures alignment with Thumbtack’s business objectives
About the Role
As a Senior Information Security Manager, you are a guardian of data and cybersecurity: you think on your feet and can make quick and effective decisions for every information security situation that may arise within the organization. You are keen on details, have a good understanding of the Philippine Cybersecurity regulations, and can analytically assess processes, systems, data, and events relevant to Information Security. You are able to provide valuable recommendations to the management team and mitigate security risks; thereby contributing to providing our employees, pros, and customers the utmost information security that they deserve.
This role will be an individual contributor with the potential to evolve to a people manager position should there be a need to grow the team, or as may be required by the business in the future.
As a Senior Information Security Manager, you will be the “Analyst-in-chief” in Thumbtack PH when it comes to assessing an information security situation and responding appropriately. You will own the implementation, execution, and monitoring of Information Security processes and procedures in compliance with Thumbtack’s policies and government regulations. You will help in ensuring that the IS Framework, IS Strategic Plan, and IS Programs are aligned with both the Global IS and Thumbtack’s business goals.
- Working closely with the Global IS Director, TPH IT, and SiteOps Managers
- Identifying vulnerabilities in the organization’s current network system and infrastructure
- Developing and implementing a comprehensive plan to secure the organization’s computing network
- Monitoring network usage to ensure compliance with security policies
- Keeping up to date with developments in IT security standards and threats
- Performing penetration tests to find any flaws and creating mitigation plans
- Simulating security breaches and creating disaster recovery plans
- Collaborating with management and the IT department to improve security
- Seeking to build in security during the development stages of software systems, networks, and data centers
- Documenting any security breaches, assessing their damage, and liaising with the concerned government agency if necessary
- Educating colleagues about security software and best practices for information security
- Recommending, testing, and evaluating security products as needed
Key Objectives of the role
- Establish and continually improve the standards and practices of Information Security Management for Thumbtack Philippines
- Create and Implement Risk / Control Monitoring Framework: Coordinate the development and monitoring of key performance indicators (KPI) as well as key risk indicators (KRIs) that are mapped to various risks and controls to determine elevations in risk, the effectiveness of controls, and to proactively implement risk and control mitigation measures
- Establish a Computer Emergency Response Team (CERT) to act as an escalation point for Information Security breaches in compliance with the DICT and NPC requirements
- Create and implement an effective audit process to identify Information Security violations, vulnerabilities, and risks, and recommend or implement appropriate long-term corrective measures
If you don't think you meet all of the criteria below but still are interested in the job, please apply. Nobody checks every box, and we're looking for someone excited to join the team.
- Bachelor’s Degree in Information Technology, Computer Science, Computer Engineering, or related fields
- At least 85 years of relevant work experience in IT and Information Security
- IS Certification in CompTIA Security+
- Working knowledge of different security technologies and concepts such as but not limited to VA, PT, SIM/SIEM, DLP gateway, and endpoints, IPS/IDS, WAF, CASB, Cloud security, IAM, Cyber Incident Response, Digital Forensics
- Working knowledge on different IT domains – Network, Infrastructure, Systems Administration, Software Development, Database Administration, Change Management, Incident Management
- Strong knowledge and experience in building control frameworks and has the ability to design and evaluate the effectiveness of controls in compliance with the Philippine IS requirements
- Excellent oral and written communication skills
- IS Certifications such as Security+, CISM, CISA, CISSP, etc.
- Programming knowledge (Java, PHP, C++, Scripting, etc.)
- Understanding of IT and information security principles and best practices (e.g., ITIL, ISO 27001)
- PCI-DSS compliance experience and certification
- Target start date is in January 2022
More About Us
Thumbtack is a technology leader building the modern home management platform. Through the Thumbtack app, homeowners can effortlessly manage their homes — confidently knowing what to do, when to do it, and who to hire. Bringing the $500 billion home services industry online, Thumbtack empowers millions of homeowners to fix, maintain, and improve their most valuable asset.
Founded in 2008, Thumbtack is backed by over $500 million in funding from folks that include Sequoia Capital, CapitalG, Tiger Global Management, Javelin Investment Partners, Baillie Gifford.
- See what it’s like to work here
- Meet the pros who inspire us
- Follow us on LinkedIn
- Discover our virtual first plan
Thumbtack is a virtual-first company, meaning you can live and work from any one of our approved locations across the United States, Ontario or the Philippines. When it is safe to gather, we will begin to host in-person events on a regular basis. Remote employees will be expected to travel occasionally for these events to a Thumbtack library or offsite team-building location. In cities with 5+ employees, we are establishing local communities, where employees can gather for local events. Additionally, employees in the San Francisco, Salt Lake City, Toronto and Manila areas will have opt-in access to communal workspace at one of our Thumbtack libraries.
Thumbtack embraces diversity. We are proud to be an equal opportunity workplace and do not discriminate on the basis of sex, race, color, age, sexual orientation, gender identity, religion, national origin, citizenship, marital status, veteran status, or disability status.
Explore more Information Security career opportunities
- Open SOC Analyst Jobs
- Open Principal Security Engineer Jobs
- Open Threat Intelligence Response Analyst Jobs
- Open Vulnerability Analyst Jobs
- Open Information Security Architect Jobs
- Open Senior Penetration Tester Jobs
- Open IT Security Engineer Jobs
- Open Senior Infrastructure Security Engineer Jobs
- Open Software Security Engineer Jobs
- Open IAM Engineer Jobs
- Open Senior Information Security Engineer Jobs
- Open Personnel Security Officer Jobs
- Open Sr. Product Security Engineer Jobs
- Open Infrastructure Security Engineer Jobs
- Open Senior Incident Response Analyst Jobs
- Open Chief Information Security Officer Jobs
- Open Cybersecurity Analyst Jobs
- Open Staff Security Engineer Jobs
- Open Senior Information Security Analyst Jobs
- Open Information Security Officer Jobs
- Open Sr. Software Engineer - Detection Engineering Jobs
- Open Cyber Security Architect Jobs
- Open Staff Engineer, Cloud Security Jobs
- Open Cybersecurity Engineer Jobs
- Open Threat Intelligence Analyst Jobs
- Open Kubernetes-related jobs
- Open Clearance-related jobs
- Open PCI-related jobs
- Open Open Source-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Machine Learning-related jobs
- Open IDS-related jobs
- Open Splunk-related jobs
- Open Ruby-related jobs
- Open Intrusion detection-related jobs
- Open OSCP-related jobs
- Open Security assessments-related jobs
- Open Encryption-related jobs
- Open Docker-related jobs
- Open Threat detection-related jobs
- Open IPS-related jobs
- Open TCP/IP-related jobs
- Open HIPAA-related jobs
- Open Cryptography-related jobs
- Open Unix-related jobs
- Open DevSecOps-related jobs
- Open GDPR-related jobs
- Open PowerShell-related jobs