Information Security Specialist

At Beekeeper we take our customer’s trust in us extremely seriously. That is why security and privacy have always been top priorities and we pride ourselves in offering best-in-class security solutions, as well as staying abreast of key security certifications and standards. As we continue our growth journey, we are creating a new role to oversee our security efforts across the organisation.

As an Information Security Specialist at Beekeeper you will be responsible for implementing, managing and developing world-class security capabilities to ensure that our security program adequately addresses the needs and expectations of customers, regulators, auditors and senior management, whilst balancing the broader strategic requirements of the business.

You will work closely with engineering, risk & compliance, security professionals both within and outside the IT organisation, and others to support effective information security risk management and establish measurable controls and policies that support and comply with relevant regulations and standards.

Your Responsibilities

• Threat Modelling: Develop and drive execution of systematic threat modelling on Beekeeper’s product platform (infra & application), organisation and growing ecosystem (esp. Our market place and open API) and derive strategic mitigation solutions 
• Centralized Control Center - Product security: Work closely with engineering to design and implement strategic initiatives to uplift Beekeeper’s centralized control center, including (1) monitoring & alerting for both customers & DevOps incl. cloud configurations, data leakage, behavioural analytics and SIEM integration, as well as (2) improvements required for a scalable IAM monitoring solution incl. privileged access management and permission management 
• Crown Jewel Protection: Develop and implement a hardening standard for Beekeeper’s crown jewel assets and help build organisational resilience through robust business continuity / disaster recovery planning and management.
• Best practice & readiness: You are responsible for evaluating new security technologies for competitive advantage, developing a world-class security architecture as well as for preparing and maintaining organisational readiness for certifications, audits and a potential IPO.
• Information security risk management: support overall company risk management efforts with information security specific risk identification, assessment and mitigation
• Education, Awareness and Training: develop and manage a continuous program to effectively train and communicate with the technical and non-technical workforce to exhibit secure behaviors and create a strong security culture
• Assurance & KPI: build up an automated cyber assurance and KPI reporting capability and monitor situational awareness on the current state of Beekeeper security
• Information security management system: manage, maintain and document the security controls that protect the confidentiality, integrity, and availability of information from threats and vulnerabilities within our ISMS. 
• External stakeholder relationships and certifications: representing security externally to prospects, customers and other key external stakeholders, keeping up to date with current and impending industry security standards and certifications

What we look for in you

• Bachelor’s degree in relevant field
• 5+ years of information technology, risk and security experience with demonstrated knowledge of information security management and governance, cloud security, IT risk assessment and management, as well as leading service delivery and security operations
• Excellent verbal and written communication skills in English, with the ability to present complex technical issues in a succinct and easily understandable way to a variety of internal and external audiences, including senior management
• Strong people management skills, especially in a matrix environment managing cross functional teams and programmes
• Outstanding organisational and planning skills, ability to cope with high volumes of work and tight deadlines
• Ability to switch between strategic thinking to practical implementation, not afraid to roll up sleeves and get stuck in, whilst also keeping the strategic perspective at all times
• Practical knowledge and cloud service provider certifications for AWS and GCP
• Practical experience with common information security management frameworks, in particular ISO 27001 and CSA CCM
• Industry recognised information security certifications (e.g. Certified Information Security Professional/CISSP, Certified Information Security Manager/CISM, Certified Information Security Auditor/CISA)
• Sound knowledge of current and emerging data protection regulations in our core markets (GDPR, CCPA, Swiss Federal Act on Data Protection etc.)

Bonus Points

• IT infrastructure and operations experience
• Working experience in a technology or SaaS company