Listing Description
At Square, Information Security partners with internal teams to help them understand the information security risks of their products and help those teams drive risks down. Remediating known vulnerabilities in a timely manner is one of the most effective ways for teams to reduce the risks within their projects. Further, recognizing the risks that 3rd party suppliers may introduce to a product allows teams to make reasonable risk trade-offs that enable them to ship products securely.
The Security Program Manager owns Square’s vulnerability management program, vendor security management program, and Square’s bug bounty program. This individual works through others to reduce risk by ensuring vulnerabilities are closed within agreed upon SLAs, 3rd party vendors/software adhere to Square’s security policies, providing feedback and guidance to craft our vendor security policies, and ensuring Square maintains a healthy and productive relationship with external security researchers. Additionally, this individual will provide limited project management support for internal information security projects. This individual will report to the Head of Information Security.
Qualifications
You have:
5+ years of industry experience.
5+ years of project management experience.
Excellent verbal and written communication skills in an engineering environment
Ability to work through others
Strong technical background
Experience in setting up project schedules and breaking down engineering work.
Even better:
Previous experience working in/with an information security team.
Previous experience running a vulnerability management and/or bug bounty program
Hands on experience with JIRA and other Atlassian products
Hands on experience with vulnerability scanners
Experience with data visualization (e.g. Looker/Tableau)
Experience with PCI, SOC 2, and ISO27001 compliances
Reasons you will LOVE this position:
You LOVE working through others.
You have a strong ability to lead without authority and develop consensus.
You are excited by the idea of maturing processes.
You love making metrics move the right direction.
You LOVE managing multiple, small information security projects.
Reasons you will NOT LOVE this position:
You are uncomfortable working with some ambiguity
You think saying “Because security says so” is enough justification to drive change.
You are uncomfortable working with/talking to engineersProvide visibility and metrics of the current state of vulnerabilities to stakeholders
Provide oversight and stakeholder accountability of SLAs
Collaborate closely with Information Security peers to help teams understand and resolve complex vulnerabilities
Collaborate with Square engineers to understand, prioritize, and remediate vulnerabilities reported by external security researchers
Collaborate with IT, Engineering, and Procurement to design a vendor security review process that adheres to Square’s security policies while also enabling peers to find the best vendor/solution for their problem.
Provide project management support up to two information security projects per quarter of medium complexity (3-6 month project duration).
Listing Details
- Citizenship: No Requirements
- Incentives: Stock Options
- Education: Bachelors Degree
- Travel: Travel 25
- Telework: Optional Telecommute