Are you passionate about privacy and security? (Keep your answer private for now).
Typeform helps people collect data with engaging, friendly forms. And we know that protecting that data is incredibly important for us and our customers.
We were saddened when someone attacked and compromised some of our customers’ data recently. So we want to respond quickly and effectively.
That’s why we’re looking for a Director of Security to build, improve, and maintain the security of our platform.
You will improve predictability and pace of delivery of product development by proactively identifying and addressing security concerns on time within the quarter.
Can you identify and create (or help create) the necessary developer enablers that allow the engineering organization to develop faster and more secure features?
Can you create and drive adoption of the security-related internal standards for engineering?
If yes, yes, and yes we’d love to hear from you.
Here’s what you’ll do :
Own the internal security programs (ie pen testing, bug bounty, open-sourcing) that ensure that our product releases maintain the highest standards of quality.
Identify gaps and roll out new programs to cover them.
Own security operations and SDLC tools to ensure that security issues are found early in the development process. Identify, every quarter, a security monitoring gap and fix it.
Define the necessary policies and take the leadership on corporate security breaches.
Work alongside the Director of Infrastructure to define a secure Corporate IT roadmap every quarter.
Lead and define compliance implementation projects (ie SOC2, HIPAA) and champion their implementation internally meeting quarterly commitments.
Set ambitious goals for your team. Keep them engaged and improving themselves quarter over quarter.
Train others to promote information privacy and security awareness within the company.
Help promote security as an integral component of our Typeform brand outside.
Here’s what we’re after :
You have implemented security programs, policies, and procedures to protect companies assets.
You have successfully implemented a security framework such as ISO 27001, SOC2, or HIPAA.
You are an advocate for incident response automation.
You understand the current threat landscape and are able to identify what measures should be put in place to protect the business.
You have experience implementing security controls in the cloud.
You are familiar with the latest infrastructure tooling and DevOps practices such as containers and containers orchestration tools and the challenges securing them.
You can multitask and prioritize work in a fast-changing environment.
You can influence key stakeholders. You think about business needs and you’re committed to high-quality, fast, and efficient delivery.
You’re all about the team. Go, team. You also leave space for a bit of fun.
And for some added bonus points :
Security certifications such as CISSP, SANS GCIH, GCIA, GCFA, GCFE or anything cloud-related would be a major plus.
You have joined or bootstrapped a security team on a successful growing startup or scaleup.
You’re particularly interested in privacy.
You’ve worked on an open-source security project and have been to security conferences / meetups.