Job Details

Security Compliance Manager

Job Info:

Category: Infrastructure
Company Description: The Best Engineered e-commerce Platform in the World
Salary: Highly Competitive, Depending on Experience
Position Type: Permanent
Job Number: 8575

Job Description:


Security Compliance Manager

You will be responsible for managing our continued Information Security Compliance Program.

Our mission is to become the smartest way to shop and save on pretty much anything. Combining a revolutionary pricing engine, a world-class technology and fulfillment platform, and incredible customer service, we've set out to create a new kind of e-commerce. We're passionate about empowering people to live and work brilliant.

About Our Internal Engine:

We're building a new kind of company, and we're building it from the inside out, which means that investing in hiring, developing, and retaining the brightest minds in the world is a top priority. Everything we do is grounded in three simple values: trust, transparency, and fairness. From our business model to our culture, we live our values to the extreme, whether we're dealing with employees, retail partners, or consumers. We believe that happiness is the highest level of success and we want every person that crosses paths with us to achieve it. If you're an ambitious, smart, natural collaborator who likes taking risks, influencing, and innovating in a challenging hyper-growth environment, we'd love to talk to you about joining our team.

About the Job:

The Information Security Compliance Manager will be responsible for demonstrating our commitment to security and privacy within the company and to external parties by driving our continued compliance efforts with external and internal requirements. This includes maintaining the security controls required by PCI, ISO 27001, and other regulatory compliance frameworks.

This role's responsibilities include:

  • Support the identification, implementation, and maintenance of security controls required by PCI, ISO 27001, and other regulatory compliance frameworks in a collaborative manner that supports our business and growth objectives
  • Participate in the development and oversight of required corrective action plans relating to security compliance issues
  • Support security assessments, develop mitigation plans, and work with internal stakeholders to assign responsibility
  • Establish and manage the security risk assessment for new and ongoing projects, advise on architectures, security, and mitigating controls.
  • Understand technical implementation details necessary to assess and design practical security controls
  • Partner with team members and cross functional groups to ensure programs align with compliance requirements
  • Assist with responding to external requests inquiring about our security program
  • Promote security compliance internally while maintaining our core values of transparency, fairness and trust

About You

  • Experience with PCI Compliance, preferably as an active Internal Security Assessor (ISA) or Qualified Security Assessor (QSA)
  • Deep understanding of PCI Data Security Standards or security frameworks such as ISO 27000 Series, NIST, etc.
  • Experience in performing information security risk assessments
  • Strong foundation in and in-depth technical knowledge of security engineering, computer and network security, authentication, and security controls
  • Strong understanding of most of the following common security compliance frameworks, controls, and best practices: AICPA Trust Principals (SSAE 16 - SOC 2 and 3), OWASP Top 10, SANS CIS Critical Security Controls, regulations governing personally identifiable information (PII), and other applicable regulatory compliance frameworks
  • History of successful engagements with external auditors for various compliance audits
  • 8 - 10 years of experience in information security, preferably in the audit & compliance related field
  • In-depth understanding of network and system security technology and practices across all major-computing areas
  • Security certifications desired such as CISA, CISSP, CISM, CRISC, ISO 27001 etc
  • Knowledge in cloud computing security environments such as Azure preferred




All qualified candidates are encouraged to apply by submitting their resume as an MS word document including a cover letter with a summary of relevant qualifications, highlighting clearly any special or relevant experience.

Please Note: All inquiries will be treated with the utmost confidentiality. Your resume will not be submitted to any client company without your prior knowledge and consent.

Contact Recruiter
Senior Technical Recruiter
Andiamo Partners | 90 Broad Street, Suite 1501, New York, NY 10004

Share Share this Job