Information Security Manager
SilverStripe is looking for an experienced and talented Information Security Manager (ISM) to join our Wellington-based team.
What you will be doing
As SilverStripe's Information Security Manager (ISM), you will be the go-to person for all things InfoSec. You will work closely alongside the Chief Information Security Officer (CISO) and information security experts from across our Product and Professional Services teams to continually improve security practices at SilverStripe and lead the continuous improvement of our secure design and development methodologies.
You will have a key role in growing and maintaining the trust our clients, partners and stakeholders have in SilverStripe's products and services. You will have oversight of and manage both the long and short term security goals of the company, ensuring that we follow good information security practices and continue to be compliant with relevant regulations, international standards and contractual obligations with both new and existing clients. You will have the ability to understand and prioritise security risks to our organisation and products, and to scope appropriate mitigations.
In addition, you will ensure that all vendors and service providers that undertake work with SilverStripe have IT security standards and policies that meet our security requirements, to ensure the ongoing safety of our company and client data.
You will be responsible for the creation of policies, procedures and other critical documentation related to information security, as well as being able to provide training and/or guidance on these documents as required. As ISM, you will be a trusted advisor for all departments within SilverStripe, so you will be interacting with and working alongside different personalities from day-to-day, from the CEO to Sales; Operations to Professional Services.
Who we are looking for
We need someone who is knowledgeable and and passionate about what they do, while still being open-minded and curious enough to take on other people's ideas and suggestions.
You will be able to pick up technical information quickly and relate it to the work to be undertaken.
You'll be a fantastic team player, who is willing to "get their hands dirty" when needed.
More specifically, you'll need:
- A sound understanding of New Zealand regulations (e.g. Privacy Act, NZISM), international security standards (e.g. ISO/IEC 27001), privacy legislation (e.g. GDPR) and other obligations (e.g. PCI-DSS)
- Knowledge of security architecture and design with hands-on technical understanding of the practical impact of architectural requirements set out
- Knowledge of the deployment and maintenance of both solution and software architecture
- Experience in process improvement, and knowledge of modern project management methodologies, particularly Agile
- Expert knowledge of technical and governance disciplines of information security, risk and audit, and compliance
- Experience implementing and deploying security policies
- Knowledge of corporate procurement and tendering processes
- Knowledge of current security tools, processes and techniques; experience deploying tools, processes and training to demonstrate measurable security benefit
- Excellent interpersonal skills
- Excellent written and verbal communication skills
- The ability to work under pressure and with tight timeframes
- Brilliant organisational skills, and the ability to work on multiple projects at the same time
- Be flexible, adaptable and willing to take on a wide range of tasks
Check out this video for details from our CEO Sam: https://vimeo.com/341263481
Qualifications & Experience
- 3+ years in a Security Consultant, Security Architect or similar role
- Experience in a hands-on technical role, such as a software developer or network engineer
- A technical degree and/or industry recognised qualification is desirable (e.g. CISM, CISA, CRISC, CISSP)
All applications MUST be submitted via our website or this link: https://silverstripe.workable.com/
Applications received through any other channel will not be accepted.
Applications close at 10am, Tuesday 18th June 2019.
We're family friendly
SilverStripe is a grown-up company. We want to create an environment that has all the excitement and intellectual stimulation of a startup but with a sensible business model. We don't have ninjas and rock stars working 80-hour weeks. We do enjoy working with smart people in an efficient and disciplined manner. Many SilverStripers have young families and we strive to support that.
We take professional development seriously
There are plenty of opportunities for learning - we pay for SilverStripers to attend conferences and training; we hold our own monthly Hackdays; and we encourage knowledge sharing through regular internal events like "Show & Tell" and "Lunch & Learn". We've got something on each week. Mostly, you'll be working alongside super smart designers, developers and scrum masters. They'll share their love of the craft and help you grow your skills.
We have an awesome culture
SilverStripe is big on things like building trusting relationships, using technology to solve important problems, and helping others reach their goals. We actively foster a culture that supports our core values of honesty over comfort; adaptability over guarantees; collaboration over control; continuous improvement over perfection and camaraderie over corporate culture. Our culture sets us apart - it's a key reason why people come to SilverStripe and stay here.
At SilverStripe we're passionate about creating an inclusive workplace that promotes and values diversity. Companies that are diverse in age, gender identity, race, sexual orientation, physical or mental ability, ethnicity and perspective are proven to deliver better solutions.