Why PlanetScale Security?
PlanetScale’s Security team is responsible for our corporate Information Security Program. The goal of the program is to reduce risks in our systems, and to establish trust in our product offerings, features, and cloud services. Our work is focused on both our internal employees and our external customers/partners. Our Information Security program is being established and built as we go. With this comes a high level of autonomy and the opportunity to be seen as a true subject matter expert.
Our Security and Compliance Manager will be a thought leader, consultant, and subject matter expert. This role will collaborate across the organization in the development, implementation, and regular assessment of our security, privacy, and compliance practices (PCI DSS, COSO, or NIST). You will coordinate efforts for audits, responses, and overall improvements. This will be an intellectually challenging position with a high level of ambiguity and complex problem solving.
What’s the job to be done?
- Establish corporate policies, procedures, and best practices regarding security, compliance, and privacy.
- Establish, track, and report key performance indicators to your stakeholders on a regular basis.
- Be the main point of contact for Security/IT for audits/assessments including audit plan preparation, review of documentation and evidence, evaluation of procedures, and interviews
- Work collaboratively with internal teams (IT, Engineering, Legal, and People) to identify, manage, and implement solutions related to privacy, data protection risks, and compliance requirements to help meet stakeholder expectations
- Prepare, review and approve assessment reports.
- Provide leadership and guidance to key stakeholders on questions or issues related to security, privacy, and compliance.
- Continuous professional development in order to stay abreast of any changes to compliance and legal requirements.
- Understand our business needs and partner with internal customers, cross-functional teams, and third parties to find creative solutions to complex problems.
- Leverage knowledge of industry standards and best practices to assess the current state of security and compliance risks, identify areas of exposure, and address the gaps by implementing remediating controls
- Prioritize improvements and conduct compliance projects to reduce risk and improve regulatory compliance
These attributes best describe you…
- This position is ideal for a builder, or self-starter interested in working at a high-tech startup, who recognizes the opportunity for exposure
- You are highly organized and able to operate in ambiguous or changing situations
- You thrive in an environment of cross-department collaboration.
- You exhibit an entrepreneurial mindset, and start-up/dive-right-in mentality with a positive, go-getter attitude.
- You have a passion to lead programs that directly impact and enable our organization to drive higher levels of success.
- You want to work in a fast-moving rocketship, own and design programs, and make a significant impact on the success of the business.
- You challenge the status quo while building strong relationships
What you will need
- Minimum of five years experience in a role focused on security, privacy, and/or compliance.
- Excellent interpersonal, verbal, and written communication skills with the ability to communicate compliance and privacy related concepts to a broad range of technical and non-technical stakeholders
- Successful experience working, collaborating, and establishing credibility and relationships with senior leadership, colleagues, and customers
- Demonstrated success working with external auditors, outside consultants, and legal affairs
- Experience or knowledge of security risk assessments and Gap Analysis
- Experience with PCI DSS and one or more IT security compliance frameworks, such as HITRUST, NIST CSF, or COSO
- Experience performing IT security risk assessments and gap analysis
- Experience preparing and presenting and reporting to a broad range of stakeholders
- Experience and knowledge of cloud space (AWS, Azure, GCP)
- Certified Information Systems Security Professional (CISSP) preferred (CISA, or CISM)
- Ability to build high-trust relationships and credibility quickly
What else will help you be successful
- Experience working in a remote organization
- Basic knowledge of open source development and communities
- Exposure to relational databases and software development
- Recent experience as an auditor particularly as a PCI-QSA
At PlanetScale we believe in supporting people to do their best work and thrive no matter the location. Our mission is to build a diverse, equitable, and inclusive company. We strive to build an inclusive environment where all people feel that they are equally respected and valued, whether they are a candidate or an employee. We welcome applicants of any educational background, gender identity and expression, sexual orientation, religion, ethnicity, age, citizenship, socioeconomic status, disability, pregnancy status, and veteran status.
If you need any accommodations, please inform our Talent Acquisition team upon initial contact. We are happy to accommodate!