Employer: Array.com
Array is revolutionizing how businesses leverage and enhance consumer data. Our platform enables innovative companies and developers to seamlessly integrate credit and identity data into their apps, websites or workflows. As a remote-first company, we’re focused on providing opportunities for autonomous individuals to have high levels of impact at the forefront of the fintech space. Continuous improvement, experimentation, and a clear mission stretch us individually and together in service of delivering the best products for our clients and users.
The Information Security Compliance Officer will be responsible for proactively managing Array’s information security risk profile. This position will report to the Director of Information Security.
Responsibilities:
- Maintain Array’s Information Security Compliance program.
- Maintain a proactive & robust fintech control environment that meets/exceeds industry best practices, including PCI DSS and SOC 2, Type 2 compliance.
- Own the development & implementation of security compliance policies that govern Array’s business operations, third party relationships, privacy, business continuity, and other business activities.
- Own and develop the company security training program.
- Work with the engineering & IT teams to mitigate compliance risks and harden the company’s overall risk posture.
- Collaborate with the legal & compliance team to integrate information security compliance policies into the broader set of compliance standards for the company.
- Maintain incident response procedural playbook.
- Produce & maintain compliance metrics & prioritize activities.
Skills/Qualifications:
- Degree in business IT, systems engineering, information systems, computer science, or other degree.
- 5+ years of work experience in IT Compliance, PCI/SOC Auditing, incident response, NIST & ISO 27001 standards.
- Familiarity with DevSecOps concepts & best practices.
- Strong awareness of cybersecurity trends and hacking/exploitation techniques.
- Strong interest in securing cloud environments.
- Strong interest in developing 3rd party tools integration strategy/policies.
- Pristine attention to detail / analytical.
- Team player; works well with others; can build trust with external clients.
Nice To Haves:
- Knowledge of Cloud Security, Google Cloud Platform security & monitoring.
- Experience securing APIs and hosted infrastructure from cyber exploitation & attack.
- Knowledge of Security Across Multi-Vendor Platforms.
- Experience working in a startup or fast-paced environment
- Experience with ethical hacking.
- Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH), GIAC Certified Incident Handler, (GCIH), Certified Information Privacy Technologist (CIPT).
- Software development, IT/System administrator, cloud provisioning, cyber security analysis experience.