Data Security Governance Specialist

  • Full-time

Company Description

We believe everyone should be able to participate and thrive in the economy. So we’re building tools that make commerce easier and more accessible to all. We started with a little white credit card reader but haven’t stopped there. Our new reader helps our sellers accept chip cards and NFC payments, and our Cash app lets people pay each other back instantly. We’re empowering the independent electrician to send invoices, setting up the favorite food truck with a delivery option, helping the ice cream shop pay its employees, and giving the burgeoning coffee chain capital for a second, third, and fourth location. Let’s shorten the distance between having an idea and making a living from it. We’re here to help sellers of all sizes start, run, and grow their business—and helping them grow their business is good business for everyone.

Job Description

An innovative mobile payments startup in San Francisco, CA seeks Data Security Governance Specialist. This person will have experience and fluency in the following: governance models, IT audit, regulatory compliance, IT, and security systems.

You will:

  • Maintain multiple regulatory assessments (PCI, EMV, Common Criteria) and translate regulatory standards to a technical and business audience;

  • Manage industry variance projects: track progress, testing, and communicate status/dependencies/risks across multiple teams;

  • Work with Square teams to improve internal security controls and corresponding data security and privacy compliance programs while balancing business needs against regulatory risks;

  • Track industry changes to technical regulatory standards that would impact audit programs;

  • Maintain relationships with relevant regulatory/industry authorities and internal clients; and

  • Define success metrics, collaborate with multiple departments, communicate issues to executives, and managing the reporting process

Qualifications

You have:

  • 5+ years of experience in computer security and regulatory compliance

  • BA or BS Management Information Systems, Computer Science, and/or equivalent technical field experience

  • Experience with Governance, Risk, and Compliance including; PCI DSS, ISO 27001, SSAE16

  • Relevant Certification (e.g. CISA, CISSP, CRISC, CISM)

  • Strong analytical, strategic, communication, and project management skills

Even better:

  • Expertise in hardware security, cryptography, and related compliance (PCI PTS, PCI PIN, PCI P2PE)

  • Experience with IT related audits (PCI, SSAE16, ISO27001) and balancing internal engineering and external audit requirements.

  • Familiarity with a wide range of network and application security assessment tools and methodologies

  • Experience in managing and addressing various security control issues in systems such as UNIX, Linux, databases, firewalls, routers, wireless environments, and mobile devices

  • If you're a PCI Qualified Security Assessor - QSA, PA-QSA, or P2PE QSA, we want to talk to you

Additional Information

At Square, we value diversity and always treat all employees and job applicants based on merit, qualifications, competence, and talent. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance.

Privacy Policy