Data Security Audit Program Manager

  • Full-time

Company Description

We believe everyone should be able to participate and thrive in the economy. So we’re building tools that make commerce easier and more accessible to all. We started with a little white credit card reader but haven’t stopped there. Our new reader helps our sellers accept chip cards and NFC payments, and our Cash app lets people pay each other back instantly. We’re empowering the independent electrician to send invoices, setting up the favorite food truck with a delivery option, helping the ice cream shop pay its employees, and giving the burgeoning coffee chain capital for a second, third, and fourth location. Let’s shorten the distance between having an idea and making a living from it. We’re here to help sellers of all sizes start, run, and grow their business—and helping them grow their business is good business for everyone.

Job Description

This person will have experience and fluency in the following: governance models, IT security audit, regulatory compliance, IT, and security systems.

You will:

  • Maintain multiple regulatory assessments (e.g. PCI PTS, P2PE, PCI PIN) and translate regulatory standards to a technical and business audience;
  • Manage industry variance projects and audits: track progress, testing, and communicate status/dependencies/risks across multiple teams;
  • Work with Square teams to improve internal security policies, procedures, controls and corresponding data security and privacy governance programs while balancing business needs against regulatory risks;
  • Track industry changes to technical regulatory standards that would impact audit/governance programs;
  • Maintain relationships with relevant regulatory/industry authorities and internal stakeholders
  • Support definition and dissemination of success metrics, collaborate with multiple internal teams, communicate issues to both engineers and executives, manage reporting processes; and
  • Leverage your experience and expertise to inform Square’s industry-leading data security initiatives

Qualifications

You have:

  • 5+ years of experience in data security and regulatory compliance
  • BA or BS Management Information Systems, Computer Science, and/or equivalent technical field experience
  • Experience with: PCI DSS, PCI P2PE, and/or other relevant security specifications
  • Relevant Certification (e.g. CISA, CISSP, CRISC, CISM) or equivalent demonstrable expertise
  • Strong analytical, strategic, communication, and project management skills

Even better:

  • Experience and expertise in digital payments security.
  • Experience in mobile device security.
  • Expertise with hardware security, cryptography, and related compliance (PCI PTS, PCI PIN, PCI SPoC)
  • Experience with IT related audits (PCI, SSAE16/18, ISO27001) and balancing internal engineering and external audit requirements.
  • Current or former QSA, PA-QSA, P2PE-QSA, and/or PCI PFI
  • Familiarity with a wide range of hardware, network and application security assessment tools and methodologies

Additional Information

At Square, we value diversity and always treat all employees and job applicants based on merit, qualifications, competence, and talent. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance.

Privacy Policy