Technical Program Manager - Data Security Governance

  • San Francisco, CA
  • Full-time

Company Description

We believe the economy is better when everyone has access. When everyone has room to grow. No one should be left out because the cost is too great or the technology too complex. We started with a little white credit card reader but haven’t stopped there. We’re empowering the independent electrician to send invoices, setting up the favorite food truck with a delivery option, helping the ice cream shop pay its employees, and giving the burgeoning coffee chain capital for a second, third, and fourth location. We’re here to help sellers of all sizes start, run, and grow their business—and helping them grow their business is good business for everyone.

Job Description

An industry leading  commerce ecosystem solution provider in San Francisco, CA seeks Data Security Governance Program Manager. This person will have experience and fluency in the following: governance models, IT audit, regulatory compliance, IT, and security systems.

 

You will:

  • Maintain multiple regulatory security programs, responsible for getting Square successfully through some or all of the following security evaluations: PCI SPoC, PCI PTS, PCI PIN. Common Criteria, EMV. Including;

    • Fully manage the security evaluation process, from setting the budget to negotiating the project deliverables in contractual agreements, to approving the invoices

    • Policy and Procedure management, managing and maintaining useful and audit-ready policies, procedures, diagrams, technical specifications, etc.

    • Track industry changes to technical regulatory standards that would impact audit/governance programs and communicate status/dependencies/risks across multiple teams;

  • Lead technical projects such as:

    • Cross-functional efforts to support the expansion of Square’s infrastructure in a manner that maintains regulatory compliance

    • Penetration testing for specific product security evaluations

  • Offer the following internal services

    • Sales engineering and support for questions on PCI and data security

    • Tier 2-3 customer support for PCI compliance related questions

    • Legal contract review for audit / PCI / security related clauses

    • Translate regulatory standards to a technical and business audience;

    • Work with Square teams to improve internal security controls and corresponding data security and privacy governance programs while balancing business needs against regulatory requirements;

    • Define success metrics, collaborate with multiple departments, communicate issues to executives, manage the reporting process; and

    • Leverage your experience and expertise to inform Square’s industry-leading data security initiatives

  • Industry engagement for data security and governance to inform the next generation of payment security rules and regulations;

    • Support initial security evaluations of new products to allow piloting of new technologies, including build external-facing technical documentation (threat models, security narratives) and negotiating the scope and security testing requirements for the evaluations

    • Maintain relationships with relevant regulatory/industry stakeholders

Qualifications

  • 5+ years of experience in data security and regulatory compliance

  • BA or BS Management Information Systems, Computer Science, various Engineering fields, and/or equivalent technical field experience

  • Experience with: PCI PTS, ISO 27001

  • Relevant Certification (e.g. CISA, CISSP, CRISC, CISM) or equivalent demonstrable expertise

  • Strong analytical, strategic, communication, and project management skills

 

Even better:

  • Experience and expertise in digital payments security.

  • Expertise with hardware security, cryptography, and related compliance (PCI PIN, PCI P2PE, PCI SPoC)

  • Experience with IT-related audits (PCI, SSAE16, ISO27001, Common Criteria EAL2+) and balancing internal engineering and external audit requirements.

  • Familiarity with a wide range of network and application security assessment tools and methodologies

  • Experience in managing and addressing various security control issues in systems such as UNIX, Linux, databases, firewalls, routers, wireless environments, and mobile devices

Additional Information

At Square, our purpose is to empower – within and outside of our walls. In order to build the best tools for the businesses and customers we support all over the world, we have to start at home with a workforce as diverse and empowered as our sellers. To this end, we take great care to evaluate all employees and job applicants equally, based on merit, competence, and qualifications. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or any other characteristic protected by law. We encourage candidates from all backgrounds to apply and always consider qualified applicants with arrest and conviction records, in accordance with the San Francisco Fair Chance Ordinance. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us by sending an email to assistance(at)squareup.com. We will treat your request as confidentially as possible. In your email, please include your name and preferred method of contact, and we will respond as soon as possible.