Technical Program Manager - Data Security Governance

  • San Francisco, CA
  • Full-time

Company Description

We believe the economy is better when everyone has access. When everyone has room to grow. No one should be left out because the cost is too great or the technology too complex. We started with a little white credit card reader but haven’t stopped there. We’re empowering the independent electrician to send invoices, setting up the favorite food truck with a delivery option, helping the ice cream shop pay its employees, and giving the burgeoning coffee chain capital for a second, third, and fourth location. We’re here to help sellers of all sizes start, run, and grow their business—and helping them grow their business is good business for everyone.

Job Description

An industry leading  commerce ecosystem solution provider in San Francisco, CA seeks Data Security Governance Technical Program Manager. This person will have experience and fluency in the following: project management, IT audit, regulatory compliance, and common platform security controls.

You will:

  • Lead cross-functional, high-impact technical projects such as:

    • Managing the security- and compliance-focused efforts for new products, new features, new markets, new regulatory obligations, or the expansion of Squares infrastructure.

    • Manage penetration testing and related technical evaluations for specific product security evaluations or broad enterprise testing

    • Security-focused audits and assessments such as PCI DSS, SSAE18, and internal control reviews.

    • Foundational or iterative updates to security/compliance controls including initial planning, tracking execution, and final documentation

  • Manage and constantly improve projects and programs supporting the following internal services:

    • Sales engineering and support for questions on PCI and data security

    • Tier 2-3 customer support for PCI and security inquiries

    • Legal contract review for audit / PCI / security related clauses

    • Translate regulatory standards to a technical and business audience

    • Vulnerability Management program

    • Vendor Security Review and Third-Party Risk Management program

    • Work with Square teams to improve internal security controls and corresponding data security and privacy governance programs while balancing business needs against regulatory requirements;

    • Define success metrics, collaborate with multiple departments, communicate issues to executives, manage the reporting process; and

    • Leverage your experience and expertise to inform Squares industry-leading data security initiatives 

  • Manage projects and programs for Industry engagement for data security and governance to inform the next generation of payment security rules and regulations;

    • Support initial security evaluations of new products to allow piloting of new technologies, including build external-facing technical documentation (threat models, security narratives) and negotiating the scope and security testing requirements for the evaluations

    • Maintain relationships with internal teams, internal PMs, and relevant external regulatory/industry stakeholders

    • Continuous engagement with the payments and security industry through various task forces, working groups, requests for comment/feedback, and direct engagement through conferences, meetups, presentations, and other events.

  • Manage, maintain, and constantly improve multiple regulatory security programs with a focus on clear and concise program documentation, automation, and other efficiencies to minimize manual effort required to maintain security/compliance controls and audit burden.

Qualifications

You have:

  • 5+ years of experience in project and program management, preferably with experience in data security and regulatory compliance

  • Willingness and ability to deliver a broad spectrum of work from baseline administrative logistics to strategic planning 

  • Curiosity and eagerness to learn - Squares omnichannel offerings come with a complex security landscape and extensive regulatory compliance obligations 

  • Familiarity with: PCI DSS, ISO 27001, SSAE18, or other compliance standards and frameworks 

  • Strong analytical, strategic, communication, and project management skills

Even better:

  • Experience and expertise in digital payments security.

  • Relevant Certification (e.g. PMP, CISA, CISSP) or equivalent demonstrable expertise

  • Experience with IT-related audits (PCI, SSAE16, ISO27001, Common Criteria EAL2+) and balancing internal engineering and external audit requirements.

  • Familiarity with a wide range of network and application security assessment tools and methodologies

Additional Information

At Square, our purpose is to empower – within and outside of our walls. In order to build the best tools for the businesses and customers we support all over the world, we have to start at home with a workforce as diverse and empowered as our sellers. To this end, we take great care to evaluate all employees and job applicants equally, based on merit, competence, and qualifications. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or any other characteristic protected by law. We encourage candidates from all backgrounds to apply and always consider qualified applicants with arrest and conviction records, in accordance with the San Francisco Fair Chance Ordinance. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us by sending an email to assistance(at)squareup.com. We will treat your request as confidentially as possible. In your email, please include your name and preferred method of contact, and we will respond as soon as possible. Perks At Square, we want you to be well and thrive. Our global benefits package includes: Healthcare coverage, Retirement Plans, Employee Stock Purchase Program, Meal reimbursements, Wellness perks, Paid parental leave, Flexible time off, Learning and Development resources