Technical Program Manager - Data Security Governance
- Full-time
Company Description
We believe the economy is better when everyone has access. When everyone has room to grow. No one should be left out because the cost is too great or the technology too complex. We started with a little white credit card reader but haven’t stopped there. We’re empowering the independent electrician to send invoices, setting up the favorite food truck with a delivery option, helping the ice cream shop pay its employees, and giving the burgeoning coffee chain capital for a second, third, and fourth location. We’re here to help sellers of all sizes start, run, and grow their business—and helping them grow their business is good business for everyone.
Job Description
An industry leading commerce ecosystem solution provider in San Francisco, CA seeks Data Security Governance Technical Program Manager. This person will have experience and fluency in the following: project management, IT audit, regulatory compliance, and common platform security controls.
You will:
Lead cross-functional, high-impact technical projects such as:
Managing the security- and compliance-focused efforts for new products, new features, new markets, new regulatory obligations, or the expansion of Squares infrastructure.
Manage penetration testing and related technical evaluations for specific product security evaluations or broad enterprise testing
Security-focused audits and assessments such as PCI DSS, SSAE18, and internal control reviews.
Foundational or iterative updates to security/compliance controls including initial planning, tracking execution, and final documentation
Manage and constantly improve projects and programs supporting the following internal services:
Sales engineering and support for questions on PCI and data security
Tier 2-3 customer support for PCI and security inquiries
Legal contract review for audit / PCI / security related clauses
Translate regulatory standards to a technical and business audience
Vulnerability Management program
Vendor Security Review and Third-Party Risk Management program
Work with Square teams to improve internal security controls and corresponding data security and privacy governance programs while balancing business needs against regulatory requirements;
Define success metrics, collaborate with multiple departments, communicate issues to executives, manage the reporting process; and
Leverage your experience and expertise to inform Squares industry-leading data security initiatives
Manage projects and programs for Industry engagement for data security and governance to inform the next generation of payment security rules and regulations;
Support initial security evaluations of new products to allow piloting of new technologies, including build external-facing technical documentation (threat models, security narratives) and negotiating the scope and security testing requirements for the evaluations
Maintain relationships with internal teams, internal PMs, and relevant external regulatory/industry stakeholders
Continuous engagement with the payments and security industry through various task forces, working groups, requests for comment/feedback, and direct engagement through conferences, meetups, presentations, and other events.
Manage, maintain, and constantly improve multiple regulatory security programs with a focus on clear and concise program documentation, automation, and other efficiencies to minimize manual effort required to maintain security/compliance controls and audit burden.
Qualifications
You have:
5+ years of experience in project and program management, preferably with experience in data security and regulatory compliance
Willingness and ability to deliver a broad spectrum of work from baseline administrative logistics to strategic planning
Curiosity and eagerness to learn - Squares omnichannel offerings come with a complex security landscape and extensive regulatory compliance obligations
Familiarity with: PCI DSS, ISO 27001, SSAE18, or other compliance standards and frameworks
Strong analytical, strategic, communication, and project management skills
Even better:
Experience and expertise in digital payments security.
Relevant Certification (e.g. PMP, CISA, CISSP) or equivalent demonstrable expertise
Experience with IT-related audits (PCI, SSAE16, ISO27001, Common Criteria EAL2+) and balancing internal engineering and external audit requirements.
Familiarity with a wide range of network and application security assessment tools and methodologies
Additional Information
At Square, our purpose is to empower – within and outside of our walls. In order to build the best tools for the businesses and customers we support all over the world, we have to start at home with a workforce as diverse and empowered as our sellers. To this end, we take great care to evaluate all employees and job applicants equally, based on merit, competence, and qualifications. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or any other characteristic protected by law. We encourage candidates from all backgrounds to apply and always consider qualified applicants with arrest and conviction records, in accordance with the San Francisco Fair Chance Ordinance. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us by sending an email to assistance(at)squareup.com. We will treat your request as confidentially as possible. In your email, please include your name and preferred method of contact, and we will respond as soon as possible. Perks At Square, we want you to be well and thrive. Our global benefits package includes: Healthcare coverage, Retirement Plans, Employee Stock Purchase Program, Meal reimbursements, Wellness perks, Paid parental leave, Flexible time off, Learning and Development resources