We started with a simple idea—that everyone should be able to accept credit cards—and we’ve been rethinking buying and selling ever since.

For sellers, we’re creating one cohesive service to run your entire business, from a register in your pocket to analytics on your laptop. For buyers, we’re making it faster to order from the businesses you love and more fun to pay your friends back.

Buying and selling sound like simple things—and they should be. Somewhere along the way, they got complicated. We’re working hard to make commerce easy for everyone.

This Data Security and Compliance Program Manager will have experience and fluency in the following: IT audit, regulatory and payment brand compliance, information security, and project management.

You will:

• Project manage and lead external security assessments (PCI, EMV, Common Criteria)

• Translate regulatory standards to a technical and business audience

• Manage variance and exception projects: track progress, testing, and communicate status/dependencies/risks across multiple teams

• Work with Square teams to improve internal security controls and corresponding data security and privacy compliance programs while balancing business needs against regulatory risks

• Track industry changes to technical regulatory standards that would impact audit programs

• Maintain relationships with relevant regulatory/industry authorities and internal clients

• Define success metrics, collaborate with multiple departments, communicate issues to executives, and managing the reporting process

You have:

• 5+ years of experience in information security and regulatory compliance

• BA or BS Management Information Systems, Computer Science, and/or equivalent technical field experience

• Experience leading IT related audits, such as: PCI, ISO 27001, SSAE16

• Ability to balance internal engineering and external audit requirements

• Strong analytical, strategic, communication, and project management skills

• Familiarity with a wide range of network and application security assessment tools and methodologies

Even better:

• Direct experience with PCI, SSAE16, ISO27001, and Common Criteria

• Experience with mobile security

• Deep understanding of the payments industry and the payment brand rules

• Experience in managing and addressing various security control issues in systems such as UNIX, Linux, databases, firewalls, routers, wireless environments, and mobile devices

• Relevant Certifications (e.g. CISA, CISSP, CRISC, CISM)

At Square, we value diversity and always treat all employees and job applicants based on merit, qualifications, competence, and talent. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance.