IT Security Auditor

  • Bucharest, Romania
  • Employees can work remotely
  • Full-time
  • Department: Infosec

Company Description

About Tradeshift

Tradeshift is a unicorn in the fintech industry. We are disrupting a typically stagnant environment by connecting companies of all sizes and providing them with the platform and network needed to create value from old processes like procurement, invoicing, payments, and workflow. We recognize that business is both messy and social - two revelations that have driven the development of Tradeshift, a platform for all your business interactions. We work hard and our teams have great freedom and responsibility to choose the best solutions, technologies and approaches to evolve the product to the next level.

We believe that being a global, multicultural company is a tremendous strength and we have people working from 18 different countries with hubs in Bucharest, Copenhagen, Kuala Lumpur, and San Francisco. We believe that if we truly focus on how to work distributed and collaborate across locations and (home) offices, we will not only enjoy work more but also build better products for our customers, and ultimately be a better company. 

Job Description

About The Role

We are looking for a strong IT security auditor who will be responsible for ensuring we remain compliant with the various standards required as operators of one of the largest B2B SaaS networks in the world.

A key driver for success will be working collaboratively with the leadership of various departments to solicit input, drive training and awareness and ensure compliance with policies throughout the year. The role will also be responsible to define, monitor and report on key metrics related to the overall performance of the IT internal audit program to the Tradeshift CISO.

What You’ll Be Doing

  • Working within the Infosec team to ensure effectiveness of and compliance with our internal audit controls throughout the year
  • Engaging with our auditors to facilitate the annual audit process
  • Validating and evolving policies, standards and procedures to ensure alignment with standards including PCI, SOC 1, SOC 2 and ISO 27001
  • Helping internal teams to refine controls and policies to ensure compliance with requirements in an efficient manner.
  • Collaborating with various technical teams to integrate best practices from NIST, CIS and CSF guidelines into our existing program
  • Defining, monitoring and reporting on key metrics related to the overall performance of the IT internal audit program
  • Driving meaningful discussions across the business to continually move our security posture forward.


Let’s Connect If You Have…

  • A very strong collaborative spirit. We’re all in this together and are all here to make the business succeed. We point out flaws only as part of a discussion to build the solution.
  • Proven ability to run an internal audit function to ensure compliance with PCI, SOC 1, SOC 2 and ISO 27001 standards
  • Experience in performing design and effectiveness testing on different information security standards and controls
  • Knowledge of cloud computing and software development concepts. This requires sufficient technical knowledge to critically discuss engineering proposals for, as an example, hardening containers in Kubernetes to ensure they meet control objectives.
  • A strong background in continuous improvement. Gaps happen. It’s how we respond and use them to get better that matters most.
  • Ability to translate technical requirements for non-technical teams to help them ensure control design and operation meets our needs.
  • One or more relevant industry-standard security certifications highly desired - CISA, CISSP, CRISC or CISM

Additional Information

We value diversity at our company. Tradeshift prohibits unlawful discrimination based on race, color, religious or religious creed, sex, sexual orientation, gender, age, marital status, veteran status, disability status or any other consideration made unlawful by applicable federal, state, or local laws. All your information will be kept confidential according to GDPR guidelines. 


Privacy Policy