IT Risk and Compliance Manager
Scalefast helps amazing brands develop a successful Direct-to-Consumer online business. Our next-generation technology platform is built to optimize modern e-commerce. Our end-to-end infrastructure includes global merchant-of-record agreements, fulfillment, subscription, loyalty programs, and finance functions to deliver new revenue and delightful brand experiences with a proven track record with global brands.
At Scalefast we are constantly looking for talented people to join our projects. Our start-up environment is very open-minded, we love to test and implement new ideas. If you think you are ready to enjoy your work and be part of our big family, keep reading to see how you match our current needs.
As a member of the security team at Scalefast, you will be working towards raising the bar on security. We will achieve that by working and collaborating with cross-functional teams to provide guidance on security best practices.
The Security Team is responsible for leading and implementing the various initiatives that relate to improving Scalefast's security.
What do we offer?
- Competitive salary and a career path adapted to each person's abilities and experience within a company that is growing continuously
- 2 days a week working from home
- A flexible schedule and total conciliation between work and family life including reduced timetable during one month in summer
- Become part of a multi-cultural company where you can contribute with your experience and learn from the experience of others
- Work with amazing brands
- Get the opportunity to influence the future of our services and platform
- Excellent working environment with frequent social activities (hackathons, Spartan races, quarterly whole-team social event)
- Central Madrid office located an 8-minute walk from Atocha train station, with a bus stop and BiciMad station right outside the office
- Kitchen and dining facilities as well as a fully stocked games room with games consoles etc. - great to disconnect from work for a while and have fun with your colleagues
- Discounted parking space in the office building if you’re coming by car, bicycle parking for those worried about their carbon footprint
Scalefast is seeking an IT Risk and Compliance Manager to join the Security Team. This person will lead the cybersecurity compliance efforts across all company teams. This includes governance, audits, certifications, policies and awareness programs. Will also be responsible for the maintenance of ISMS. Will work closely with our engineering teams to roll out key policies for the wellbeing and risk mitigation of Scalefast. If you like to work together with project managers to prioritize security within the product strategy and make sure everyone is working in an as safe as possible environment, this role is for you.
- Data classification and governance
- Perform gap assessments and readiness assessments on new/existing compliance programs; including CIS, NIST, ISO, SOC and GDPR
- Support the project management of external audits
- Perform supplier risk assessments
- Perform periodic security & privacy controls review which includes controls testing, compliance report reviews, and documentation reviews
- Assess end-to-end risks and controls with the evaluation of existing processes
- Design, document, and implement new security and compliance processes and protocols
- Maintain controls documentation with SMEs and ensure compliance with Internal and External Audit
- Conduct short-notice compliance audits as required with the utmost flexibility and quality standards Investigate suspicious carrier activity and behavior that could pose a risk to Scalefast, our customers, or others
- Meet individual and team goals with the highest standards and diligence
- Achieve audit productivity and quality standards
- At least 4 years of working experience in IT Compliance or related field is required for this position
- Experience auditing cybersecurity in eCommerce / PCI DSS products
- Hands-on working knowledge and experience of either SOX ITGC, SOC2, or ISO 27K
- Experience with PCI/PADSS, Data Privacy and related security policies, processes, and regulations an advantage
- Previous experience dealing with international different regional legislation and cybersecurity requirements
- Experience and working knowledge of security-related technology (e.g. Identity Management tools, Firewalls, etc.)
- Good project management skills
- Technical understanding of the implications of security controls
- Experience in the cloud environment is a plus. English at a professional level, both written and spoken
- Spanish is a plus