This job has expired, please see additional jobs below
Information Security Risk and Compliance Manager
Airbnb
San Francisco, CA, United States
Job Details - this job has expired, please see similar jobs below
Airbnb’s mission is to create a world where people can Belong Anywhere. Airbnb is looking to hire a talented Information Security Risk and Compliance Manager who can help the core Information Security team support the rest of the business.
Responsibilities:
There are initially two core responsibilities for this role. The first is understanding and coordinating information security compliance requirement fulfillment across the company. The role will involve:
• Defining information security compliance requirements collaboratively with the Payments Compliance, Legal and Security teams
• Identifying practices that don’t adhere to defined compliance requirements and ability to prioritize highest leverage projects to remediate risk
• Management of multiple simultaneous compliance initiatives and roadmapping requirements into a prioritized list of executable projects
• Clearly communicating and tracking both risks and progress across projects
• Long-term accountability for information security compliance between and through annual audits
• Building a risk management program
Success will be satisfying compliance requirements in a way that also helps us achieve our top existing security priorities. To do that effectively, the ideal candidate has strong technical experience to understand the existing initiatives and constraints.
The second core responsibility is managing vendor security assessments. This will involve managing risk assessments for a vendor and mapping out security gaps between the vendor and Airbnb’s security goals. The ideal candidate will help us prioritize a roadmap to mature the program.
We are looking for someone who has:
• 7+ years of information security experience
• Experience working with external auditors on compliance initiatives, or experience being an external auditor
• Led multiple major cross-organizational initiatives, ideally in support of information security compliance (e.g. PCI, ISO 270001, HIPAA, SOC2, SOX). Specific experience working with engineering, legal, and finance is beneficial
• Experience building risk management programs for organizations
• Experience working on a defensive security engineering team as a security specialist desirable
Benefits:
• Stock
• Competitive salaries
• Quarterly employee travel coupon
• Paid time off
• Medical, dental, & vision insurance
• Life insurance and disability benefits
• Fitness Discounts
• 401K
• Flexible Spending Accounts
• Apple equipment
• Commuter Subsidies
• Community Involvement (4 hours per month to give back to the community)
• Company sponsored tech talks and happy hours
• Much more...