Sr. Manager, Information Security & Compliance
Something about us...
App Annie is the industry’s most trusted mobile data and analytics platform. Our mission is to help customers create winning mobile experiences and achieve excellence. We created the mobile app data market and are committed to delivering the industry’s most complete mobile performance offering. More than 1,200 enterprise clients and 1 million registered users across the globe and spanning all industries rely on App Annie as the standard to revolutionize their mobile business. We are headquartered in San Francisco with 12 offices worldwide.
Along with a market defining product, we take great pride in our culture and values and strive to embody them daily! We set a high bar for our success and have made Excellence as our standard, hold each other Accountable, continuously push Innovation and Win with Style.
What can you tell your friends when they ask you what you do?
I am responsible for overseeing security assurance programs, reporting on compliance levels, identifying non-compliance issues and security vulnerabilities, and managing remediation activities. An important part of the role is leading the end-to-end process of vulnerability identification, investigation, remediation, verification and continuous process improvement including automation. This mission critical role acts as the central conductor for required technical and project related activities across a matrixed organization. The mission of this position is to build and leverage a Security Assurance program (including vulnerability management) that will proactively reduce cyber risk to the organization.
You will be responsible for and take pride in….
- Coordinate the implementation of System Security programs across Cloud infrastructure platforms and establish continued vulnerability reporting criteria
- Conduct extensive investigations and analysis of largely undefined factors and conditions to determine the nature and scope of System Security problems and devise effective and efficient solutions
- Responsible for reviewing proposed new systems, networks, and software designs for potential System Security risks and resolving integration issues related to the implementation of new systems with the existing Cloud infrastructure
- Conduct the monitoring of new or emerging information technologies to assist in the identification of most effective approach or methodology to be applied in securing the Cloud infrastructures.
- Advise management or decision makers on System Security shortfalls and areas needing improvement or modification
- Implement higher-level System Security requirements such as those resulting from laws, regulations, or Government directives by developing long-range plans for System Security systems that anticipate, identify, evaluate, mitigate, and minimize risks associated with Cloud infrastructures’ vulnerabilities
- Ensures forensic and malware analytical activities are conducted within the organizations Cloud infrastructure platforms according to internal standards
- Help drive and support internal privacy programs including the EU-US Privacy Shield and Swiss-US Privacy Shield, etc.
- Lead, coordinate and manage internal and external assessments of lead privacy program and processes.
- Support internal privacy processes such as subject access requests, data records of processing activities, and privacy impact assessments.
- Support the development and maintain privacy documentation such as privacy notices and policies.
- Collaborate with business owners to prioritize projects and solutions to reduce privacy risk and improve compliance.
- Support the review of new product features and designs and provide guidance on requirements impacting App Annie privacy compliance framework.
- Support accurately and effectively App Annie’s privacy program to customers.
- Educate and train process owners about privacy and data protection.
You should recognize yourself in the following…
- Minimum of 5+ years of experience in determining the appropriate System Security products or services with stakeholder Government customers to define a project scope, requirements and deliverables
- Minimum of 5+ years of experience in providing high level technical advice and counsel to top management and other key officials on matters relating to new or modified IT policies and programs that affect or relate to current and existing System Security functions and programs
- Minimum of 5+ years of experience in Privacy, Data Protection, Privacy Engineering, and/or Information Security Compliance.
- Minimum of 3+ years' experience ensuring the confidentiality, availability and integrity of IT systems through full compliance with the Federal Information Security Management Act and IT security policies and standards of various Government customers (i.e. Civil, DoD, USIC)
- Minimum of 3+ years' experience architecting information systems for accreditation under ICD 503, NIST SP 800-53 controls
- BS level technical degree required; Computer Science or Math background preferred
- This position requires that the candidate selected be a U.S. citizen and must currently possess and maintain an active TS/SCI security clearance with polygraph.
- Experience with regional privacy requirements throughout Asia, Europe, and the US and negotiating data protection agreements with customers and vendors.
- Expertise with topics such as EU-US and Swiss-US Privacy Shield, GDPR, data controllers, and data processors.
- Familiarity with security and privacy standards such as SOC, ISO 27001, ISO 27018, EU-US Privacy Shield and Swiss-US Privacy Shield, etc.
- Demonstrated experience in developing and managing a privacy compliance program that balances risk and the needs of the business.
- Experience with Software-as-a-Service or cloud service providers industry challenges.
- Excellent interpersonal, verbal, and written communication skills with the ability to communicate privacy concepts to a broad range of technical and non-technical staff.
- Demonstrated success working with internal audit, external auditors, outside consultants, and legal counsel.
- Equally comfortable working with other members of the team, as well as independently.
- Strong technical foundation to be able to develop App Annie privacy program best practices based on compliance requirements and App Annie systems and processes.
- Ability to manage multiple projects and deliver quality work to deadlines
- CIPP, CIPM, CIPT, CISSP, or other related certifications
- Experience in making recommendations for resolving System Security problems and requirements for multiple platforms that utilize a common Cloud infrastructure that Government customers leverage as an enterprise compute environment
- Delivery - Engagements that include projects proving the use of AWS cloud services to support new secure computing solutions that often span the Governments customers’ enterprise infrastructure. Engagements will include the secure migration of existing applications and development of new applications using AWS cloud services
- Experience in application security architecture, security code reviews, security testing, incident response, or security infrastructure
- Experience working with Risk Management Framework (RMF) and Security Controls Traceability Matrix (SCTM)
- Experience with Amazon Web Services
- Developing and interpreting policies, procedures, and strategies governing the planning and delivery of System Security services throughout an enterprise Cloud infrastructure;
- Providing technical advice, guidance, and recommendations to high level management officials and technical staff on critical System Security issues
- Applying knowledge of IT project management principles, methods, and practices to develop plans and schedules, estimate resource requirements, define milestones and deliverables, monitor activities, and evaluate and report on accomplishments
- Demonstrated experience administering Linux and Windows operating systems in accordance with applicable security controls
What we offer…
- We provide a WFH allowance to set you up for remote work success.
- Internet allowance for stable internet connection, so your video does not freeze on Zoom.
- Flexible working days. We love to meet, but if you need to get your kids behind school-zoom, need to leave early to get to your band repetition or gym classes, do your thing.
- Paid leave, so long as you promise to come back!
- Health and dental benefits.
- An international team of talented and engaged people from different cultural backgrounds and locations.
- Wellbeing allowance for any activity that matters to your wellbeing; (online) gym classes, fitness equipment, mindfulness apps or even childcare support!
- Unlimited access to online learning platform Udemy to help you develop your skills.
- Virtual initiatives and events to keep you connected with your colleagues.
Yes, I want this job!