Sr. Security Engineer Zuora
THIS JOB HAS EXPIRED Responsibilities:
Develop, implement and monitor a strategic, comprehensive enterprise information security and risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed
Provide thoughtful leadership, set architectural strategy, and facilitate best practices that enable
Sparrow to leverage advanced security technologies. Provide strategic and tactical security guidance for all projects, including the evaluation and recommendation of technical controls.
Manage all threats, risks, and vulnerabilities applicable to the business, including evaluation of current state and establishing sufficient mitigation strategies and plans Identify, evaluate, and report on information security risks in a manner that meets compliance and regulatory requirements.
Establish standards for secure application development, including oversight and management of all pertinent security requirements, security testing, and security audits for Zuora?s operations worldwide.
Meets financial requirements by submitting information for budgets, monitoring, and expenses pertaining to the information security program.
Monitor and advise on information security issues related to the systems, processes and product workflow to ensure internal security controls for the company are adequate and operating as intended.
Develop and publish Information Security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements.
Provide subject matter expertise to executive management on a broad range of information security standards, best practices and frameworks such as PCI, SSAE16, ISO 27001/27002, COBIT, FedRAMP, FISMA, ISAE 3402, and US-EU/US-Swiss Safe Harbor. Manage and drive internal and external audits and assessments toward certification on a timely basis.
Conduct company-wide data classification assessment and security audits and manage remediation plans. Establish standards and processes for global information security incident response.
Collaborate with internal and external stakeholders, such as management, legal, safety and security, and law enforcement agencies to manage security vulnerabilities, threats, and risks.
Establish, manage and maintain a comprehensive global security awareness program
BA or BS in Computer Science, Management Information Systems, or related field. Advanced degree desirable. Eight+ years of progressive experience in computing and information security, including experience with Internet technology, security, and payments. Experience should include security policy development, security education, web application security, network security, network penetration testing, application vulnerability assessments, risk analysis and compliance testing. CISSP required. CISA, CISM, GIAC, SANS, CSA and other security certifications highly desirable. Knowledge of information security standards (e.g., ISO 27001/27002, etc.), rules and regulations related to information security and data confidentiality (e.g., PCI, NIST, NSA, CIS, NVD, etc.) Strong analytical and problem solving skills. Excellent communication (oral, written, presentation), interpersonal and consultative skills.
Web Application Security
IT Compliance Standards (PCI, SSAE16 ISO, ITIL), Security Standards and Policies Security Assessment and Audit Security
Program Management Public Key Infrastructure (PKI)
||1400 Bridge Parkway |
Redwood City, CA 94065
THIS JOB HAS EXPIRED