SpotMe is the leader in enterprise engagement platforms for virtual and hybrid events. Our mission is to challenge the status quo to create greater experiences for customers and employees. SpotMe is used by over 2 million users and 80 Fortune 500 brands like L’Oréal, SAP and Pfizer.
This is a new and exciting time. Virtual is the way people work, meet, and interact. With SpotMe Anywhere, we are not following trends, we are shaping them.
Behind the magic stands a curious, diligent, and humble team of professionals from 30 nationalities. A team that feels a deep pride in the work they do, a team that stayed positive and quickly adapted to the new world. In 8 weeks, we shipped a new product and we have been experiencing a 15x demand since our launch.
If working with our team in shaping the future sounds like the opportunity you're looking for then let us get to know you by submitting your resume. You will be free to decide when you want to work from home, and when you come to the office. In fact, you can work from anywhere you want in Europe or the USA.
In this role, you will be providing support in maturing and optimizing information security and compliance across SpotMe global operations, and reporting directly to the CEO.
- Responsible for SpotMe’s information security programs and strategic projects to further strengthen SpotMe information security governance
- Responsible for the design, implementation, review and audit of new and existing security controls
- Responsible for the ISO27001 certification
- Manage SpotMe’s existing security compliance and audit programs (including SOC 2 reporting, penetration testing, network & vulnerability scanning) as well as customer-initiated audits
- Respond to information security and data privacy due diligence requests from customers
- Conduct risk assessments with internal parties and with 3rd party vendors; monitor and support reporting on risk reduction activities; drive corrective actions to mitigate vulnerability risks
- Support executive and technology management with organization, process and architecture recommendations; define the organizational security posture, best practices, mailing lists and threat intelligence feeds reviews, as well as input to security governance and policy
- Conduct internal audits to ensure that compliance towards established standards is maintained
- Foster a security culture with the teams and deliver annual internal training programs
- Govern disaster recovery (DR) and business continuity (BC) plans and related procedures
- Maintain documentation of projects, plans and actions taken towards information security
- Report to executive and engineering teams on governance and policy violations
Required skills and experience:
- 3+ years of experience in information security, auditing or consulting with high-growth technology businesses
- Understanding of, and implementation experience with ISO 27001:2013 and AICPA SOC 2 attestation standards
- Understanding of, and compliance experience with the EU General Data Protection Regulation (GDPR)
- Knowledge of common vulnerability frameworks and system, application and database hardening techniques and practices
- Knowledge of networking standards (Ethernet, WLAN, TCP/IP, DNS) and Linux networking tools
- CISSP certification or equivalent is required
- Excellent English in verbal and written communications
- Keen to deliver to the highest existing standard with an uncompromised attention to detail
- Deliver on time and to specification levels
- Confident, proactive, self-starter, organized
- Collaborative approach to problem-solving
- This is an independent role that requires a team player for implementation
- Willing and able to take responsibility for his/her actions and for the team delivery
- Curios and open minded
- Excellent listening and communication skills, as well as willingness to help others
- Possesses a solid dose of common sense
Do you want to join us in this exciting adventure? Please do not hesitate to reach out to us.