Security Compliance Officer

Silverfin

Région

N/A

As our security professional, you should be providing tooling, processes, and guidance to help product managers, developers, and operations follow good security practices when designing a new system.

We're looking for someone who doesn't do security but enables security throughout our whole pipeline.

We feel as if security is undergoing the same type of revolution operations did back in 2009 with DevOps (agile systems administration). We're looking for someone who understands that security is not gatekeeping but enabling.

What’s a Silverfin?

At Silverfin we’re trying to apply the promise of software to the age-old industry of accounting. With our SaaS we’re automating a large chunk of the busy-work that accountants are currently handling manually, and are building new tools so they can provide better services to their customers. We aim to optimize their workflow in such a way that accountants can spend more time on the much more impactful and rewarding work of advising their customers, the business owners.

The good news is we’re succeeding in doing exactly that. Every day more than 15.000 financial service professionals use Silverfin to help and advise more than 200.000 businesses. Our customers adore us! The even better news is there’s still plenty left to work on, and that’s where we hope you come in.

What makes the engineering team at Silverfin special?

We’re a remote-first engineering team of 35 people distributed in 14 different countries. A priority for us is maintaining proper work-life balance. We avoid meetings as much as possible, accept deadlines only when absolutely necessary, and never expect anyone to work longer hours than they’ve signed up for. A day in our working lives is pretty boring, and we feel that’s exactly how it should be.

Working with us means you can be flexible with your schedule. It’s OK to disappear for a few hours in the middle of the day to run some errands, get a haircut, pick up the kids — whatever reason, you don’t need to explain yourself. You also fully decide when you take time off: our team is sufficiently varied and well organized that there are always enough people around to handle the load, and in the rare cases it’s not, we will decrease the load instead of asking people to move their holiday.

Being remote-first means we favor asynchronous communication. We don’t shy away from chatting in Slack, but the important decisions or discussions are done in Gitlab issues, over email, or in our wiki, so there’s a written, persisted record. We’re mindful of maintaining long chunks of focussed time, which means we avoid @-mentions or PMs on Slack, and other triggers and interrupts. We encourage using Slack’s DnD function, especially when you’re not working!

We’d be really happy to welcome you in our ## engineering channel, but it’s not just virtual: we make sure we regularly get to see each other in real life too. Twice a year we fly the whole engineering team together to a different location in Europe, and at least once a year we join up with the rest of the company so we can spend some time together with the other departments.

Responsibilities

  • Establish Policies and Procedures to help the organization keep up with the pace of application development all the while staying secure and compliant.
  • Implement initiatives to create security awareness throughout the whole organisation.
  • Automate core security tasks by embedding security controls early on in the software development lifecycle.
  • Continuous monitoring and remediation of security defects across the application lifecycle including development and maintenance.
  • Be the security advisor for product managers, development and system operations.
  • Help us to set up processes to wade through security questionnaires and certifications. Follow-up on compliance with external auditors, clients, etc. We’re ISO27001 certified and you would play an important role in that going forward.

Requirements

  • Previous experience with an infosec role
  • You're able to work independently
  • You properly document things
  • Strong organizational, prioritization and communication skills
  • You’re a team player
  • Exposure or knowledge of security frameworks like, but not limited to, ISO27001/27005, SOC 2, NIST (800 series, CSF), CIS
  • You have experience with a couple of the following security technologies: Gauntlt, BDD-Security, Brakeman, ZAP, Burp, Dependency-Check, Error-Prone
  • Experience with any of the following is a plus: GitLab-CI, Chef, Ruby, Docker, Kubernetes, Terraform, Penetration testing, Incident Response

Our offer

  • Actual, proper work-life balance
  • A salary range of €80.000 - €128.000 a year
  • Choose your own working hours and work 100% remotely
  • Personal growth training and opportunities
  • Join a distributed remote-first engineering team with 35 colleagues in 14 different countries
  • A refreshing work environment with professional, friendly and welcoming colleagues
  • A €1000 yearly budget for conferences, courses, workshops or other expenses that will improve your skills
  • We offer monthly company-wide Wellbeing Days for all employees (10 days off in 2022)

Be sure to mention the word INSTRUCTIVE when applying to show you read the job post completely. This is a beta feature to avoid spam applicants. Companies can search these words to find applicants that read this and see they're human.

Salary and compensation

$90,000 — $140,000/year

Location

🌏 Worldwide

Silverfin

Société

Silverfin