Location: remote Customers all over the world trust minted with their memories, and maintaining the security of our users' information is a top priorityThe director of information security at minted will leverage their technical, organizational and communication skills to continuously improve minted's security posture and maturity levelThis is a hands-on role where you will get to have a broad scope and a broad and meaningful positive impact on minted's customers and artist community. You will collaborate with employees both inside and outside of the technology team to implement and monitor the status of security controls and work cross-functionally with departments as necessary to continuously improve minted's maturity level against those controls.
Manage the identification, development and implementation of global security policy, standards, guidelines and procedures and automation to ensure ongoing compliance. Prioritize security initiatives. Advocate security and secure practices, both in the engineering team and company-wide. Develop emergency procedures and incident responses. Actively monitor for, investigate and analyze security incidents. Recruit and manage a small technical team dedicated to application and infrastructure security. Oversee evaluation of vendors for security practices and standards. Oversee safeguarding of intellectual property and computer systems. Develop network access and monitoring policies. Partner with software engineers to identify and fix security flaws and vulnerabilities, including doing code reviews and audits, design reviews, upgrading software libraries, and updating application code without causing regressions. Research and identify new attack vectors. Do other work that will improve the information security posture of minted.
Organized and highly detail oriented. Passionate about information security. Experienced with security issues native to linux (and ideally windows) operating systems. Fluent with information security issues specific to web development, like the owasp top 10. Experienced with network security, especially in a cloud environment like aws or gcp and/or with containerized runtimes like kubernetes. Experienced with industry standard security frameworks such as soc2, cis, iso 127001 and nist