We are a team of seven security engineers and specialists focused on system, application and network security and compliance of Kiwi.com. Our department was formed a year ago as we realized the need for complex security systems solutions.
We always react to security incidents and learn. But our approach is also proactive. We identify vulnerabilities and security threats, design solutions, find tools or products and suppliers, present our solutions cross teams and implement it. We know where we want to get, we know how, but we need you, skilled professional to join us to take it further.
What you can manage?
Risk and Compliance Manager’s mission is to avoid breaches of legal, statutory, regulatory or contractual obligations related to Information Security and of any security requirements in Kiwi.com. You will act as an Information Security Expert in the matter of ISO 27001/2, PCI DSS frameworks, and internal Security Awareness Program development.
- Manage PCI DSS (Payment Card Industry Data Security Standard) Service Provider L1 Certification – building and administrating compliance program, cooperating with vendors, auditors.
- Develop ISMS (Information Security Management System) based on ISO 27001/2 standard – writing guidelines, designing processes, risk analysis, regular updates, BIA (Business Impact Analysis), BCM (Business Continuity Management), DRP (Disaster Recovery Plan).
- Introduce Security Awareness Program to all employees – leading webinars, tests, workshops.
- Actively participate in internal and external workshops, meetups, conferences or other relevant events.
- Execute and manage internal and external information security audits, incl. close cooperation with the external auditor.
- Vendor Security Assessments – cooperation with the Legal department, vendors, manage the whole process and evidence in a tool.
- Security Incident Response processes – designing new and evaluating of current plans and activities.
- Communication across all departments to assure their compliance with internal information security rules and processes.
- Close cooperation with other members of Information Security and Legal teams – working on projects within Risk and Compliance expertise.
Use your skills and advanced it
- Readiness to prepare content for internal Information Security Awareness program.
- Experience with public speaking on meetups, conference 2+ years of work experience within Risk and Compliance field; 5+ years experience within Information Security.
- Strong understanding of ISO 27001/2 and other ISO guidelines related to managing ISMS in enterprises.
- Knowledge of GDPR, ZoKB, and related law – ability to discuss legal requirements with internal Legal department.
- Ability to write internal information security guidelines, processes and other documentation in English.
- Fluent English (both oral and written) – C1 level is expected.
- Knowledge of PCI DSS and ITIL v3 is a plus.
Why does it rock to work at Kiwi.com?
We believe we’re a fun bunch to work with, and you’ll get to see how IT Security is done in a fresh and global company, talk with people from around the world, and never get bored. You’ll work in one of the most promising tech companies (awarded Forbes Startup of 2017, Super-brand Award 2017, Deloitte Technology Fast 50 – the fastest growing technology company in Central Europe).
- Do, fail, learn – repeat! We understand that mistakes happen and we learn fast.
- We decide which cutting-edge technologies are appropriate for the task.
- We visit and speak at conferences and technological events worldwide.
- We support the local technological community.
- We use our work time wisely with a friendly vacation policy and work schedule.
- We also like to party and hang out together.
- We work, play, relax, workout and even nap in our offices (complete with sauna, gym, masseur, sleeping spots, canteen, chillout zones, free refreshments, etc).
- Dogs, kids, and parties are welcome in our offices.
- We also enjoy common benefits, such as meal vouchers, flexible benefits scheme, sick days, VIP Medical Care, flight vouchers, multisport card, etc.
- Besides a fair salary, we can also look forward to quarterly bonuses dependent on our performance.
- We’re a great team of young, passionate and fun-loving people from across the globe who you’ll love working with. We look forward to you joining our team-buildings and parties!
Your manager to be