Job Description

We are connecting the world and empowering people through payments. Our app makes moving money simple, makes an awkward conversation a fun experience and changes our users' lives for the better. We want a place on your phone's home screen and we work every day to ensure we earn that honor.

On the inside, we are teeming with talent. We believe that innovation is fostered in an environment that values intellectual curiosity and the joy of learning. Our team is made up of thinkers, idealists, and high-energy yes-we-can-ers who have found an app and a workplace that we love. Fueled by Kind bars and green tea (and plenty of other healthy snacks), we are looking for people who challenge us, inspire us, and want to problem solve with us. In a phrase: we are looking for people to come and Venmo with us.

Information Security at Venmo

We are seeking an intelligent, motivated, and experienced security manager to join Venmo’s Information Security team. Our ideal candidate is excited with the opportunity to innovate on the cutting edge of secure mobile and cloud services through deep technical security knowledge and a solid work ethic. In this role, you will report directly the head of our Core Architecture organization and be our representative to other business units as a subject matter expert on all things relating to information security at Venmo. This position is a technical managerial position, in which the ideal candidate will be able to function from not only a people, process, and planning perspective but also be a key contributor to security architecture and technology decisions. This role will also hold the responsibility of being the key director of all information security related projects and compliance decisions for Venmo. As the manager of Information Security and Compliance, you will be looked to as a leader in defining, communicating, planning, and executing on all company and business unit goals in the security and compliance space.

A typical day might include working with your team in identifying a potential application vulnerability, building and responding to security alerts, or working with our Product and technical teams to design a new platform feature securely. You will be managing the direction of our growing suite of advanced tools and identifying opportunities for improvements in our mobile and cloud platform as well as the cross-functional team that supports them.

If you are up to the challenge and want to join our front line make moving money simple, please contact us immediately.

Responsibilities

• Drive application and network security activities for all facets of Venmo
• Manage a team of highly skilled security and platform engineers in a devops model
• Evaluate, design, deploy, support, and monitor information security systems
• Identify security exposures and develop mitigation plans
• Build and execute on project roadmaps
• Work with the technical operations team to implement information security solutions
• Plan and run security awareness exercises and teach secure behavior and methods
• Lead and manage security incident response activities and forensic investigations
• Lead the implementation of best-practice security procedures, standards, and guidelines
• Support Venmo in developing and maturing their own application security program
• Lead compliance activates such as external audits from customers, regulatory compliance projects, and overall information security reviews
• Support integration with the PayPal Information Security and be central point of contact
• Engage in cross business unit Security teams as the lead representative for Venmo

Requirements

• Minimum 8 years of on the job information security experience
• Minimum 5 years managing technical teams
• Experience working with and managing application security programs in an agile environment
• Bachelor’s degree in Computer Science/Engineering/Information Security or equivalent work experience
• CISSP, CISM, CISA, Security+ or comparable Information Security Assurance certification
• Experience with financial industry security governance, including PCI DSS, SOC2 and state regulations
• Self-starter, able to work with a mix of technical and non-technical clients
• Strong documentation skills are a must
• Ability to perform technical risk assessments, triage security-testing results and manage security response actions.
• Ability to manage a team of engineers to drive completion of projects and initiatives
• Demonstrable expertise in:
• Linux / Windows / workstation / mobile device security hardening
• Understanding Cloud Security best practices
• External Regulatory compliance efforts, specifically PCI DSS
• Secure Development Lifecycle practices and methods
• Technical monitoring, troubleshooting, impact determination, and problem solving
• Vulnerability and penetration testing
• Experience researching, implementing and administration of security infrastructure
• Application vulnerability and Web Application protection solutions
• Cloud based IaaS/PaaS knowledge and understanding (AWS/Azure/GCP)
• Intrusion protection, firewalls, and SIEM tools
• File integrity monitoring, data loss prevention, and network access control
• Event log aggregation and analysis

We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates. Please don't hesitate to apply.