tldr; We are looking for a lead security analyst who has experience driving major assurance initiatives such as SOC2, ISO 27001, NIST, PCI-DSS, GDPR, and/or CCPA.
Who Are We?
Postman is the world’s leading collaboration platform for API development. Our app simplifies each step of the API building process and streamlines collaboration. More than 17 million developers and 500,000 organizations worldwide currently use Postman. We recently raised our Series-D at a $5.6 billion valuation.
The team is responsible for handling all aspects of information security, governance, risk, and compliance. We are looking for a lead to join us who will be responsible for developing, maintaining, and maturing our GRC programs and aligning our frameworks to the company's strategic vision and goals.
The team is focused on working with and managing various regulations and compliance programs such as: SOC2, ISO 27001, NIST, PCI-DSS, GDPR, and CCPA. We operate as an internal consulting resource for Postman, advocating for security and risk management processes.
How We Operate.
Since we are a globally distributed team, we measure outcomes, not hours. We operate from a deep sense of our values, and strive to build the best products for the entire developer community.
What You'll Do.
- Contribute to the development, management, and ongoing improvement of the company InfoSec program, compliance initiatives, risk management, privacy, and overall security assurance.
- Conduct periodic reviews and audits of internal policies, controls and processes, with published reports outlining successes and opportunities for improvement.
- Partner with business and engineering leaders to identify risks and propose mitigation strategies.
- Coordinate and manage compliance audit activities with external auditors and internal control owners to ensure timely and successful completion of audit requirements.
- Collaborate with security teams to ensure our IT environment meets our security requirements.
- Evaluate and contribute to the implementation of technology to streamline and automate manual controls.
- Monitor the vendor due diligence process including coordinating with Security, Legal, and stakeholders to assess vendor security controls.
- 7+ years of hands-on experience in cyber risk, governance, and compliance.
- Ability to identify gaps, create mitigation plans, and work with control owners to implement changes.
- Experience managing or maturing GRC programs, preferably within a high-growth Cloud/SaaS environment.
- Passionate and creative in the use of technology to streamline and automate manual processes .
- Experience with—and enthusiasm for—working with global, distributed teams.
- Open and outgoing personality with the ability to build relationships across departments and cultures.
We offer competitive salaries and benefits, and a flexible schedule working with a fun, collaborative team. Enjoy full medical coverage, unlimited PTO, and a monthly lunch stipend. (Yes, seriously. We want you to eat well wherever you’re at.) Plus, our wellness program will help you stay healthy from your location with fitness-related reimbursements. Our frequent and fascinating virtual team-building events will keep you connected, while our donation-matching program can support the causes you care about. We’re building a long-term company with an inclusive culture where everyone can be the best version of themselves, and we want you to be part of it. Join us, why dontcha?