Technical Lead, Security Assurance

All Postman Open Positions/Technical Lead, Security Assurance

Postman is the world’s leading API collaboration platform with built-in features to simplify each step of API development and streamline collaboration to help our users create better APIs—faster. More than 15 million developers and 500,000 organizations worldwide use Postman’s comprehensive set of built-in tools to support every stage of the API life cycle. With Postman you can design, mock, debug, test, document, monitor, and publish your APIs all in one place and join the future of API-first software.

We're looking for a professional with experience in information security, governance, risk, and compliance. The Technical Lead, Security Assurance will report directly to the Security Assurance Manager and will be responsible for developing, maintaining, and maturing GRC programs and frameworks aligning to the company’s strategic vision and goals.

The right candidate will have knowledge and experience working with and managing various regulations and compliance programs such as: SOC2, ISO 27001, NIST, PCI-DSS, HIPAA, GDPR, and CCPA. The candidate will be comfortable working in a startup environment, experience leading major assurance activities to completion, excellent writing and communication skills, understand the technical nuances behind compliance requirements, and be able to collaborate with our business partners and control owners. You will operate as an internal consulting resource for Postman, advocating for security and risk management processes.

What You’ll Do:

  • Contribute to the development, management, and ongoing improvement of the company InfoSec program, compliance initiatives, risk management, privacy, and overall security assurance

  • Conduct periodic reviews and audits of internal policies, controls and processes, with published reports outlining successes and opportunities for improvement

  • Partner with business and engineering leaders to identify risks and propose mitigation strategies

  • Coordinate and manage compliance audit activities with external auditors and internal control owners to ensure timely and successful completion of audit requirements

  • Collaborate with security teams to ensure our IT environment meets our security requirements

  • Evaluate and contribute to the implementation of technology to streamline and automate manual controls 

  • Monitor the vendor due diligence process including coordinating with Security, Legal, and stakeholders to assess vendor security controls

About You: 

  • 5+ years of hands-on experience in cyber risk, governance, and compliance

  • Ability to identify gaps, create mitigation plans, and work with control owners to implement changes

  • Experience managing or maturing GRC programs, preferably within a high-growth Cloud/SaaS environment

  • Passionate and creative in the use of technology to streamline and automate manual processes 

  • Experience with—and enthusiasm for—working with global, distributed teams

  • Alignment with Postman’s values (you can find them listed on our careers page)

  • Open and outgoing personality with the ability to build relationships across departments and cultures

What Else? (Remote Benefits)

We offer competitive salary and benefits, and a flexible schedule working with a fun, collaborative team. Enjoy full medical coverage, unlimited PTO, and a monthly lunch stipend. (Yes, seriously. We want you to eat well wherever you’re at.) Plus, our wellness program will help you stay healthy from your location with fitness-related reimbursements. Our frequent and fascinating virtual team-building events will keep you connected, while our donation-matching program can support the causes you care about. We’re building a long-term company with an inclusive culture where everyone can be the best version of themselves, and we want you to be part of it. Join us, why dontcha?



Apply Now