Senior Information Security Specialist

Job Description

Every day, millions of people from over 190 countries trust us to handle their precious creative ideas.

Since making our name with quick & simple file-sharing, WeTransfer has evolved to help creators organize, share, and get feedback on their work – from inception right up to delivery. We showcase the best brands to more than 80 million users per month, and our editorial platform WePresent has championed unexpected stories of creativity from around the globe and features collaborations from world-famous artists, too.

Sounds like fun, right? Allow us to sweeten the deal: as a certified B Corporation, we do all of this while using business as a force for good, balancing people, the planet, and profit along the way.

In March 2020, WeTransfer was designated as a Certified B Corporation, confirming its ambition to strengthen its values-driven approach to responsible technology and business. As a certified B Corporation™, WeTransfer supports issues such as climate change by maintaining a climate-neutral status and aiming to reduce its carbon footprint by 30% by 2025. The company is also focused on promoting diversity and inclusion and championing employee mental health.

Senior Information Security Specialist

At WeTransfer we are trusted everyday by millions of people with their professional, creative and personal content. We focus on making 'beautifully obvious' products, and our goal is to bring 'beautifully secure' to life as well. Security should not come at the expense of user experience, rather it is an integral part of keeping our users in their flow, creating comfort in the knowledge that their hard work is well protected.

As a Senior Information Security Specialist at WeTransfer you will focus on information security governance risk and compliance and will contribute to our commitment to maintaining the highest standards of information security by continually enhancing our security posture. You will perform a key role in driving forward, expanding and implementing our security program, raising the awareness level across the organization and ensuring that we follow the security best-practices. You will be part of the team that is responsible for helping to build a persistent, positive, and most of all sustainable security culture. We believe in a security culture that is less about jumping down people's throats than it is teaching them how to improve.

What you’ll be doing :

The Senior Information Security Specialist will play a pivotal role in both the strategic and operational aspects of our information security program. You will work on key projects and initiatives throughout the organization and you will collaborate closely with stakeholders across teams. You will have to coordinate with colleagues across the organization to drive an effective implementation of our security program, standards and guidelines by providing fit for purpose security recommendations. You are expected to lead the efforts around maintaining our security certification, managing our risk management program, advising on new investments, recognise areas of improvement and come up with implementation plans. We expect you to have a pragmatic and positive approach while solving complex problems and overcoming challenges.

We aim to balance the stiffness of security standards with the creative way of working that WeTransfer has.

Amongst other things, you will:

• Together with the Director of Security develop, implement, and maintain a comprehensive information security strategy aligned with business objectives and regulatory requirements

• Drive our ISMS maintenance and improvement within the ISO27001 framework

• Own our Governance, Risk and Compliance tooling and operations

• Successfully drive the organization through (re)certification processes, including internal and external audit preparations and remediation efforts

• Identify areas of future investments and guide the organization towards successful completion of the goals

• Work closely with Legal, People & Places and IT-Services

• Work on cultivating a security mentality across the organization

• Ensure that our third party relationships are meeting our security standards

• Develop and maintain comprehensive documentation, including security policies, procedures, and quarterly reports

What we are looking for :

• Solid and proven knowledge of ISO27001 and SOC2 standards and familiarity with PCI-DSS

• Proven experience in working within a product organization in a cloud native environment

• Proven experience in operating GRC tools

• Holding an ISO/IEC 27001 Lead Implementer/Auditor certification

• Hands-on experience in developing, implementing and maintaining Information Security policies

• Being able to define initiatives, with defined timelines and clear business purposes, as well as deliver within the agreed timeframe

• Proven experience with InfoSec audits and a successful track of record in achieving and maintaining certifications

• Ability to lead complex projects and establish collaborative relationships with different teams

• Deep technical knowledge of security concepts covering network security, application security, cloud security, and threat management

• Excellent problem-solving, analytical, and communication skills.

It's a plus if you hold a CISSP, CISM, CISA or comparable certification. Coding or scripting skills are also welcome.