Senior Manager, Security Engineering

We’re looking for an experienced information security professional who will be responsible for enhancing SevenRooms’ overall security posture. This individual will establish observability across the organization, mature and manage our incident response, foster a leading security awareness program, and maintain the trust of our customers and prospects. This role will start as an individual contributor with the opportunity to build out a team in the near future.

Leadership

• A strong influence on the organization’s cybersecurity strategy to protect our information assets and safeguard our organization from internal and external threats
• Partner with business stakeholders to be the subject matter expert on technical security concepts, latest security risks, and mitigation strategies
• Own and lead the education of our organization on security awareness and upskill individuals to execute our security objectives
• Build and mentor a team responsible for ensuring adequate security processes and solutions to mitigate or remediate identified risks sufficiently to meet business objectives, contractual and regulatory requirements
• Utilize a measured approach to security, prioritizing our commitments to confidentiality, integrity, and availability based on risk.  
• Discover our information assets, develop a  register and drive the process to establish visibility and telemetry, and develop indicators of compromise/attack.
• Develop and maintain forward-thinking information security policies that are practical yet effective
• Responsible for the implementation of OKRs, and KRIs to track the implementation of the Information Security policy framework and processes that will protect SevenRooms assets
• You will build out the following functional areas:
• Cloud Security
• Platform security
• Corporate security

Platform Security

• Own and lead the assessment, architecture, design, and implementation of secure by default practices and solutions needed to build and operate security in a cloud-first SaaS product
• Take ownership of our SAST tool and liaise with engineering managers to enhance our application security
• Own our security tooling and solutions including security architecture, establishing a SIEM, and security engineering
• Own and lead the implementation of the vulnerability disclosure and bug bounty program 
• Influence and product security roadmap and features

Corporate & Cloud Security

• Partner with IT and our platform squad to ensure that endpoints and mobile devices are appropriately protected from malicious activity and system vulnerabilities
• Own and manage our inbound security questionnaire process, bringing innovative methods to reduce Security friction in the business and increase velocity
• Design and develop an effective vulnerability management program using our GRC tool and work with various stakeholders to articulate risk and prioritize workload for remediation
• Own and enhance our incident response plans and processes  

You’re passionate about information security and remain up to date on the latest security threats, trends and methods. You take a practical yet effective approach toward security concepts that align with our organization’s risk exposure. You’re an enthusiastic individual who tackles all challenges head first and has a willingness to go above and beyond to deliver positive results. You enjoy learning new things, working as a team, and gaining satisfaction and accomplishment from solving complex problems together. You want to make a real difference.

• Thrive in working with high growth, fast-paced environment of 250 - 500 employees
• Experience managing teams of 2 or more direct reports, mentoring and growing a mature and results-driven security team from the ground up
• Practical working experience building and managing effective teams for AppSec, DevSecOps, Corporate Security, and Infrastructure Security 
• Practical experience in securing and configuring GCP (i.e., App Engine, Cloud Datastore, Bigquery, ) and AWS environments  
• Organized and detail-oriented, with strong analytical, problem-solving, and project management skills 
• Critical thinker who can design practical security solutions that add value to the business and achieve our security and compliance commitments
• Effective communicator who can distill complex security concepts into basic terms based on the audience 
• Hands-on experience with compliance requirements and security frameworks that impact IT (SOC2, PCI, ISO2700x, MITRE ATT&CK, NIST-CSF, CIS for GCP) preferred
• CISSP, CCSP, CISM, GIAC, OSCP, CEH or other relevant security-related designation certifications preferred
• Bachelor's degree in Computer Science, Engineering, or Information Technology or equivalent related work experience required

• A fresh start with a flexible and independent working schedule: SevenRooms provides all employees with their first two (2) weeks of employment as paid time off to relax and recharge before starting their journey with us. You’ll also have access to unlimited paid time off, including tenure-based PTO minimums, paid parental leave, and the option to work anywhere at any time.

• Fair and equitable compensation: Our compensation packages are competitive based on external market data. At SevenRooms, you can expect fair pay for your hard work and dedication to helping us transform the hospitality industry. In addition, we also offer equity in our growing organization.

• Comprehensive benefits package: We offer a full slate of benefits for our employees and their families: comprehensive medical, dental, and vision benefits, commuter benefits, gym reimbursement, 401K plan, and unique wellness offerings that include One Medical, Spring Health, Carrot, and Headspace.  

• Employee programs and recognition: Through our Roomie’s Choice program, all employees at SevenRooms receive a monthly stipend to spend however they see fit. You’ll receive an additional monthly dining credit to use towards SevenRooms clients and a unique milestone reward for every year you’re a part of our team.

• Opportunities for training and professional development: Your manager will partner with you on establishing quarterly objectives that not only benefit the company but aid in your overall career development and advancement. SevenRooms also provides financial support for continuing education, certifications, or participation in external training programs.

SevenRooms is trusted by thousands of hospitality operators around the globe, from local independent restaurants to multi-concept hospitality groups like MGM Resorts International, Wolfgang Puck, Mandarin Oriental Hotel Group, Bloomin' Brands and more. Together with our clients, we power tens of millions of guest experiences across the globe every month.  

Founded in 2011, SevenRooms is venture-backed by Amazon, Comcast Ventures and Providence Strategic Growth. We were included on Inc.‘s annual Best Workplaces & Forbes’ Best Startup Employers lists in 2020.

SevenRooms is an equal opportunity workplace and an affirmative action employer. We welcome all qualified applicants regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, marital status, disability, gender identity, or veteran status. We understand the importance of creating a more diverse and inclusive workplace and celebrate our employees for their differences.

View our Prospective Employee Privacy Notice by visiting https://bit.ly/3iUUpYK

#LI-Remote