We are united by a single aim and the great joy that comes from knowing that our work benefits local economies, small businesses, and homes. We’re looking for people who prioritize our mission by advocating for professionals and consumers, embracing change, and choosing cooperation every day.
The Senior Information Security Manager will be a member of the Global Information Security team. A security application engineer, a security infrastructure engineer, a technical program manager, a cyber security analyst, and a compliance analyst make up this team. This team is in charge of the organization’s overall security practices and guarantees alignment with Thumbtack’s commercial objectives. Members of this team are responsible for lobbying and educating the organization on security best practices.
About the job:
As a Senior Information Security Manager, you are a data and cybersecurity defender; you can think on your feet and make rapid and effective judgments on any information security issue that may emerge within the firm. have a solid awareness of Philippine cybersecurity rules and can analyze processes, systems, data, and events related to information security. You are capable of making helpful recommendations to the management team and mitigating security threats, thus contributing to the highest level of information security for our workers, professionals, and customers.
Responsibilities of the job:
As a Senior Information Security Manager, you will be Thumbtack PH’s “Analyst-in-Chief” for assessing an information security problem and responding properly. You will be responsible for implementing, executing, and monitoring Information Security processes and procedures in accordance with Thumbtack’s policies and government standards. You will contribute to the alignment of the IS Framework, IS Strategic Plan, and IS Programs with both the Global IS and Thumbtack’s business goals.
- Collaboration with the Global IS Director, TPH and US IT, and SiteOps Managers
- To verify compliance with global security policies, monitor regional network, system, and tool usage.
- Work with IT Systems & Network, IT Endpoint, and Platform Engineering to monitor, identify vulnerabilities, and build and implement security plans.
- Stay updated with changes in IT security requirements and threats.
- Conduct penetration testing to identify weaknesses and develop mitigation strategies.
- Create catastrophe recovery plans by simulating security breaches.
- Improve security by working with management and the IT department.
- Attempt to incorporate security into SaaS/software, systems, networks, and cloud platforms throughout the development stages.
Requirements for the job:
Must Have:
- A Bachelor’s or Master’s degree in IT, CS, computer engineering, or a closely related discipline.
- A minimum of of 8 years of working experience in IT, information security, and IT management.
- IS CompTIA Security certification is highly desired.
- Knowledge of many security technologies and concepts, including but not limited to VA/PT, SIM/SIEM, DLP gateway and endpoints, IPS/IDS, WAF, CASB, Cloud security, IAM, Cyber Incident Response, and Digital Forensics.
Nice to have:
- IS Certifications such as CISM, CISA, and CISSP, among others.
- Programming expertise (Golang, Python, PHP, UNIX shell scripting, etc. )
- Understanding of information technology and information security principles and best practices (e.g., ITIL, ISO 27001)
- Experience and certification in PCI-DSS compliance
Benefits :
- Virtual-first working approach supplemented by quarterly in-person events and Camp Thumbtack
- San Francisco, Salt Lake City, Toronto, and Manila have libraries (collaborative workspaces).
- Stipends for home office setup,internet and remote work support,
- Employee Assistance Program and Subscriptions for well-being and mental health(North America only)
