Very Good Security (“VGS”) makes it easy for customers to collect, protect and share sensitive financial data in a way that accelerates revenue, eliminates risk, ensures compliance, and drives profitability. We are on a mission to protect the world’s payment information and are seeking global talent to support our portfolio of payment security solutions including VGS Vault, PCI Compliance as a Service (PCIaaS), Payment Optimization. and Card Issuance Products.
VGS delivers a modern solution to collect, protect, and exchange sensitive data that spans from data privacy to payment acceptance and card issuance; providing businesses with tokenization, PCI compliance, data security, processor optionality, and the ability to operate on that data without compromising their security posture. VGS delivers a modern payments security solution that gives businesses ownership and control over critically valuable customer data, granting them maximum portability, operationally and value extraction to seamlessly drive expansion, and quickly build new financial products.
VGS is looking for an experienced hands-on specialist with a governance, risk, compliance and privacy background to join our Compliance team. The candidate will be a key liaison between Compliance and Legal, Security, Product Engineering, Infrastructure, HR, Finance and company business functions. The ideal candidate will be a technically experienced and innovative professional who has the ability to understand technical processes, is able to drive changes through multiple teams as well as external consumer and partner organizations, is able to simplify and decompose data security compliance requirements into clear technical specifications and organizational processes to provide a clear path to Compliance cross-functionally, and can assist in improving evidence collection methodologies.
What you will be doing at VGS
Reporting to the Head of Security & Compliance, this is an opportunity to help scale a cutting edge program and set an industry standard for GRC and Privacy. This position will include the following responsibilities:
GRC Responsibilities
- Assist in creation and maintenance of Information Security Management System policies
- Perform security risk assessments to identify gaps, come up with recommendations and drive the gaps to completion
- Support a cross-functional governance program to ensure continuous compliance with policies and standards and collect and validate audit evidence. Drive remediation of any identified gaps
- Develop and report on metrics to track security program effectiveness and to report risk
- Organize and write supporting documents for Policies and Standards (procedures and guidelines)
- Keep the necessary documentation reviewed and updated
- Perform vendor security and privacy reviews
- Assist in coordinating external audit activities (scheduling, training interviewees, collecting and presenting evidence, internal reporting and communications)
- Mentoring and training junior staff
- Advise product and engineering teams on compliance of new products or features.
- Help develop technical specifications and an overarching product roadmap that enables our customers to achieve best-in-class security and prepared to face up-coming compliance requirements
- Recommend tooling and vendors to streamline compliance or compliance management.
- Collaborate with Security and Engineering to develop tools and strategies to support efficient evidence collection and control enforcement in a repeatable, scalable fashion
- Create and improve internal and external educational material, customer communications and assist with external community engagement
- Assist in performing/creating annual and onboarding trainings to educate personnel and re-iterate security and compliance requirements
- Train staff on general PCI compliance principals relevant to their role
- Contribute to ongoing improvement in compliance streams in customer facing compliance delivery
- Actively contribute to internal compliance practice
- Advise customers and prospects on compliance frameworks
Privacy Responsibilities
- Assist in growing the Company’s privacy and data governance program.
- Serve as the primary point of contact for employees in relation to privacy escalations, and privacy impact assessments.
- Provide privacy training to employees and serve as a SME to customers and prospects.
- Prepare data protection impact assessments for vendors that will process personal data.
- Maintain the Company’s data inventory by maintaining the record of processing activities (ROPAs).
- Support the performance and perform validation of evidence provided of recurring security and privacy tasks maintenance to help ensure compliance with VGS policies and privacy/data protection laws, regulations and guidelines.
- Support the facilitation of appropriate GDPR compliance procedures and training.
- Support internal departments in addressing and integrating privacy requirements. (Privacy by Design)
- Support and make recommendations that facilitate the continuous improvement of training policies and standard operating procedures for the protection of personal data.
- Support and make recommendations that update internal functions on data protection and privacy legal regulatory requirements that may affect them.
- Advise customers and prospects on privacy frameworks
What we are looking for from you (Requirements)
Basic Qualifications
- Bachelor’s Degree (or equivalent) in Computer Science, Information Systems Management, Mathematics, Informatics, Accounting/Auditing, or other related fields.
- Minimum of 3 years of experience in security, compliance, or privacy work in support of a highly technical environment.
- 3+ years of experience performing and/or leading technical assessments in direct support of a major compliance effort (e.g. PCI, GDPR, SOC2, ISO27k1, HIPAA, FISMA, FedRAMP, etc.).
Preferred Qualifications
- Industry Certifications (CISSP, CIPP, CCSP, AWS, PMP etc.)
- Experience as an ISA or QSA strongly preferred
- Experience working successfully in a very fast-paced, results-oriented pre-IPO startup environment. Hands-on.
- Experience in generating automated metrics to measure control effectiveness and consistency and communicating to various stakeholders
- Experience in performing Risk, Privacy, and Data Protection Impact Analyses, Vendor reviews and maintaining records of processing.
- Demonstrated ability to develop and document security and privacy policies and procedures, training and awareness and customer communications.
- Experience performing technical assessments of network, operating systems, application security processes.
- Experience in program or project management.
- Familiarity with or willingness to learn cloud based productivity tools, such as GitHub, Google Docs (GSuite), Jira, Slack, etc.
- Experience with monitoring and automating security controls.
- Familiarity with cloud native technologies particularly AWS, kubernetes, infrastructure-as-code
- Industry-specific compliance/regulatory experience (e.g. fintech, big tech, healthcare/life sciences, telecommunications, etc.) is a plus.
- Basic familiarity with SQL, Python, cloud APIs/CLIs for the purposes of querying or reviewing in-scope systems
What’s unique about VGS
- We’re a quickly scaling company with a startup mindset.
- We love to empower our people to take ownership! You’ll find you are given the freedom and will own the responsibility to be successful here.
- We’re creating a remote-first philosophy. You’ll have a strong impact on a new cultural shift within the company.
What you get from us
- Flexible work hours and flexible PTO
- Competitive health benefits
- VGS stock options
- 401k plan, with employer matching 4% and immediate vesting of employer match (available only for US employees)
- Life & disability insurance
- Pre-tax flexible spending accounts, dependent and healthcare FSA (available only for US employees)
- Global parental leave program
- Employee Assistance Program
- Home Internet reimbursement
- New hire home office set up allowance
- Professional learning reimbursement
The typical base pay range for this role across the U.S. is USD $145,000 - $195,000 per year. The successful candidate’s starting pay will be determined based on job-related skills, experience, qualifications, work location, and market conditions.
At Very Good Security, we have a remote first philosophy. We are actively hiring for fully remote positions, so you can work from the comfort of your own workspace!
At Very Good Security we value great talent. Striving to provide the best experience for our candidates VGS appreciates your candidacy. We consider applicants without regards to race, color, national origin, sex, age, religion, sexual orientation, gender identity, veteran status, marital status, physical or mental disability, or other protected classes under all local, state, and federal laws and ordinances (AA/EOE/W/M/Vet/Disabled). Qualified applicants with arrest and conviction records will be considered for the position in accordance with the San Francisco Fair Chance Ordinance.