Viator is seeking an experienced Director of Security with a blend of software engineering and security engineering skills to lead our Security and Compliance Engineering team, reporting to the head of our engineering platform. Viator is a remote-first company. This role can be either remote from anywhere in the UK, Portugal or Poland, or a hybrid setup based out of our Oxford, London or Lisbon offices.
Viator’s mission is to bring more wonder into the world. To bring extraordinary, unexpected, and forever-memorable experiences to more people, more often, wherever they’re traveling, wherever they are. In doing so, Viator elevates thousands of businesses, large and small, along the way. With Viator, they’ve experienced the best of the world’s oldest cities, and rediscovered their hometowns through new eyes. They’ve faced their fears ziplining across the jungles of Costa Rica, hot air ballooning above Turkey’s Cappadocia, and trekking through the glaciers of New Zealand.Over wine-tasting and walking tours, they’ve reunited with family and friends after COVID-enforced separations.
We’re the largest marketplace of our kind: a single place where travelers can book more than 300,000 tours, experiences, and activities. We’re used by millions of travelers to find everything from walking tours and wineries, to cooking classes and catamarans, to sailing and spelunking, to bus tours and breweries. Our hundreds of thousands of experiences are in nearly every country around the world. And our team is international, too. We have people in Singapore, Sydney, Oxford, London, Lisbon, Reykjavik, Boston, San Francisco, Krakow and more.
You will be responsible for developing and implementing security strategies across the Security Engineering and Security Operations teams, as well as liaising with other teams delivering parts of our overall security posture. The ideal candidate will have a proven track record of building and/or implementing and improving the maturity of security programs in Cloud-based E-Commerce Marketplaces and possess excellent leadership and communication skills. You must have significant engineering acumen as this is a highly technology-driven role.
What You Will Do
- Assess security risks and identify initiatives to address the biggest security risks we face and take them through to delivery.
- Own and improve the Security Incident response process.
- Own and improve Viator’s ability to detect and respond.
- Own the Risk and Compliance programs.
- Consult with product engineering or other engineering platform teams to integrate security and compliance best practices into their engineering designs.
- Implement tools for automating security processes (e.g. secrets management)
- Design and lead our security champions program.
What We’re Looking For
- While the core focus of the role is on leadership, strategy, and executive communications, you should have enough technical skills/understanding of our stack to manage and challenge a highly technical team and help them arrive at strong decisions.
- Prior experience in managing a security team within a software product development company, including performance management of your direct reports and teams.
- You approach security with a DevOps mindset. You prefer security by enablement, automation, and guardrails over gates and roadblocks.
- You have familiarity with securing and operating on public Cloud (AWS, GCP, Azure) providers.
- The ability to guide and mentor other members within the team and improve the way we collaborate, learn, and share ideas.
- Demonstrated excellence participating on cross functional teams in fast-paced environments, both in terms of technical leadership and hands-on coding.
- You possess domain knowledge of common information security, business continuity and privacy management frameworks, regulatory requirements and applicable standards such as ISO 27001, SOC 2, HIPAA, GDPR, PCI, FedRamp, SOX, etc. You have experience
- maintaining these standards while maintaining operational efficiency.
- You are an excellent written and verbal communicator. You can articulate complex cybersecurity concepts to both technical and non-technical audiences. You are adept as translating security problems to business impact.
- The ability to guide and mentor other members within the team and improve the way. we collaborate, learn, and share ideas.
Nice to haves
- Leading security initiatives impacting an engineering platform.
- Experience securing large scale distributed systems.
- Demonstrated experience developing AWS or other cloud native applications.
- Experience with CI/CD, Gitlab and Terraform
- Familiarity with the PCI DSS
- Experience in managing multiple engineering/security teams.