Engineering at Postmates
We’re building groundbreaking tech solutions that power our revolutionary logistics platform to help connect millions of customers with their favorite merchants every day. We’re tackling some of the most complex technical challenges in the modern logistics space to unlock opportunities that positively impact the local businesses and communities we serve.WHAT WE DO
Postmates relies heavily on our engineering team to realize this vision. Building a software platform that is reliable, scales, and stays agile under demanding product needs is a serious technical challenge. Postmates is a three-part balancing act connecting customers, merchants, and couriers in real-time. If any piece is out of whack, the whole system suffers. Working with the Postmates engineering team offers an opportunity with explosive growth, cutting-edge technology, a highly visible charter, and a cool user-focused product vision.THIS ROLE
Postmates is looking for an Information Security Technical Program Manager focused on development planning, prioritization and measurement of Postmates Information Security Program and key performance indicators.
In this role, you will be responsible for working with various technical teams throughout the organization to enhance the existing program by implementing program plans, identifying key areas of risk exposure, developing plans to mitigate risks, documenting security enhancements for products and services and maintaining policies and procedures to support Postmates Information Security Management System.
- Manages the Information Security Program Plan, Roadmap and Prioritization.
- Functions as Scrum leader for the Information Security team.
- Identifies key areas of program improvement and risks.
- Prioritizes Security related Projects/Initiatives, Ensures project plans are documented, stakeholders are defined, budget and resources are allocated, objectives, milestones, success criteria and definition of done are identified and communicated.
- Evaluates/Prioritizes requests for allocation of Information Security staffing resources to other projects owned by external business units.
- Prioritizes and tracks Security Program KPI Metrics for the following:
- Security Awareness training completion
- Vulnerability & Risk Mitigation metrics for Platform & Corporate Infrastructure
- Security Assessments - New Product/Feature development
- Security Assessments - Third Party Vendor Risk Assessments
- Security Project Status
- Interacts with Postmates technology, and business stakeholders to understand risks critical to infrastructure, define potential business impact and establish corrective action plans.
- Prepares weekly reports for senior leadership on Information Security KPIs.
OUR PREFERRED QUALIFICATIONS
- Knowledge in NIST, PCI DSS, SOC 2 type security standards.
- Knowledge in Information Security industry best practices with hands-on experience developing and managing an Information Security Management System.
- Experience functioning as an Information Security Technical Program Manager, Information Security Technical Project Manager, Information Security Engineer or Information Security Analyst for at least 5 years.
- Deep technical knowledge of security concepts such as vulnerability risk assessments, privacy assessments, intrusion detection, incident response, security monitoring, security policy creation, enterprise security strategies, architectures and governance.
- Experience using Atlassian Jira for team workload assignment and prioritization through Scrum or Kanban project management.
- Experience configuring, managing and providing support for GRC, ERM and SIEM tooling.
- Experience with developing compliance and security analytics/insights through BI/analytics tooling.
- Familiar with standard SQL or python scripting languages.
- Ability to work effectively while prioritizing and juggling competing priorities in a fast-paced work environment.