Privacy & Compliance Engineer at ezCater
Sorry, this job was removed at 3:42 p.m. (EST) on Monday, January 25, 2021
ezCater is the world’s largest online marketplace for catering – a $60+ billion market just in the U.S. Businesspeople use us to find and order great food for meetings and events; restaurants and caterers use us to grow their catering business. We’re backed by Insight Partners, Iconiq Capital, Wellington, Lightspeed, and GIC, and in early 2019 were valued at $1.25 billion. COVID slammed us, but we responded by finding new customer segments and seizing the rare opportunity COVID offered: when in life does a very successful operation get a do-over? Come help us power Food For Work even better than we did it the first time.
At ezCater, we are building a new type of Governance, Risk, and Compliance (GRC) function. A program that starts with first principles and looks for high leverage points to meaningfully reduce risk. This role is a blend of security compliance, helping us improve our security, privacy, protecting the trust of our customer’s catering partners, and risk management helping us make more intelligent business decisions. In this role, you will report to the Director of Security and work closely with the security engineering team helping implement safeguards, the legal team ensuring that we are making durable decisions on privacy, and other engineering functions to ensure we are protecting ezCater’s assets appropriately.
We are a rapidly growing company and looking for talented individuals who are excited about implementing scalable and durable compliance, privacy, and risk management solutions.
What you’ll do:
-Drive the identification, implementation, and improvement of the organizational privacy strategy, framework, and standards
-Assist in managing the development of policies, control framework, and procedures in line with our security standards
-Watch for new regulations periodically brief management on the state of our privacy & compliance posture e.g. CPRA
-Develop and implement processes to identify and address evolving privacy & security risks inherent in our operations
-Be the project lead on high profile compliance initiatives such as SOC 2 Type, NIST CSF, ect
-Provide “privacy by design” counseling to cross-functional teams for new products and initiatives
-Automate and administer a process for receiving, documenting, tracking, investigating, and acting on all DSAR request working closely with our legal counsel when necessary
-Develop and maintain risk and compliance dashboards to objectively demonstrate our posture
-Execute risk assessment and continuous compliance monitoring (auditing) of security controls along with automating evidence collection
-Perform assessments of Third-Party services providers, including cloud services, for adherence to best practices
-Develop customized annual security training that is aligned with security standards and company culture.
-Manage and run our internal phishing training campaigns
This is a great opportunity if you have:
-5+ years of experience in privacy regulations with experience applying them to high growth technology companies
-Experience automating DSAR request response
-5+ years of experience managing security compliance programs and monitoring, with specific emphasis on SOC 2 Type 2, NIST, ect
-Worked with industry best practice for Cloud security (e.g. CSA Security Trust Assurance and Risk, CIS Benchmarks, NIST Framework)
-Experience automating security control evidence collection and implementing frameworks such as “Compliance as Code”
-5+ years of experience implementing and running risk and security governance functions
-Experience Scripting in languages like Python or Go is a plus
What you’ll get from us:
You’ll get a terrifically compelling opportunity, in an environment of radical transparency, open access to all the data, and collaborative colleagues at every level of our organization. You’ll also get sane working hours and great flexibility around work/life balance.
Have people in your life – of any age – who always, often, or sometimes need your help? We make room for that. Have a bad thing or a good thing happen to you? We make room for that, too.
Oh, and you’ll get all this: Market salary, stock options that you’ll help make worth a lot, the usual holidays, all-you-can-eat vacation, 401K with ezCater match, health/dental/FSA, long-term disability insurance, a great office in the heart of Boston or Denver that you can’t use till COVID lightens up, a tremendous amount of responsibility and autonomy, wicked awesome co-workers, cupcakes (and many more goodies) once we get back to our offices, and knowing that you helped get this rocket ship to the moon.
ezCater is an equal opportunity employer. We embrace humans of every background, appearance, race, religion, color, national origin, gender, gender identity, sexual orientation, age, marital status, veteran status, and disability status. At the same time, we do not employ jerks, even brilliant ones.
For information on how ezCater collects and uses job applicants' personal information, visit our Job Applicant Privacy Policy.
Read Full Job Description
