NewStore operates a platform for retailers to run their stores on
iPhones. Purpose-built for mobile shoppers, the company provides
Omnichannel-as-a-Service with the only integrated cloud OMS and mobile
POS. Intuitive store associate apps allow retailers to offer seamless
shopping experiences through endless aisle, mobile checkout, store
fulfillment, real-time inventory and clienteling. An API-first
architecture and an expansive ecosystem of partners means retailers can
deploy fast and flexible omnichannel with ease. NewStore was founded by
Stephan Schambach, who pioneered ecommerce at Demandware (now Salesforce
Commerce Cloud). The company has offices in Berlin, Boston and New
York. Learn more at www.newstore.com.
About the job:
The internal IT Security Manager is responsible for leading the
company's efforts to improve its security profile. This includes working
with technical and non-technical stakeholders in order to deliver a
sound security strategy.
A day at NewStore:
You arrive at the office and take part in Infrastructure Team standup
to know the latest developments in the platform. Afterwards, you
coordinate specific actions with the Security Engineer based on risk
assessments that you helped to create in coordination with different
teams in the company. Later in the day, you plan the following tasks to
keep the company aligned with security and privacy regulations. You
catch up on the latest developments in GDPR that impact SaaS companies
like NewStore. Later in the afternoon you also catch up with internal IT
to make sure security policies are being applied. You take feedback and
incorporate it in the next cycle for reviewing policies.
Suddenly, during the day, a security issue is detected and brought to
you and you need to scramble the security plans and make emergency
counter-measures using the best of your experience. You login in the
cloud infrastructure to analyze logs and determine the best way of
action along the Infrastructure Team. You organize post-mortems and root
cause analysis of such security issues.
Responsibilities:
Take ownership of the GDPR alignment process and other privacy regulations as required.
Working with the infrastructure team and the security engineer to secure the AWS platform by pointing to specific problems
Support the identification of security threats using appropriate platforms (SIEM, log analysis, etcetera).
Identify, assess and recommend remediation paths for key security issues.
Create external IT Security and Privacy Policies update and adapt them as necessary.
Collaborate in the creation of internal IT Security Policies for the company.
Breach management and recovery procedures (data breach management and response, disaster recovery plans).
Oversight of strategic security solutions used within the company.
Organise internal and external security audits on the systems built by NewStore.
Give strategic advice on privacy and security standards.
Contribute to outline business continuity plans (risk management)
Skills:
Experience with cloud security (in special AWS).
Knowledge of different security frameworks and best practices
(OWASP, ISO 27001, COBIT 5, AWS well-architected principles, etcetera)
Experience working with startups in an agile environment.
Knowledge of penetration testing methodology for cloud infrastructure and modern applications.
Knowledge of data protection frameworks and regulations.
Knowledge of cryptographic algorithms and their applicability in different scenarios.
Experience in at least one scripting language and in version control systems (Git).
Knowledge of application and networking security controls.
Good to have:
Security certifications (CISSP, CISA, CISM, AWS Security Specialty, CEH, etcetera).
Experience working with PCI-DSS.
Experience with the EU-US Privacy Shield and GDPR.
Experience in the retail sector and their associated security risks.
University-level degree in IT Security or related field.
Questions? Email us:
jobs@newstore.com