Security & Data Privacy lead
We’re on a mission to beat financial crime. And we’re looking for a security and data protection specialist to ensure we remain ahead of the criminals. That’s where you come in. You’ll be the key person to make sure Salv’s information security systems continue to be cutting edge. To help us win and retain big customers, secure in the knowledge that our clients and their customers’ personal data are safeguarded by best practice solutions.
- review the existing regulatory environment (both in Europe and globally) and incorporate any new requirements into company-wide policies in a balanced manner
- evaluate our existing information security framework and identify areas of non- or partial compliance
- address any gaps in key security areas and gather evidence for external auditors of full compliance
- be the primary point of contact within Salv for our clients CISO’s, other members of staff, regulators, and any relevant public bodies on issues related to information security
- ensure the company’s policies are aligned with General Data Protection Regulation (GDPR) and codes of practice
- evaluate the existing data protection framework and identify areas of non- or partial compliance devise training plans and provide data protection advice and support for Salv members of staff
- inform and advise Salv’s role as a Data Controller or a Data Processor on all matters related to data protection
- be the primary point of contact within Salv for our clients DPO’s, other members of staff, regulators, and any relevant public bodies on issues related to data protection
Product & culture:
- help raise our employees’ security awareness and drive our information security and data protection culture (including implementing essential elements of the GDPR, such as the principles of data processing, data subjects’ rights, data protection by design and by default, records of processing activities, and notification and communication of data breaches)
- together with the product engineering team, find new ways to keep our customers and Salv safe and our product and services compliant in all relevant regions around the world
- manage and respond to queries from customers, business partners and regulators/authorities about data protection and information security
- assist with filling in customer due diligence questionnaires during customer onboarding
- drive the work to get SOC 2 certification
- develop, future-proof and maintain how we operate and govern information security and effectively manage cyber risks
- working across the entire security governance, risk and compliance (GRC) domain from designing policies and procedures, through to implementing risk mitigation and controls management
- assess external forces, such as the threat and regulatory landscape, as well as the business and internal IT environment to find the best way to design our security policy and control framework
- keep track of and manage risks through continual improvement give advice and recommendation to Salv regarding compliance with GDPR
- advise Salv regarding whether or not to carry out a data protection impact assessment (what methodology to follow when carrying out a DPIA, what safeguards to apply to mitigate any risks to the rights and interests of data subjects, whether or not the DPIA has been correctly carried out, and whether its conclusions are in compliance with GDPR)
- document all decisions taken, consistent with and/or contrary to your advice
- offer consultation in the event that a data breach has taken place ensure that all data controllers, processors and data subjects with whom we have a business relationship with are informed of their rights, obligations, and responsibilities in the light of GDPR and any other applicable data protection legislation
- enhance and maintain the registry of data processing activities in accordance with GDPR
- manage and develop Salv’s privacy program in accordance with its vision and mission
Skills & experience
- a genuine passion for information security and data protection the ability to keep client problem solving as the priority driver for our fast-growing product company
- relevant certification such as CIPP/E, CIPT, CIPM, CISA, ISO27001 lead implementer or similar
- previous experience with implementing ISO27001, SOC 2 or similar standard
- knowledge of and experience with risk management
- experience with drawing IT architecture and network diagrams
- experience with designing, implementing and incorporating efficient procedures around privacy and security matters
- at least basic knowledge of secure development and security principles in engineering
- a track record as a self-starter and project manager
- experience embedding data protection standards into technology products
- previous experience communicating with regulators and authorities minimum of three years experience working in data protection compliance or a related field
- expertise in European data protection laws and practices including an in-depth understanding of the GDPR
- experience within a legal, audit and/or risk function department strong project management and communication skills
- excellent attention to detail
- ability to work well under pressure and manage sensitive and confidential information
- excellent verbal and written communication skills
- great interpersonal skills and ability to work well both independently and as part of a team
What do we offer?
Beat financial crime.
You’ll be a part of — hopefully — making the world a better place for everyone.
Besides a competitive salary, every member of our team will get options. Of course, there are never any guarantees that we’ll succeed. But if we do — and that’s how we’re betting — they could be worth a lot.
Freedom, interesting challenges & learning opportunities
As in every small growing company, there are many hats that need wearing in the beginning, but as we grow, you'll have opportunities to focus on your favorite career tracks, including leadership. You’ll have freedom, but you’ll also have the responsibility that comes with it. You will make – and own – a lot of decisions. You need to figure out the best solutions for our customers. Get ready for a lot of challenges that need tackling.
Our team is full of mission-driven, kind-hearted people who love learning and big challenges. Some who have proven they can make awesome things happen in organizations like TransferWise, Skype, Pipedrive, and more.
Although almost all of our team is currently located in Tallinn or Tartu, we often work from other places. Which is part of why you can choose when and where you work, as long as you have an impact on customers and are aligned with the team.
At Salv, you won’t find corporate BS. You won’t find bosses who dictate what to do. And we hope you won’t find boring roles with inflated titles. Salv is just a place where you can make the right things happen.
Want to be part of our team?
If you’re ready to jump into our mission, take on a ton of responsibility, figure out what’s really important, and then build something from MVP to production-ready, then let us know by writing to our Head of People & Operations, Kairi Pauskar at [email protected]
Looking for something else?
We’re constantly looking for enthusiastic and mission-driven people to join our ranks. If you think this position isn't 100% for you, take a look at what else we’ve got to offer.See available positions