About the job
You will be leading Productboard’s Security team covering Security Operations, GRC and SecDevOps. Over the past two-three years, we’ve gone from a startup serving small and medium businesses to onboarding large enterprises as customers such as Microsoft or Zendesk. We’ve recently achieved SOC 2 Type II certification and need to continue to mature our environment in terms of security. You will be directly reporting to a Sr. Director of Engineering and functionally to the CTO/CSO.
Our customers store highly confidential data in Productboard. Unfiltered feedback from their customers, roadmaps of their products, their prioritization decisions. We integrate with 3rd party software development tools and manage integration secrets.
On a typical day, you will …
- Define, implement and enhance the long term security and privacy engineering strategy in line with business objectives, industry standards and customer requirements
- Set clear goals for the security team, define a working agreement in the team for their delivery
- Be accountable for the execution of our security and privacy compliance requirements
- Personally lead a Security team of 3 people, coaching and mentoring them, supporting their growth and development
- In addition to security, supervise the Internal IT team (we are also searching for an IT Manager handling the day to day that would be your main support and report to you)
- Communicate with new and existing high profile customers addressing concerns or questions about the security of their data in Productboard
- Be a strong voice representing security all the way to the executive management
- Talk to key stakeholders from all across the organisation and understand their motivations and needs. Build and develop a community of security ambassadors across all departments and establish an information security culture in the company.
- Manage the development and implementation of global security policies, standards, guidelines and procedures to ensure ongoing maintenance of security and privacy.
- Oversee incident response planning as well as the prevention and investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary
- Actively monitor high-level application and infrastructure development and identify key risks and opportunities to improve the protection of our customer’s data
- Maintain a healthy, collaborative culture in line with the company values as we navigate through fast growth
We’re looking for someone with the following skills and qualities:
- Excellent spoken and written English. The team consists of 28+ nationalities and our customers are located across the whole world
- Hands-on knowledge of ISO 27001 and/or SOC 2 certifications and security audits
- Experience with gradually introducing processes just-in-time and finding ways to how to implement them in a lean and unobtrusive way into the organization
- Seasoned at building processes from the ground up rather than just maintaining an already stabilised mature environment
- Past experience being a people leader. Genuinely caring about your team is a requirement
- Knowledgeable in secure SDLC, understands DevSecOps principles and aims to shift the security left.
- Familiar with security technologies and solutions in a SaaS environment. We heavily leverage online services, we have a very limited on-premise presence
- Pragmatic startup mindset, at least high-level understanding of Agile and DevOps. Many compliance requirements can be automated away in our eyes and a shared responsibility model between security and development should be leveraged
You can look forward to the following benefits:
💰 Stock options
💻 MacBook Pro + 34″ monitor
📚 Budget for online courses, books, and conferences
🏝 5 weeks of vacation and sick days
❤️ 1 Volunteer Day per year for you to help causes close to your heart
🍲 Free snacks, drinks, and yummy catered lunches every day (or lunch delivered to your home)
💚 Shared Headspace account for mindfulness & mental health
🏋 MultiSport card to access sports facilities in Prague
🍹 Team events, such as happy hours, off-sites, and retreats
⏱ Flexible working hours and home office
🧒🏻 Parental benefits
🎓 Language lessons
🌉 Opportunity to travel to San Francisco
✈️ Relocation Package for foreign (non-Czech/Slovak) candidates relocating to Prague
Productboard is the product management system of choice for everyone from Avast and Microsoft to rising stars like Metromile and Envoy. In early 2020, we closed our $45M Series-B round, backed by VC giants Sequoia, Kleiner Perkins, Bessemer Venture Partners, and Index Ventures. Headquartered in San Francisco, we are a truly international company, with offices in Vancouver and Prague.
- We are backed by top Silicon Valley investors, giving us access to capital, networks, mentors, and markets
- You’ll enjoy an exciting team atmosphere building a new and complex product
- We iterate quickly and decisions are fast. You’ll have a voice in what we do and see the impact of your work
- With modern offices in San Francisco, Vancouver, and Prague, you can expect occasional travel across the Atlantic!
About our culture
At Productboard, values aren’t just something we like to talk about, they’re something we live and breathe. We believe in creating a work environment where:
- People feel empowered, supported, and included
- Trust and transparency are built into the way we work
- Creativity, curiosity, and continuous improvement are encouraged and nurtured every day
You can get to know your future colleagues by listening to our People of Productboard podcast, or check out our Instagram profile and People of Productboard FB page for more info about life at Productboard.
Equal Opportunity Employer Statement
We are an equal opportunity employer and champion of equity. It is our aim to help people from all backgrounds, cultures, and groups realize their full potential at Productboard.
As such, we do not tolerate any discrimination or harassment based upon gender identity, race, color, religion, age, sexual orientation, non-disqualifying physical or mental disability, national origin, veteran status, or any other basis covered by appropriate law.
All aspects of employment including hiring, training, promotion, and terminations are based on merit, competence, performance, and business needs. We are committed to an inclusive hiring process and provide all candidates with equal opportunity to demonstrate their abilities.
Togetherness is one of our core values and our Diversity Council helps us ensure that we uphold the values of authenticity, humanity, and diversity to create an environment where every human being matters. We are committed to leading by example to drive societal change.