ABOUT GRAVITEE
In 2015, four developers met while working on API strategy and implementation. The API world and API platforms were unnecessarily complex and no powerful open source solutions existed. Together, they decided to build a complete API platform providing business owners effortless control over their entire API ecosystem. Gravitee.io is the leading open-source API platform, enabling worldwide developers and business users to build, manage and monitor their APIs. As a team, we are driven by the purpose of giving customers effortless control over their growing API ecosystem and a strong belief in the ethos of open source. By understanding customers' connectivity challenges and anticipating their needs, we provide the most intuitive platform. We are growing rapidly and we are looking for exceptional people who are excited to join us on this career-defining journey.
THE ROLE & WHY IT EXISTS
Gravitee.io is taking APIs to the next level - we are the premier, open-source API platform and we want everyone to know how amazing our software is. To make this happen, we are seeking someone who will be our SME in the making and that will support our teams and clients in matters related to information security and data privacy.
This is where you come in.
We are currently recruiting for a Director of Information Security to join our growing business. In this newly created role, you will support and become a SME in Information Security, Compliance and Data Privacy while reporting to the Chief Technology Officer. You'll be handling our information security information management system (ISPIMS- ISO 27001/27701) making sure that everyone and everything is compliant with our policies and SOP's. This will also include our privacy information management and learning how to use and maintain compliance with some of the best standards out there.
WHAT YOU WILL BE DOINGYour daily to-do list will feature some or all of the following, but is not limited to:
- The primary responsibility of the Director of Information Security is to be part of the ISO 27001/27701 assurance and continuous improvement process and support the Head of Information Security in any related tasks.
- In addition, the Director of Information Security is expected to learn and develop skills to become an SME in all security and data privacy-related points of the Gravitee orb of products and services to better support our team and clients.
- Take ownership of the allocated processes and procedures in our ISO 27001/27701.
- Review processes and procedures to make sure that they are continuously improved and fit for purpose.
- Be the first point of escalation within the InfoSec and Data Privacy team.
- Respond to incidents and support on the triage, resolution and forensics.
- Review access and controls in place on a regular and scheduled basis.
- Be willing to learn and adapt to new situations and evolve your knowledge.
- Provide the Gravitee Global Information Security Awareness Training sessions and other training sessions as needed.
The right candidate will possess at least the following skills:
- Good knowledge of GDPR or any other Data Privacy regulations and laws.
- Must have a working knowledge of:
- ISO 27001
- ISO 27701
- ISO 9001
- Must have a working knowledge of SOC II, Type 2.
- Understanding of API and Cloud/SaaS systems.
- A customer-first attitude, internal or external customers.
- Thirst for knowledge and learning.
- Attention to detail.
- An independent team player.
- Advanced understanding of compliance, information security, data privacy or legal aspects of these.
- Ability to adapt to a fast-paced environment.
Additionally, these skills are not required, but preferable:
- Exposure to NIST CSFCI, PCI-DSS or HIPAA is a big plus.
- OWASP ASVS, TOP 10 knowledge is great to have.
- You have completed a bachelor's or MSc in CyberSecurity, Information Security, or legal or have up to two years of experience in compliance, risk, cyber security, software development or computer science.
- A bringer of energy - someone who is enthusiastic, friendly, and who will add to Gravitee's vibrant company culture.
- Someone with a sense of urgency and follow-through.
- A person who excels working in a fast-paced, agile scale-up environment.
- Naturally customer-focused with a customer-first mentality.
- Respectful, courteous, harmonious, polite, and conscientious.
- Excellent medical coverage to keep your body and mind healthy.
- Pension and 401k program options for all locations.
- Stock option plan for employees.
- 25 days holiday/vacation in addition to in-country national holidays.
- 3 mental health days per year with an allowance toward a mood-boosting activity of your choice.
- Birthday off to celebrate your day.
- Learn and grow with our professional development allowance to be used to benefit your career.
- Quarterly outings and an annual off-site in an exciting location!
- Hybrid culture with options to go into an office in one of our hubs.
- Ability to work for one of the fastest-growing companies and alongside some of the most talented people in the API technology sector.
- A meaningful, progressive, global company culture that is as fun as it is hardworking.
- Endless growth opportunities.
At Gravitee, we believe strongly in living our core values as a team and as a company. We don't just write them- we live them. Our company is based on employees who work and operate with the principles of:
- Passion: Work because you love it. Use your sense of passion to become an expert in your field, to think about where our market is going, how to improve and how to do things better.
- Do What It Takes: Work with speed, fight and intensity to ensure the job is done to your highest standard.
- Professionalism: Respond to needs quickly, in a polite and respectful way, to our internal and external customers.
At Gravitee, no employee or applicant will be treated less favourably on the grounds of their sex, marital status, race, colour, nationality or ethnic or national origin, disability, gender, sexual orientation, gender identity, age, pregnancy or maternity, marital or civil partner status, or religion or belief.