You will be part of the Security team that is responsible for protecting Zivver from various threats. It is our core job to protect the confidentiality, integrity and availability of data. It is your job to make sure all the operational security and privacy tasks run smoothly and to identify and implement improvements. You will monitor Zivver’s compliance to security standards and privacy legislation. Additionally, you will work on projects to solidify specific security areas such as supplier management, access management and awareness. You will report to the Information Security Officer and together you will bring the security and privacy measures to the next level.
A Day at HQ
As we are living in times of a pandemic, there’s no such thing as a day at HQ :) We fully support a work-from-home situation (read as monitors, headphones, webcam, docks, and whatever else you might need).
You start your day by checking your email, fortunately nobody reported a security incident. At 10am you have the daily meeting with the security team. Your colleague informs the team of two new vulnerabilities in the product that were reported through HackerOne. Together with the team you discuss what priority these issues should get.
After the meeting, you spend the rest of the morning on your plan to better manage shadow IT. In a fast growing company like Zivver, there’s always the risk that people start using new tools to facilitate their work without seeking the proper security approval. You need to find a way to maintain control over this. In the afternoon you will discuss your plan with the Information Security Officer. But first, it’s time for lunch.
It’s a busy afternoon, because you also have a call planned with the People team to compare two background check agencies. It will be a difficult decision as one of them is more thorough yet the other one has a faster throughput time. You will need to balance the business objective to bring new people on board quickly with the required security.
When you return from the call you see that you’ve received an email from the marketing team asking if you can check if their planned email campaign complies with the privacy legislation. You quickly respond that you will have a look at it later in the week. Before the day is over, you quickly answer a few security questions from a customer, so you have a clear inbox for tomorrow when you will perform the monthly access check.