Security Internal Auditor at Pipedrive
We believe it takes great people to make a great product. That’s why our team lives our company values, and we hire based on them too. Since 2010, we’ve been building a visual sales tool now used by over 90,000 scaling companies worldwide who love its simple yet powerful design. Along the way, we’ve raised over $90 million in funding from international investors and received numerous awards as an employer.
We take great care to find exactly the right people for our nine global offices. So, what do you say – are you ready to join us?
The Information Security department enables security across Pipedrive. Our team's knowledge is both broad and deep in the areas of cyber, information security, risk, compliance, and training. InfoSec identifies security issues and assists efforts till resolution.
We are expanding and now looking for an Internal Auditor.
What you’ll do:
- Manage operational, regulatory, and certification security requirements (according to ISO/IEC 27001:2013 and SOC requirements) and manage compliance audits to successful outcomes
- Prepare regular audit reports aligned with compliance reporting requirements
- Work closely with the InfoSec and compliance teams to automate procedural and technical compliance controls
- Collaborate with other Pipedrive teams when planning and conducting audits
- Guide technical and operational decision-making towards future product offerings and efficient organizational processes
- Partner with engineers to interpret and map compliance requirements to product implementation
You should have:
- Strong attention to details
- At least two years of experience in IT audits (SOC2, ISO, HIPAA)
- Fluency in English (required)
- A deep understanding of cloud infrastructure and security concepts
- Experience with managing compliance requirements against distributed applications on cloud infrastructure
- Familiarity with security controls for cloud automation and configuration tooling
- The ability to operate in an agile environment and meet compliance objectives
- Proficiency with security concepts (encryption, authentication, etc.) and tooling for continuous monitoring
- The ability to clearly communicate compliance requirements to internal engineering teams and associated implementation to external customers
- Experience translating complex concepts and solutions into documents required for certification and compliance to audiences with varying degrees of experience and knowledge
Would be a plus
- Auditor or implementer certifications
- Knowledge and experience with FedRAMP and NIST is a strong bonus
What you’ll get:
- The chance to improve cyber security at Pipedrive with passionate and motivated team members supporting you
- A successful and fast-growing workplace where great ideas get great supportFriendly and supportive teammates who care about being successful together
- A world-class working environment, full of perks like parties, craft workshops, an in-house gym, snacks, and of course, office dogs
- Flexible working hours as long as you're there for your team members
- A place in our Tallinn office
- A team serious about getting things done while not taking ourselves too seriously
- Lots of room for career development
- A lively bunch of colleagues from over 40 different countries
- A value-driven workplace where people come first
If this is something for you, send your resume (in English) or a link to your LinkedIn profile and please add why we should pay extra attention to your application.