Sr. Manager, Information Security & Compliance - Protect the Recipe for Success!
At Tarro, we're not just building software; we're empowering local restaurants to thrive! We're passionate about providing a seamless connection between these businesses and their customers, freeing them to focus on what they do best: creating amazing experiences and delicious food. Join us in securing the future of mom-and-pop restaurants!
Think you have what it takes to defend our growing ecosystem? We are seeking a highly motivated and experienced Sr. Manager of Information Security and Compliance to lead our organization's information security strategy and operations. You'll be a critical player in ensuring our platform remains secure and compliant, protecting both our restaurant partners and their customers.
What You'll Be Doing: Architect & Execute: Develop and implement a comprehensive information security strategy aligned with business objectives, regulatory requirements, and risk profiles. Your Mission in Year One: PCI DSS Level I Ready: Achieve readiness for our PCI DSS Level I audit. What You'll Bring to the Table: Experience: 8-10 years of IT experience with 5+ years in a leadership role. Information security management frameworks (PCI DSS, ISO 27001, SOC 2, etc.) Leadership Style: A passion for being a hands-on contributor, influencer, and leader. Bonus Points: Experience with green-field security framework implementations at startups or small-to-midsize companies. Even if you don't meet 100% of the qualifications, we encourage you to apply! We value diverse backgrounds and experiences. Tarro is an equal opportunity employer committed to building a diverse and inclusive workforce. We welcome talent from all backgrounds, including but not limited to race, sexual orientation, gender identity, age, nationality, religion, veteran status, political affiliation, and disability.
Compliance Champion: Ensure ongoing compliance with critical data privacy regulations, including PCI DSS, Philippines/Malaysia’s DPAs, CCPA, and emerging standards.
Fortify the Fortress: Lead the design, implementation, and maintenance of secure cloud-based and on-premise infrastructure spanning our product and corporate environments.
Collaborate & Influence: Partner with internal stakeholders across various departments to promote security awareness and alignment.
Build & Mentor: Grow and manage a talented team of information security professionals, fostering a culture of security excellence.
Incident Response Hero: Participate in production support and data breach incidents and drills, ensuring rapid and effective response.
Threat Intelligence Pro: Stay ahead of the curve by monitoring emerging security threats, vulnerabilities, and technologies, proactively adapting security measures.
Global Privacy Compliance: Ensure full compliance with CCPA and the Data Privacy Acts of the Philippines and Malaysia.
Granular Access Control: Implement robust role-based access control across our systems.
Secure Workstation Management: Deploy a scalable solution for workstation management and BYOD.
Expertise: Proven experience implementing and managing:
Data privacy frameworks (GDPR, CCPA, etc.)
Identity management systems and role-based access control
Workstation and BYOD management applications
Security best practices for hybrid (cloud + on-premise) product and corporate infrastructure
Organizational Skills: Strong prioritization and project management skills.
Problem-Solving: Resourcefulness and comfort working independently in ambiguous situations.
Availability: Willing to work in-office 5 days a week, starting at 3am PHT Tuesday-Saturday to align with US hours.
Proficiency with scripting and APIs.
A practical, business-oriented approach to security practices.
A willingness to take on additional responsibilities as we grow.