IT & Security Lead
Location | Dar es Salaam, Tanzania, United Republic of |
Date Posted | April 14, 2024 |
Category | IT / Information Technology |
Job Type | Full-time |
Currency | TZS |
Description
The IT & Security team at OpenZeppelin is responsible for the planning, execution, and delivery of the IT & Information Security Program that supports OpenZeppelin’s entire organization, including its team members and technology. This team manages IT and security operations, maintain network resilience, enforce end-user security, manage compliance initiatives and audits, support product security activities and provide leadership to the organization on cybersecurity best practices.
Role overview
As a Leader in the IT & Security team, you'll bolster OpenZeppelin’s security posture by managing the company’s IT & Information Security Program in accordance with leading industry standards (including SOC 2), taking into account the unique nature of our blockchain security offerings.
You will report to the Head of Operations and work across the organization to implement security best practices and help OpenZeppelin make continuous improvements to its information security environment.
You have strong organizational skills and an impeccable attention to detail. As a Leader, you will also exemplify operational excellence as you work across the organization to enable our team by provisioning accounts, monitoring and enforcing security policies, configuring systems and integrations, and solving IT issues for our team.
The ideal Lead for this position has the hands-on technical expertise to identify, prioritize and solve security tasks and is excited to expand the impact and grow their expertise in a high-growth environment.
Specifically you will
- Manage the day-to-day IT & Security Department operations, including setting the strategic direction of the IT & Information Security Program and executing on department OKRs and budgets
- Lead audit and certification processes like penetration testing, SOC 2 and ISO/IEC 27001 and manage related vendors
- Partner with development teams to design, implement and enhance security best practices in the SDLC and our software offerings
- Manage and configure physical security, disaster recovery, and data backup systems
- Support systems access provisioning and deprovisioning as well as onboarding and offboarding activities
- Conduct internal security audits and constantly assess our people and processes for vulnerabilities, weaknesses, and for possible upgrades or improvements
- Manage bug bounty programs and lead incident response processes
- Act as an advisor on security best practices across the organization
You have
- 5-7 years of IT & security experience, including at least 2 years of experience managing significant IT & security functions in a high-growth tech company
- Experience deploying infrastructure using IaC and self hosting and maintaining IT and security related services
- Ability to implement software to automate, and streamline IT and security related tasks
- Experience with disaster recovery planning and incident response processes
- Ability to implement and manage MDM tools
- Experience operating a security program based on ISO/IEC 27001, NIST 800-53, NIST Cybersecurity Framework, CIS controls, or SOC 2 Type 2 reports and audit processes
- Previous experience managing Google Workspace environments and Github
- An advanced English level and great communication skills (oral and written)
- The abilities needed to work collaboratively in a distributed remote team
Nice to have
- An understanding or keen interest in blockchain technology and curiosity to constantly expand your knowledge and impact
- Security certifications, such as CISSP, CISM, or GIAC certifications
- Experience using Vanta
Location:
This is a fully remote position with no travel required