Sr Manager, Information Security and Compliance

About us:

Here at Tarro we build products that empower small brick and mortar restaurants by liberating them of the operational burden of running their business. We accomplish this by providing a frictionless connection between them and their customers through our platform. In-turn empowering them to focus on creating a better experience for their customers while helping their business thrive. 

We obsess over placing our customers first and working backwards from there. When our customers succeed, we succeed!

To learn more about our culture, values and how you can be a part of helping mom & pop restaurants thrive, please visit us here!

What we’re looking for:

We are seeking a highly skilled and experienced Sr Manager of Information Security and Compliance to lead our organization’s information security strategy and operations. The ideal candidate will have a robust background in both cloud and on-premise infrastructure, a deep understanding of data privacy regulations, and extensive experience with PCI DSS compliance and other security frameworks. As a player-coach, the Sr Manager of Information Security will be both a hands-on contributor and a strategic leader, capable of designing, implementing, and managing comprehensive security measures while leading and developing a team of security professionals.

What you will accomplish:

• You will develop and execute a comprehensive information security strategy aligned with business objectives, regulatory requirements, and risk profiles

• You will ensure compliance with relevant data privacy regulations, including PCI DSS, Philippines/Malaysia’s DPAs, CCPA, and others as needed

• You will maintain and ensure compliance with the company’s information security management system

• You will lead the design, implementation, and maintenance of secure cloud-based and on-premise infrastructure spanning our product and corporate environments

• You will work closely with internal stakeholders across various departments to ensure alignment on security practices and initiatives.

• You will grow and manage a team of information security professionals

• You will participate in production support and data breach incidents and drills

• You will stay current with emerging security threats, vulnerabilities, and technologies, and proactively adjust security measures as necessary.

One year deliverables:

• Readiness for PCI DSS Level I audit

• Compliance with CCPA and the Data Privacy Acts of the Philippines and Malaysia

• Role-based access control

• Solution for workstation management and BYOD at scale

About you:

• You have between 8 and 10 years of IT experience with five or more years leading a team

• You have experience implementing and managing the following services:

  • Information security management frameworks (PCI DSS, ISO 27001, SOC 2, etc.)

  • Data privacy frameworks (GDPR, CCPA, etc.)

  • Identity management systems and role-based access control

  • Workstation and BYOD management applications

  • Security best practices for hybrid (cloud+on-premise) product and corporate infrastructure

• You enjoy being a hands-on contributor, an influencer, and a leader, in equal measure

• You have strong prioritization and project management skills

• You are resourceful and are comfortable working independently in ambiguous situations

Bonus points:

• You have completed green-field security framework implementations at startups or other small-to-midsize companies

• You have experience with scripting and APIs

• You have a practical, business-oriented approach to security practices

• You are open and willing to take on additional responsibilities that may be outside of this role. We are a growing company!

If you do not meet all the requirements listed above which candidates rarely do, don't worry. We still encourage you to apply!

Tarro is committed to hiring the best team to empower small businesses to thrive. We believe that a diverse workforce is paramount to our success. We welcome talent from all backgrounds - including but not limited to - race, sexual orientation, gender identity, age, nationality, religion, veteran status, political affiliation, and disability.