Information Security Internal Auditor

We believe it takes great people to create a great product. That’s why our team lives our company values, and we hire based on them, too. Since 2010, Pipedrive has been on a mission to support sales and marketing teams with easy-to-use, powerful tools that make everyday work faster and easier. Today, our cloud-based software is trusted by over 100,000 companies and used in 179 countries. We have grown from a five-person team to a truly international company of over 900 people, representing more than 50 nationalities, with ten offices distributed across Europe and the US. In 2020, Pipedrive received a majority investment from Vista Equity Partners, a global investment firm that invests exclusively in enterprise software, data and technology-enabled businesses, making Pipedrive the fifth unicorn from Estonia.The information security department enables security across Pipedrive. Our team's knowledge is both broad and deep in the areas of cyber, information security, risk, compliance and training. InfoSec identifies security issues and assists efforts till resolution.

Your new adventure:

• Manage operational, regulatory and certification security requirements (currently according to ISO/IEC 27001:2013 and SOC requirements) 
• Take lead and manage internal compliance audits and follow up on their results
• Prepare regular audit reports to C-level aligned with compliance reporting requirements
• Work closely with InfoSec and compliance teams to automate procedural and technical compliance controls
• Collaborate with other Pipedrive teams when planning and conducting audits
• Guide technical and operational decision-making towards future product offerings and efficient organizational processes
• Partner with engineers to interpret and map compliance requirements to product implementation

Does this sound like you?

• Three years of hands-on experience in conducting and leading IT audits (specifically SOC2, ISO 27001)
• Strong attention to details
• Excellent written, verbal, presentation and communication skills in English
• Proficiency with security concepts (encryption, authentication, etc.) and tooling for continuous monitoring
• A deep understanding of cloud infrastructure and security concepts
• Experience with managing compliance requirements against distributed applications on cloud infrastructure
• Familiarity with security controls for cloud automation and configuration tooling
• The ability to operate in an agile environment and meet compliance objectives
• Proficiency with security concepts (encryption, authentication, etc.) and tooling for continuous monitoring
• The ability to clearly communicate compliance requirements to internal engineering teams and associated implementation to external customers
• Experience translating complex concepts and solutions into documents required for certification and compliance to audiences with varying degrees of experience and knowledge
Would be a plus
• Experience with IT audits (SOC2, ISO, HIPAA, NIST)
• Auditor or implementer certifications
• Strong project management experience

Why Pipedrive?

• A value-driven work environment where people come first
• A lively bunch of colleagues from over 50 different countries, with offices in Tallinn, Tartu, Lisbon, Prague, London, Dublin, New York, Florida, Riga and Berlin
• A team serious about getting things done while not taking ourselves too seriously
• A world-class working environment full of perks like parties, craft workshops, snacks and, of course, office dogs
• Flexible working hours as long as you’re there for your team members
• Freedom to execute your ideas with a passionate and motivated team supporting you
• Lots of room for personal and career development, with internal and external training opportunities
• Competitive salary and bonus system and all the benefits you’d expect from a great employer (health and accident insurance, health days, a quarterly contribution to sports, in-house coaches, employee discounts and more)
Based on this role's access to certain data, Pipedrive will be conducting a pre-employment background investigation in conjunction with your application for employment with our company.  Such data will be handled in accordance with Pipedrive's Privacy Policy for Recruitment.

We’re on the lookout for an Internal Auditor to join our Information Security department.If this is something for you, send us your resume (in English) or a link to your LinkedIn profile and please add why we should pay extra attention to your application.