Something about us...

App Annie is the industry’s most trusted mobile data and analytics platform. Our mission is to help customers create winning mobile experiences and achieve excellence. We created the mobile app data market and are committed to delivering the industry’s most complete mobile performance offering. More than 1,200 enterprise clients and 1 million registered users across the globe and spanning all industries rely on App Annie as the standard to revolutionize their mobile business. We are headquartered in San Francisco with 12 offices worldwide. 

Along with a market defining product, we take great pride in our culture and values and strive to embody them daily! We set a high bar for our success and have made Excellence as our standard, hold each other Accountable, continuously push Innovation and Win with Style.

 

What can you tell your friends when they ask you what you do? 

I am responsible for overseeing security assurance programs, reporting on compliance levels, identifying non-compliance issues and security vulnerabilities, and managing remediation activities. An important part of the role is leading the end-to-end process of vulnerability identification, investigation, remediation, verification and continuous process improvement including automation. This mission critical role acts as the central conductor for required technical and project related activities across a matrixed organization. The  mission of this position is to build and leverage a Security Assurance program (including vulnerability management) that will proactively reduce cyber risk to the organization. 

 

You will be responsible for and take pride in….

  •  Coordinate the implementation of System Security programs across Cloud infrastructure platforms and establish continued vulnerability reporting criteria
  • Conduct extensive investigations and analysis of largely undefined factors and conditions to determine the nature and scope of System Security problems and devise effective and efficient solutions
  • Responsible for reviewing proposed new systems, networks, and software designs for potential System Security risks and resolving integration issues related to the implementation of new systems with the existing Cloud infrastructure
  • Conduct the monitoring of new or emerging information technologies to assist in the identification of most effective approach or methodology to be applied in securing the Cloud infrastructures.
  • Advise management or decision makers on System Security shortfalls and areas needing improvement or modification
  • Implement higher-level System Security requirements such as those resulting from laws, regulations, or Government directives by developing long-range plans for System Security systems that anticipate, identify, evaluate, mitigate, and minimize risks associated with Cloud infrastructures’ vulnerabilities
  • Ensures forensic and malware analytical activities are conducted within the organizations Cloud infrastructure platforms according to internal standards
  • Help drive and support internal privacy programs including the EU-US Privacy Shield and Swiss-US Privacy Shield, etc.
  • Lead, coordinate and manage internal and external assessments of lead privacy program and processes.
  • Support internal privacy processes such as subject access requests, data records of processing activities, and privacy impact assessments.
  • Support the development and maintain privacy documentation such as privacy notices and policies.
  • Collaborate with business owners to prioritize projects and solutions to reduce privacy risk and improve compliance.
  • Support the review of new product features and designs and provide guidance on requirements impacting App Annie privacy compliance framework.
  • Support accurately and effectively App Annie’s  privacy program to customers.
  • Educate and train process owners about privacy and data protection.

 

You should recognize yourself in the following…

  • Minimum of 5+ years of experience in determining the appropriate System Security products or services with stakeholder Government customers to define a project scope, requirements and deliverables
  • Minimum of 5+ years of experience in providing high level technical advice and counsel to top management and other key officials on matters relating to new or modified IT policies and programs that affect or relate to current and existing System Security functions and programs
  • Minimum of 5+ years of experience in Privacy, Data Protection, Privacy Engineering, and/or Information Security Compliance.
  • Minimum of 3+ years' experience ensuring the confidentiality, availability and integrity of IT systems through full compliance with the Federal Information Security Management Act and IT security policies and standards of various Government customers (i.e. Civil, DoD, USIC)
  • Minimum of 3+ years' experience architecting information systems for accreditation under ICD 503, NIST SP 800-53 controls
  • BS level technical degree required; Computer Science or Math background preferred
  • This position requires that the candidate selected be a U.S. citizen and must currently possess and maintain an active TS/SCI security clearance with polygraph.
  • Experience with regional privacy requirements throughout Asia, Europe, and the US and negotiating data protection agreements with customers and vendors.
  • Expertise with topics such as EU-US and Swiss-US Privacy Shield, GDPR, data controllers, and data processors.
  • Familiarity with security and privacy standards such as SOC, ISO 27001, ISO 27018, EU-US Privacy Shield and Swiss-US Privacy Shield, etc.
  • Demonstrated experience in developing and managing a privacy compliance program that balances risk and the needs of the business.
  • Experience with Software-as-a-Service or cloud service providers industry challenges.
  • Excellent interpersonal, verbal, and written communication skills with the ability to communicate privacy concepts to a broad range of technical and non-technical staff.
  • Demonstrated success working with internal audit, external auditors, outside consultants, and legal counsel.
  • Equally comfortable working with other members of the team, as well as independently.
  • Strong technical foundation to be able to develop App Annie privacy program best practices based on compliance requirements and App Annie systems and processes.
  • Ability to manage multiple projects and deliver quality work to deadlines
  • CIPP, CIPM, CIPT, CISSP, or other related certifications
  • Experience in making recommendations for resolving System Security problems and requirements for multiple platforms that utilize a common Cloud infrastructure that Government customers leverage as an enterprise compute environment
  • Delivery - Engagements that include projects proving the use of AWS cloud services to support new secure computing solutions that often span the Governments customers’ enterprise infrastructure. Engagements will include the secure migration of existing applications and development of new applications using AWS cloud services
  • Experience in application security architecture, security code reviews, security testing, incident response, or security infrastructure
  • Experience working with Risk Management Framework (RMF) and Security Controls Traceability Matrix (SCTM)
  • Experience with Amazon Web Services
  • Developing and interpreting policies, procedures, and strategies governing the planning and delivery of System Security services throughout an enterprise Cloud infrastructure;
  • Providing technical advice, guidance, and recommendations to high level management officials and technical staff on critical System Security issues
  • Applying knowledge of IT project management principles, methods, and practices to develop plans and schedules, estimate resource requirements, define milestones and deliverables, monitor activities, and evaluate and report on accomplishments
  • Demonstrated experience administering Linux and Windows operating systems in accordance with applicable security controls

 

What we offer… 

  • We provide a  WFH allowance to set you up for remote work success.
  • Internet allowance for stable internet connection, so your video does not freeze on Zoom. 
  • Flexible working days. We love to meet, but if you need to get your kids behind school-zoom, need to leave early to get to your band repetition or gym classes, do your thing. 
  • Paid leave, so long as you promise to come back!
  • Health and dental benefits.
  • An international team of talented and engaged people from different cultural backgrounds and locations.
  • Wellbeing allowance for any activity that matters to your wellbeing; (online) gym classes, fitness equipment, mindfulness apps or even childcare support!
  • Unlimited access to online learning platform Udemy to help you develop your skills.
  • Virtual initiatives and events to keep you connected with your colleagues.

 

Yes, I want this job!

 

Apply for this Job

* Required

  
  


U.S. Equal Opportunity Employment Information (Completion is voluntary)

Individuals seeking employment at App Annie are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.


Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.