NewStore operates a platform for retailers to run their stores on iPhones. Purpose-built for mobile shoppers, the company provides Omnichannel-as-a-Service with the only integrated cloud OMS and mobile POS. Intuitive store associate apps allow retailers to offer seamless shopping experiences through endless aisle, mobile checkout, store fulfillment, real-time inventory and clienteling. An API-first architecture and an expansive ecosystem of partners means retailers can deploy fast and flexible omnichannel with ease. NewStore was founded by Stephan Schambach, who pioneered ecommerce at Demandware (now Salesforce Commerce Cloud). The company has offices in Berlin, Boston and New York. Learn more at www.newstore.com.
About the job:
The internal IT Security Manager is responsible for leading the company's efforts to improve its security profile. This includes working with technical and non-technical stakeholders in order to deliver a sound security strategy.
A day at NewStore:
You arrive at the office and take part in Infrastructure Team standup to know the latest developments in the platform. Afterwards, you coordinate specific actions with the Security Engineer based on risk assessments that you helped to create in coordination with different teams in the company. Later in the day, you plan the following tasks to keep the company aligned with security and privacy regulations. You catch up on the latest developments in GDPR that impact SaaS companies like NewStore. Later in the afternoon you also catch up with internal IT to make sure security policies are being applied. You take feedback and incorporate it in the next cycle for reviewing policies.
Suddenly, during the day, a security issue is detected and brought to you and you need to scramble the security plans and make emergency counter-measures using the best of your experience. You login in the cloud infrastructure to analyze logs and determine the best way of action along the Infrastructure Team. You organize post-mortems and root cause analysis of such security issues.
- Take ownership of the GDPR alignment process and other privacy regulations as required.
- Working with the infrastructure team and the security engineer to secure the AWS platform by pointing to specific problems
- Support the identification of security threats using appropriate platforms (SIEM, log analysis, etcetera).
- Identify, assess and recommend remediation paths for key security issues.
- Create external IT Security and Privacy Policies update and adapt them as necessary.
- Collaborate in the creation of internal IT Security Policies for the company.
- Breach management and recovery procedures (data breach management and response, disaster recovery plans).
- Oversight of strategic security solutions used within the company.
- Organise internal and external security audits on the systems built by NewStore.
- Give strategic advice on privacy and security standards.
- Contribute to outline business continuity plans (risk management)
- Experience with cloud security (in special AWS).
- Knowledge of different security frameworks and best practices (OWASP, ISO 27001, COBIT 5, AWS well-architected principles, etcetera)
- Experience working with startups in an agile environment.
- Knowledge of penetration testing methodology for cloud infrastructure and modern applications.
- Knowledge of data protection frameworks and regulations.
- Knowledge of cryptographic algorithms and their applicability in different scenarios.
- Experience in at least one scripting language and in version control systems (Git).
- Knowledge of application and networking security controls.
Good to have:
- Security certifications (CISSP, CISA, CISM, AWS Security Specialty, CEH, etcetera).
- Experience working with PCI-DSS.
- Experience with the EU-US Privacy Shield and GDPR.
- Experience in the retail sector and their associated security risks.
- University-level degree in IT Security or related field.
Questions? Email us: