A home is the biggest investment most people make, and yet, it doesn’t come with a manual. That's why we’re building the only app homeowners need to effortlessly manage their homes — knowing what to do, when to do it, and who to hire. With Thumbtack, millions of people care for what matters most, and pros earn billions of dollars through our platform. And as one of the fastest-growing companies in a $500B industry — we must be doing something right.
We are driven by a common goal and the deep satisfaction that comes from knowing our work supports local economies, helps small businesses grow, and brings homeowners peace of mind. We’re seeking people who continually put our purpose first: advocating for pros and customers, embracing change, and choosing teamwork every day.
At Thumbtack, we're creating a new era of home care. If making an impact and the chance to do good inspires you, join us. Imagine what we’ll build together.
Thumbtack by the Numbers
- Available nationwide in all 3,143 U.S. counties
- 70 million projects started on Thumbtack
- More than 4 million customers in the last 12 months
- Pros earn billions on our platform
- More than 8 million 5-star reviews for our stellar pros
- 1000+ employees and $3.2 billion valuation (June, 2021)
About the Team
This role will be part of the Global Information Security team. This team consists of a security application engineer, security infrastructure engineer, technical program manager, cyber security analyst, and compliance analyst. This team is in charge of the overall security processes within the organization and ensures alignment with Thumbtack’s business objectives. Members of this team are responsible for advocating and educating security best practices throughout the organization.
About the Role
As a Senior Information Security Manager, you are a guardian of data and cybersecurity: you think on your feet and can make quick and effective decisions for every information security situation that may arise within the organization. You are keen on details, have a good understanding of the Philippine Cybersecurity regulations, and can analytically assess processes, systems, data, and events relevant to Information Security. You are able to provide valuable recommendations to the management team and mitigate security risks; thereby contributing to providing our employees, pros, and customers the utmost information security that they deserve.
This role will be an individual contributor with the potential to evolve to a people manager position should there be a need to grow the team, or as may be required by the business in the future.
As a Senior Information Security Manager, you will be the “Analyst-in-chief” in Thumbtack PH when it comes to assessing an information security situation and responding appropriately. You will own the implementation, execution, and monitoring of Information Security processes and procedures in compliance with Thumbtack’s policies and government regulations. You will help in ensuring that the IS Framework, IS Strategic Plan, and IS Programs are aligned with both the Global IS and Thumbtack’s business goals.
- Working closely with the Global IS Director, TPH IT, and SiteOps Managers
- Identifying vulnerabilities in the organization’s current network system and infrastructure
- Developing and implementing a comprehensive plan to secure the organization’s computing network
- Monitoring network usage to ensure compliance with security policies
- Keeping up to date with developments in IT security standards and threats
- Performing penetration tests to find any flaws and creating mitigation plans
- Simulating security breaches and creating disaster recovery plans
- Collaborating with management and the IT department to improve security
- Seeking to build in security during the development stages of software systems, networks, and data centers
- Documenting any security breaches, assessing their damage, and liaising with the concerned government agency if necessary
- Educating colleagues about security software and best practices for information security
- Recommending, testing, and evaluating security products as needed
Key Objectives of the role
- Establish a Computer Emergency Response Team (CERT) to act as an escalation point for Information Security breaches in compliance with the DICT and NPC requirements
- Establish and continually improve the standards and practices of Information Security Management for Thumbtack Philippines
- Create and Implement Risk / Control Monitoring Framework: Coordinate the development and monitoring of key performance indicators (KPI) as well as key risk indicators (KRIs) that are mapped to various risks and controls to determine elevations in risk, the effectiveness of controls, and to proactively implement risk and control mitigation measures
- Create and implement an effective audit process to identify Information Security violations, vulnerabilities, and risks, and recommend or implement appropriate long-term corrective measures
If you don't think you meet all of the criteria below but still are interested in the job, please apply. Nobody checks every box, and we're looking for someone excited to join the team.
- Experience in compliance with the DICT and NPC requirements
- At least 5 years of relevant work experience in IT and Information Security
- IS Certification in CompTIA Security+
- Working knowledge of different security technologies and concepts such as but not limited to VA, PT, SIM/SIEM, DLP gateway, and endpoints, IPS/IDS, WAF, CASB, Cloud security, IAM, Cyber Incident Response, Digital Forensics
- Working knowledge on different IT domains – Network, Infrastructure, Systems Administration, Software Development, Database Administration, Change Management, Incident Management
- Strong background in project management and cross-functional partnerships
- Strong knowledge and experience in building control frameworks and has the ability to design and evaluate the effectiveness of controls in compliance with the Philippine IS requirements
- Excellent oral and written communication skills
- Willingness to have a flexible schedule based on business and team needs
- IS Certifications such as CISM, CISA, CISSP, etc.
- Understanding of IT and information security principles and best practices (e.g., NIST CSF, ITIL, ISO 27001/27002)
- PCI-DSS compliance experience and certification
Thumbtack is a virtual-first company, meaning you can live and work from any one of our approved locations across the United States, Canada or the Philippines*. When it is safe to gather, we will begin to host in-person events on a regular basis. Remote employees will be expected to travel occasionally for these events to a Thumbtack library or offsite team-building location. In cities with 5+ employees, we are establishing local communities, where employees can gather for local events. Additionally, employees in the San Francisco, Salt Lake City, Toronto and Manila areas will have opt-in access to communal workspace at one of our Thumbtack libraries. We always prioritize the health and safety of our employees. Currently, participation in these events and Thumbtack library use are optional. Both require employees to be fully vaccinated.
- Virtual-first working model coupled with quarterly in-person events and Camp Thumbtack
- 20+ company-wide holidays including two week-long shutdowns
- Libraries (collaborative workspaces) in San Francisco, Salt Lake City, Toronto, and Manila
- Stipends for remote work support, home office set-up and internet
- Subscriptions and Employee Assistance Program for mental health and well-being
- Cell Phone Reimbursement, Thumbtack services (North America only)
Thumbtack is committed to working with and providing reasonable accommodation to individuals with disabilities. If you would like to request a reasonable accommodation for a medical condition or disability during any part of the application process, please contact email@example.com.