Spotify listeners, creators and employees trust us to provide a safe digital platform that protects any sensitive information they share with us. Spotify Security is a distributed team that champions and delivers on initiatives with Spotify’s autonomous teams to ensure that our organization keeps information security appropriately prioritized and that the trust we have with these stakeholders is well-deserved. We focus on raising security awareness, providing security intelligence and building tools to enable these teams to feel a shared sense of responsibility for security and privacy concerns. We aim to constantly improve the security posture of our organization by iterating on our tooling and process.
We are looking for a senior Risk Manager to join our team of talented people that share a common interest in scaling security at Spotify. You will play a key part in the Security Risk & Control team, with the mission of managing information security risks at Spotify. To enrich our security organizational while living the Spotify culture, you will also provide experience and subject matter expertise in all fields of information security. Above all, your work will impact the way the world experiences music.
What you’ll do:
- Manage and develop Spotify’s Security Risk Management program
- Continuously improve our ability to identify, assess, prioritize and mitigate risks throughout the company and come up with recommendation on how to integrate controls as part of daily operations.
- Facilitate collaboration with other engineers, product managers, and leaders to incorporate security thinking across departments.
- Collaborate very closely with Spotify’s technology teams and coordinate security projects across teams within Spotify.
- Coordinate with other risk management functions (e.g., Legal, Fraud, Internal Audit) to integrate security risk management and to minimize duplication of effort and to ensure efficient execution.
- Take part in shaping the future of our security organization.
- Work from our awesome office in New York City or Stockholm where we work closely with teams across all Spotify platforms.
Who you are:
- You have 5+ years of experience with IT and security risk, governance and controls.
- You have experience with information-security related work (e.g. implemented and/or conducted audits on relevant security frameworks), and have experience with security standards such as NIST CSF, COBIT 5, PCI DSS and ISO 27001.
- You have experience in managing information security risks in a cloud based environments.
- You have deep technical expertise in at least one area of security.
- You have CISM, CISMP or CISSP and other relevant professional certifications are a merit.
- You know how to teach and evangelize information security to groups of different disciplines with varying experience.
- You feel confident coordinating and scoping larger initiatives.
- You believe in teamwork, agile values and leading by example.
We are proud to foster a workplace free from discrimination. We strongly believe that diversity of experience, perspectives, and background will lead to a better environment for our employees and a better product for our users and our creators. This is something we value deeply and we encourage everyone to come be a part of changing the way the world listens to music.