Based in Barcelona, Qustodio is a fast-growing internet safety startup whose mission is to provide a safe digital experience for every child. Our top product is a multi-platform parental control solution that is used and loved by hundreds of thousands of families worldwide, and is one of the leading brands worldwide in the Digital Wellbeing category.
This role is responsible for designing, developing, and executing the company cybersecurity strategy, intended to drive situational awareness, culture, collaboration, deliver meaningful internal services, and create unity on what efforts are important to address cybersecurity effectively across our complex environment.
The ideal candidate is someone who is a clear communicator, curious individual, highly self-motivated, eager to collaborate, exchange knowledge and who apply new skills to proactively seek out a stronger environment against threats.
Working in an energetic, fun and agile team, Qustodio is a fast-paced environment where you will have personal accountability. We are proud to offer employees a flexible work structure, but value responsibility and hard work above all else.
Lead the Organisation:
Manage the budget and reconciliation process for information security.
Set the Strategy:
Work effectively with internal business units to facilitate information security risk assessment and risk management processes.
Establish Governance and Build Knowledge:
Identify, evaluate and report on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing Qustodio’s mission objectives.
Facilitate an information security governance committee and formulate an information security advisory board.
Ensure the consistent application of policies and standards across all technology projects, systems, services and contracts.
Develop the Framework:
Develop and enhance Qustodio’s information security management framework based on the National Institute of Standards and Technology (NIST) Cybersecurity framework or ISO 27001 framework.
Create and manage a framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations.
Build the Network and Communicate the Vision:
Create internal and external professional networks to ensure alignment across programs and to maintain current knowledge regarding cybersecurity risks.
Partner with the engineering teams to build alignment between security and developments to ensure security is built in by design.
Operate the Function:
Provide guidance and direction to project and mission support teams to develop the cyber strategies, technologies, policies and procedures to ensure our missions are safe and compliant.
Liaise with stakeholders in relation to cybersecurity issues and provide future recommendations, security education and training.
Create a risk-based process for the assessment and mitigation of any information security risks and incidents.
Ensure that data privacy requirements are included in processes, develop and oversee effective disaster recovery policies and standards, and facilitate and support the development of asset inventories.
Keep up to date with the latest cybersecurity and technology developments.
Encourage a culture of security awareness and evangelize security best practices and principles with application development teams.
Conduct functionality and gap analyses to determine the extent to which key business areas and infrastructure comply with statutory and regulatory requirements.
Lead advanced security analytics and ethical hacking efforts for continuous security monitoring and support platform modernization efforts in cloud environments.
Develop security policies and procedures that provide adequate business application protection levering the company's core business requirements.
Research/evaluate emerging cybersecurity threats and ways to manage them.
Deploy, maintain, and manage the organisation’s cybersecurity solutions ranging from Web Application Firewalls, DLP, IDP, VPN solution, endpoint management and SIEM, etc. to ensure detection of attacks, intrusions and unusual, unauthorised, or illegal activity.
Research, evaluate and recommend new cybersecurity technologies and countermeasures against threats to information or privacy
Define playbooks for critical alerts and incident response.
Implement and maintain an incident response plan and disaster and contingency plan to become cyber resilient in front of cyberattacks.
Demonstrated track record of operating a successful security function.
Experience working in a cloud architecture environment such as AWS.
Hands-on experience working with a wide range of cloud and mobile security technologies such as web application firewalls (WAFs), endpoint management and response tools, privileged access management tools, encryption, PKI, certificate pinning, vulnerability management, container and container orchestration security and identity and access management tools.
Experience with Secure Software Development Life Cycle (S-SDLC), application security frameworks, design patterns, and assessment tools.
Knowledge in DevOps and CI/CD pipeline security.
Comfort with driving the implementation of security compliance projects.
Analytical and problem-solving skills to identify and assess risks, threats, patterns and trends.
Supplier selection and management in procuring solutions and contracting testing services.
Professional Security Certification such as CISSP, GIAC or CISA.
Verbal communication skills, including presentation skills, with an ability to communicate with a range of technical and non-technical team members and other relevant individuals.
Time-management and organizational skills to manage a variety of tasks and meet deadlines.
The ability to multitask and prioritize your workload.
Excellent attention to detail.
An ability to work under pressure, particularly when dealing with threats and at times of high demand.
What can we offer you?
Great culture - friendly and emphasizes both teamwork and fun.
Our company is home to over 15 nationalities.
Flexible working hours; there are possibilities to work from home.
Interesting challenges in a fast-growing technology company for you to grind your skills.
Competitive salary range.
Private Health Insurance.
In-house training and team building events.
A modern and fully equipped office headquarters in Barcelona city center.
Daily fruit and beverages supply.
23 days of holidays per year. Half day off on your b'day.
Team Building Events.