FreshBooks has an ambitious vision. We launched in 2003 but we’re just getting started and there’s a lot left to do. We’re a high-performing team working towards a common goal: building an elite online accounting application to help small businesses better handle their finances. Known for extraordinary product and customer service experiences and based in Toronto, Canada, and with offices in Raleigh, Amsterdam and Croatia, FreshBooks serves paying customers in over 120 countries.
What you’ll do:
FreshBooks handles some of people’s most important information… their financials! The Privacy and Compliance Specialist at FreshBooks maintains the confidentiality, integrity, and availability of information that traverses throughout FreshBooks. To do that you’ll be auditing what we’ve done, analyzing what we’re doing, and advising the organization to best practices that the future will require from Security Governance, Risk, and Compliance (GRC). Make no mistake about it, this role owns Security GRC at FreshBooks and partners with others inside and outside the organization to make sure we continue to be great custodians of information and maintain Trust (our core value) inside and outside the organization.
- Maintain our PCI-DSS compliant environment by facilitating administrative requirements and annual audits with QSAs.
- Position the organization for smooth adoption of future legislative and compliance requirements
- Prepare compliance audit data by compiling and analyzing internal and external information
- Partner with other departments, 3rd parties, and auditors to get work in support of compliance done
- Provide security governance through implementing systems, procedures, and policies; completing projects in support of enhancing our security posture
- Enhance organizational reputation and help others by owning compliance
- Answering questions and working to satisfy compliance and business needs and at times advising management on needed actions. management on needed actions
What you’ll need:
- Experience as an auditor, consultant, and/or and advisor for PCI-DSS requirements
- Experience as an Security Governance, Risk Management, and Compliance (GRC) advisor
- Experience in managing relationships with PCI Qualified Security Assessors (QSA) and external auditors
- Strong reading, reasoning, and communication skills
- A collaborative and agile approach to risk and compliance management
What you may have:
- Demonstrated knowledge of information technology security, trends, leading practices, regulatory and industry standard compliance issues (PCI-DSS, ISO 27001, SOC 2, HIPAA, and others)
- Experience with privacy regulations and principles such as GDPR, CCPA, PIPEDA, etc
- Specific experience with SaaS applications hosted on public cloud (e.g. AWS, GCP, Azure)
- Experience performing risk analysis and mitigation strategies
- Experience managing security awareness training
- Experience managing and handling security incidents and responses
- Experience in developing policies, procedures, and processes for Information Security best practicesThe real reason people are proud to work at