Yapta's mission is simple: To give our customers confidence in travel. To that end, we are one of the world’s leading companies for fare transparency and cost savings. We analyze billions of rates every month and turn all that data into meaningful notifications and reports. We provide automated services for corporate travelers to save money by tracking prices on airline tickets and hotels, and sending alerts when prices drop.

We were recently named to Deloitte’s Fast 500, are highly profitable, and have grown 400% in the past 4 years. Our team is fast-paced and focused, but we maintain a healthy work/life balance and have fun. We value integrity, flexibility, accountability, drive, and collaboration.

Description

The primary responsibility of this role is to develop, implement, and maintain security policies, security controls and ensure that Yapta is fully compliant with customer and regulatory data protection requirements. Additionally, the role will support Yapta IT by managing users, networks, assets, and servers, which includes administrative tasks. These tasks are standard troubleshooting tickets in Active Directory, G-Suite, Jumpcloud, Sophos, and other tools that support Yapta employees.
Responsibilities will include:

• IT support for Yapta employees to remain productive (connectivity, devices, software, user accounts…)
• Implement and administer information security technical platforms, including tools like SEIM, DLP, IPS, vulnerability scanning, Firewall, etc.
• Provide guidance and expertise directly to business stakeholders and staff relating to security policies, procedures and best practices.
• Manage security incident processes, forensics, and reporting.
• Delivers monthly reports of key information security metrics to senior management.
• Mitigate findings and vulnerabilities to acceptable levels of risk 
• Perform Risk Assessment activities for the organization as well as ensure cloud-hosted applications (existing and potential) are secured by administering the security vetting process.
• Ensure Disaster Recovery and Business Continuity plans are effective, tested, and current
• Develop and apply enterprise-level information security policies and procedures.
• Participate in reviewing systems changes through the change management process for the purpose of providing information security subject matter expertise.
• Evaluates and recommends security tools deployed by the technical services team, including anti-virus, desktop encryption, data loss prevention, single sign-on, provisioning, etc.
• Reviews and contributes to the network security standards in collaboration with the technical services team.
• Serves as a liaison for compliance and/or audit requests related to security.
• Ensures all necessary logs are being actively monitored and alerts resolved or escalated.
• Responsible for ensuring regulatory requirements are met relating to Internal controls, GDPR, PCI-DSS, etc.
• Assess and mitigate security threats and risks to industrial control systems.
• Support and/or independently conduct audits, assessments, customer data calls, RFPS’ and investigations.
• Penetration Testing of Applications, Network, and cloud-based data center.

Requirements:

• Experience with IT administration such as; G-Suite, Active Directory, and Firewalls
• Experience troubleshooting user assets (Laptops, PCs), network connectivity, and software 
• Strong knowledge of cloud technologies (e.g., IaaS, SaaS, PaaS, Public, Private, and Hybrid).
• Proficiency with vulnerability scanning tools (Nessus, Greenbone…), SIEM’s, anti-virus tools, password repositories (LastPass), remote connectivity tools, intrusion detections, etc.
• Understanding of current versions of security frameworks: ISO27001, NIST, PCI-DSS….
• Understanding of GDPR, CCPA and other privacy regulation standards as they apply to Yapta.
• Has worked effectively with management, peers, and vendors to design and implement hardware/software solutions, logical models, and operational management models
• Has communicated information security and privacy needs, changes, and roadmap to leadership, staff, technical and non-technical personnel in a manner that is engaging and effective.
• Has performed most duties of this job description independently with minimal supervision or guidance
• Has been detailed in applying data security requirements over complex environments
• Has been able to identify the root cause of issues and address those items until at a satisfactory level of risk
• Has created and maintained complex technical documents and policies that are public-facing and staff facing
• Trained staff on information security concepts/policy/changes via email, in person, large groups, presentations, and individual teams. 
• Has communicated effectively verbally, and in written form to all levels and customers. Responds to off-hours communications and engages others as necessary to resolve issues or alerts.
• Actively pursues opportunities and stays informed of the latest information security and compliance standards, to improve knowledge, tools, and processes for ISMS.
• Excellent verbal and written communication skills.

Preferred Experience:

• Have or actively working towards CISSP Certification (Certified Information Systems Security Professional) and/or CEH Certification (Certified Ethical Hacker)
• Working knowledge of all responsibilities in the position description.
• Experience with internal controls, risk assessments, business process, and internal IT control testing or operational auditing.
• Understanding of complicated business and information technology management processes.
• Travel industry and/or Global Distribution Systems (GDS) technologies
• Use collaboration tools (e.g., Slack, Confluence…) effectively.
• Strong ability to work with teams, remote users and executive leadership
• Flexibility to adjust and prioritize multiple demands, shifting priorities, ambiguity, and rapid change.
• Can implement security improvements by assessing the current situation, evaluating trends and anticipating requirements.
• Highly motivated and organized with excellent time management and independent problem-solving skills.
• Working in an agile development environment

What we offer:

• A fun, collaborative environment
• Optional work-from-home Wednesdays
• Competitive compensation and benefits package, including medical, dental, and vision insurance
• 5 weeks of PTO and 10 paid holidays (total 7 weeks)
• 401k
• Stock options
• Commuter benefits
• Stocked kitchens, with coffee, soda, and snacks
• Regular team activities, including Mariners games, ping pong tournaments, movies, etc.

This position is based in Pioneer Square in Downtown Seattle. Candidates must be eligible to work in the US. Yapta is unable to provide visa sponsorship for employment eligibility at this time.
Yapta is an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.