Handy is a home services marketplace on a mission to disrupt the $400B home services market by seamlessly delivering every service to every home. Handy has fundamentally changed the way the world buys home services by making it as easy to buy a service online as it is to buy a product. We connect customers to vetted, independent local professionals at the tap of a button, while providing upfront pricing, customer choice in scheduling (no more pesky 4 hour windows), cashless payments and a service guarantee.
Started in 2012 by Oisin Hanrahan & Umang Dua, Handy has scaled to offer cleaning, installation and assembly services across the US, Canada and the UK. Handy offers its services both direct-to-consumer via our website and mobile apps and through partnerships with some of the largest retailers in the world, including Wayfair, Walmart, Lowes, Costco and more. As of 2019, Handy is an independently operated subsidiary of ANGI Homeservices (Nasdaq: ANGI), the world's largest home services marketplace including brands like HomeAdvisor and Angie's List. This milestone is allowing us to expand to hundreds of more home services to bring the Handy experience to millions of more customers and professionals.
About the Job:
Our security and privacy team works across the organization to protect our products, infrastructure, operations, and our customers' privacy. As a member of that team you will be responsible for assessing risks and ensuring the organization meets appropriate regulatory standards and laws (e.g. ADA, WCAG, CCPA, GDPR, SOX ITGC, PCI). You will be working closely with internal and external audit teams, Handy's legal team, and Handy's engineering teams to build an organization that is continuously compliant with the regulatory standards and laws. You will continue to raise the bar to ensure our products, practices, and infrastructure remain compliant with all appropriate standards and laws.
What you will do:
Develop and sustain a rigorous risk assessment and compliance program
Work with a variety of internal teams to ensure their practices and products are compliant with the appropriate regulatory standards and laws
Develop, collect, and maintain necessary evidentiary documentation for internal and external auditors
Work with the teams to design and maintain automated systems to help with continuous compliance
Be the subject matter expert to any automation used to produce evidence for audit as well as any part of the company's controls
Monitor remediation efforts of any identified risks
Identify risks and gaps in our compliance controls and facilitate remediation
Design and improve internal controls across our products and infrastructure
Who you are:
2+ years of experience in auditing and assessing various controls in an IT environment as it relates to access management, change management, incident management, and business continuity/disaster recovery.
Familiarity with privacy and data security laws, including GDPR and CCPA
Sound understanding of cloud security and control principles including logical access controls, change control, privileged access, segregation of duties, computer operations, network security, vulnerability management, and secure coding practices.
Experience implementing, participating in, or conducting security assessments of compliance programs (e.g. SOX ITGC, PCI, SOC 2, ISO 27001/27017/27018, etc.).
Experience with scripting languages like Ruby, Python, Unix shell
Experience with writing SQL queries
Ability to work independently
A great collaborator with both technical and non-technical team members
Excellent verbal and written communication skills
Compensation & Benefits
Competitive salary and equity commensurate with experience and performance
Full medical, dental, vision package to fit your needs
Monthly Handy credits
Unlimited vacation policy; work hard and take time when you need it
A fun office in the heart of the Flatiron district, always stocked with coffee, snacks and drinks; catered lunch and dinner, foosball, office events and team outings
Ground floor opportunity with the team
The rare opportunity to work with sharp, motivated teammates solving some of the most unique challenges and changing the world
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.