Sr Manager, Information Security and Compliance

This listing is synced directly from the company ATS.

Role Overview

This senior-level role involves leading information security strategy and operations as a player-coach, managing a team while hands-on implementing security measures. Day-to-day responsibilities include ensuring compliance with PCI DSS, CCPA, and other data privacy regulations, designing secure cloud and on-premise infrastructure, and responding to incidents. The hire will have significant impact by safeguarding company and customer data across a growing multi-product ecosystem.

Perks & Benefits

The job is fully remote, but requires working in-office 5 days a week from 3am PHT Tuesday-Saturday to align with US hours, implying flexibility within set time zones. Career growth is supported through leadership opportunities and exposure to diverse security frameworks at a profitable, fast-growing company. The culture emphasizes customer obsession, diversity, and a practical, business-oriented approach, with potential for additional responsibilities as the company expands.

⚠️ This job was posted over 9 months ago and may no longer be open. We recommend checking the company's site for the latest status.

Full Job Description

About us:

Here at Tarro we build products that empower small brick and mortar restaurants by liberating them of the operational burden of running their business. We accomplish this by providing a frictionless connection between them and their customers through our multi-product ecosystem offering AI-enabled order taking, delivery enablement, payment solutions, and point-of-sale software. At Tarro, we use a combination of bits (technology) and atoms (people) to solve real world problems facing small business owners.

We obsess over placing our customers first and working backwards from there. When our customers succeed, we succeed. The restaurant industry in the US is over a $1 trillion total addressable market (TAM), but remains relatively underserved by technology. Large chains are able to afford expensive tech that gives them a huge advantage; we believe that small restaurant owners deserve access to the same technologies at an affordable price.

Tarro has been profitable for nearly a decade and has seen 5x revenue growth in the past four years. As of our last fundraising round in mid-2022, we were valued at $450M and have since seen substantial growth across customer acquisition, product development, and company headcount. Thousands of loyal restaurants have entrusted Tarro with their success, and together we have supported nearly 20 million customers. We are proud to be named one of Built In’s top companies to work for in 2023.

To learn more about our culture, values and how you can be a part of helping mom & pop restaurants thrive, please visit us here! Helping restaurants thrive, not just survive.

What we’re looking for:

We are seeking a highly skilled and experienced Sr Manager of Information Security and Compliance to lead our organization’s information security strategy and operations. The ideal candidate will have a robust background in both cloud and on-premise infrastructure, a deep understanding of data privacy regulations, and extensive experience with PCI DSS compliance and other security frameworks. As a player-coach, the Sr Manager of Information Security will be both a hands-on contributor and a strategic leader, capable of designing, implementing, and managing comprehensive security measures while leading and developing a team of security professionals.

What you will accomplish:

You will develop and execute a comprehensive information security strategy aligned with business objectives, regulatory requirements, and risk profiles
You will ensure compliance with relevant data privacy regulations, including PCI DSS, Philippines/Malaysia’s DPAs, CCPA, and others as needed
You will maintain and ensure compliance with the company’s information security management system
You will lead the design, implementation, and maintenance of secure cloud-based and on-premise infrastructure spanning our product and corporate environments
You will work closely with internal stakeholders across various departments to ensure alignment on security practices and initiatives.
You will grow and manage a team of information security professionals
You will participate in production support and data breach incidents and drills
You will stay current with emerging security threats, vulnerabilities, and technologies, and proactively adjust security measures as necessary.

One year deliverables:

Readiness for PCI DSS Level I audit
Compliance with CCPA and the Data Privacy Acts of the Philippines and Malaysia
Role-based access control
Solution for workstation management and BYOD at scale

About you:

You have between 8 and 10 years of IT experience with five or more years leading a team
You have experience implementing and managing the following services:
- Information security management frameworks (PCI DSS, ISO 27001, SOC 2, etc.)
- Data privacy frameworks (GDPR, CCPA, etc.)
- Identity management systems and role-based access control
- Workstation and BYOD management applications
- Security best practices for hybrid (cloud+on-premise) product and corporate infrastructure
You enjoy being a hands-on contributor, an influencer, and a leader, in equal measure
You have strong prioritization and project management skills
You are resourceful and are comfortable working independently in ambiguous situations
You are willing to work in-office 5 days a week, starting at 3am PHT Tuesday-Saturday to align with US hours

Bonus points:

You have completed green-field security framework implementations at startups or other small-to-midsize companies
You have experience with scripting and APIs
You have a practical, business-oriented approach to security practices
You are open and willing to take on additional responsibilities that may be outside of this role. We are a growing company!

If you do not meet all the requirements listed above which candidates rarely do, don't worry. We still encourage you to apply!

Tarro is committed to hiring the best team to empower small businesses to thrive. We believe that a diverse workforce is paramount to our success. We welcome talent from all backgrounds - including but not limited to - race, sexual orientation, gender identity, age, nationality, religion, veteran status, political affiliation, and disability.

Apply on original site

Similar jobs

Found 6 similar jobs

Expansion Lead (English-Speaker)

Accounting Assistant (MY - Mandarin Speaking)

Tarro • Remote

Billing & Collection Assistant (MY-Mandarin Speaking)

tarro.com

Tarro is a technology company that develops innovative software solutions for businesses. Their primary focus is on creating tools that help organizations streamline operations and improve efficiency. The company serves a diverse range of clients including small to medium-sized businesses and enterprise customers across various industries. Tarro operates as a fully distributed team, leveraging modern collaboration tools to maintain strong communication and teamwork across different time zones. Their remote-first culture emphasizes flexibility and autonomy while maintaining regular virtual check-ins and team-building activities.

Industry

Technology

Fully remote

43 open positions

About this company (remote-wise)

Headquarters:: Distributed / remote-first
Team style:: Async-ish, remote-first

View company profile →

About the job

Posted onApr 10, 2025

LocationRemote

Skills

PCI DSSISO 27001SOC 2CCPAGDPRIdentity ManagementCloud InfrastructureOn-premise InfrastructureData Privacy RegulationsSecurity Frameworks

Share this job

💌 Get remote jobs in your inbox

Subscribe to get the latest curated remote jobs every week.