Who We Are
ButcherBox is a fast-paced, rapidly-growing company headquartered in Brighton, MA. At ButcherBox, we believe in better. That’s why we deliver 100% grass-fed, grass-finished beef, free-range organic chicken, heritage-breed pork, and wild-caught seafood directly to our members’ doors. All of our products are humanely raised or wild-caught and never given antibiotics or added hormones ever.
We’re working to build a world that’s better for all, and we’re inviting everyone to come along. For us, better means treating our planet with respect. It means improving the lives of animals and the livelihoods of farmers. It means never cutting corners when it comes to doing business. Ultimately, it means better meals, enjoyed together. Our team is made up of people who collaborate and support one another. We’re always looking for outstanding people to join our mission!
About the Role
ButcherBox is looking for experienced and skilled IT Compliance & Privacy Manager to join us in our newly established Cybersecurity, Data Privacy and Risk and Compliance Team.
The role will report to the Sr. Director and assist in promoting organizational security awareness while supporting the delivery of the Data Governance & Privacy and security arrangements through facilitating cross-functional collaboration, promoting data privacy & security as a valuable asset, and monitoring accountability in the business and transparency of required Data Governance/ Privacy & Security policies, processes, and procedure. In this role, the manager will also ensure the organization adheres to statutory and regulatory requirements and standards regarding information storage, access, security and privacy.
Our ideal candidate will have a track record of success in the information security and privacy field and possess a solid understanding of information security methodologies.
- Drive the identification, implementation, and improvement of the organizational privacy strategy, framework, and standards
- Assist in managing the planning, designing, writing, and finalization of policies, control framework and procedures in line with NIST guidelines
- Watch for new regulations and jurisprudence and periodically brief management on the state of our privacy & compliance posture
- Develop and implement processes to identify and address evolving privacy & security risks inherent in our operations
- Provide “privacy by design” counseling to cross-functional teams for new products and initiatives
- Establish and administer a process for receiving, documenting, tracking, investigating, and acting on all DSAR request and complaints concerning our privacy policies and procedures in coordination and collaboration with other similar functions and, when necessary, legal counsel
- Develop and maintain scorecards and dashboards to objectively demonstrate progress and business benefits of Data Governance, Security & Privacy compliance initiatives.
- Collaborate with Product, Data, Engineering, and IT Ops on security & privacy impact analyses and definition of security, privacy and compliance requirements relating to our products and services
- Maintain and report on security controls required by NIST, PCI, SSAE-18, SOX and other regulatory requirements and security & privacy compliance frameworks
- Execute risk assessment and continuous compliance monitoring (auditing) of IT controls
- Perform assessments of Third-Party services providers, including cloud services, for adherence to best practices or known frameworks like NIST, etc.
- 3-7 years experience in privacy regulations with proven experience in the interpretation of and compliance with such regulations in a complex business environment
- 3-7 years’ experience managing IT Compliance programs and monitoring, with specific emphasis on NIST/ ISO/PCI/ SSAE-18 related requirements
- Expertise in security and compliance lifecycles and industry frameworks, standards, and guidelines (NIST, FISMA, ISO, COBIT, ITIL)
- Deep understanding of Cloud service models such as Platform as a service (PaaS), Infrastructure as a service (IaaS), and Software as a service (SaaS) as well as Cloud deployment models including public, private, environments.
- Relevant security certifications such CISM, CISA, CGEIT, CRISC certifications, Project Management Professional (PMP) or other related certifications
- Bachelor’s degree in Information Security, Computer Science, Information Management Systems, or related field or equivalent experience
- Familiarity with industry best practice for Cloud security (e.g. CSA Security Trust Assurance and Risk, CIS Benchmarks, NIST Framework
What We Offer
ButcherBox strives to maintain a supportive and encouraging environment. All of our thoughts and actions revolve around the lenses of our core values, which are accountable, authentic, humble, relentless improvement, and member-obsessed. We also value autonomy and transparency, and allow our employees access to all levels of the organization. We're an equal opportunity employer, and we're proud of the steps we've taken and continue to take to promote diversity and inclusion in our workplace. We're open to remote work, and even encourage our in-office employees to work from home a couple days a week.
*Due to current circumstances regarding COVID-19, all of our employees are working 100% remotely for the foreseeable future
- Health: medical, dental, vision, and life insurance, an employer-funded HSA, and short & long-term disability benefits
- Financial: 401(k) with generous employer match, employee stock options, and an annual discretionary performance bonus
- Time off: unlimited paid time off policy, an executive team that encourages a good work/life balance
- Personal growth: professional development opportunities, including free access to online learning programs
- Food: a free Custom Classic ButcherBox each month and weekly lunch reimbursement
- Others: subsidized commuter benefits and reimbursement for gym membership
We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, veteran status, or disability status. We will ensure all individuals are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.