Director of Security, Compliance and IT

Information Technology
Why Bonfire?

At Bonfire, we bring Buyers and Vendors together to make decisions with certainty. We’re a leader in strategic sourcing and procurement technology and enable organizations to make the right purchasing decisions. We’ve powered over $20-billion dollars-worth of decision making across 250+ customers who have a 99% adoption rate and have ranked us with a 71 NPS score (that’s Netflix and Apple territory!).

First we graduated as a Y-combinator success, then became a VC-backed startup, and now through the 2019 acquisition, we’re excited to be a part of the largest government technology company in the industry, GTY Technology Holdings. Bonfire is an opportunity for you to build something amazing while accelerating your career.

We’re looking for team members who will:

-Make an impact
-Drive results
-Remain humble - no job is too small

Follow us on Instagram @go.bonfire to see more of #LifeatBonfire.

The Role

As our first Director of Security, Compliance, and IT, you will be responsible for building out and supporting the security, compliance and IT programs at Bonfire. Reporting to Alex Millar, CTO and working with Rukia Al-Amiri, IT & Security Technician, you will ensure the security of our systems and data through best practices, monitoring, and security audits. You will also be responsible for the configuration and maintenance of equipment according to business needs. You will be leading and implementing the programs and policies in conjunction with Rukia, while also defining our roadmap and vision as we move into 2020 and beyond. Don’t worry, you're not alone, you will have access to peers across our sibling companies in the GTY portfolio to learn best practices and leverage lessons learned when deploying solutions here at Bonfire. This isn’t just a strategic role, we’re looking for someone that can roll up their sleeves and follow through on projects.

What You'll Do

    • Budgeting: Maintain budgets for the department, as well as budgets for company-wide software and hardware.
    • Certifications an attestations: Achieving and maintaining compliance certifications, SOC 2 leveraging automation using Vanta.
    • Internal & External Policies: Maintain and improve our policy documents 
    • Supplier Risk Management: Due diligence reviews for ongoing material service providers. Ensuring all new software and services are assessed prior to the acquisition.
    • Client Security Questions: Complete Client Security Questionnaires and aid in RFP responses leveraging automation using Loopio to with the Sales team.
    • Education & Awareness: Develop and present content for new hire training and ongoing eLearning modules that improve our security culture of healthy skepticism.
    • Assets and Inventory: Maintain an inventory of equipment to ensure rapid re-deployment on machine failure and for new hires.
    • Mobile Device Management: Deploy and manage a mobile device management application to ensure all user devices are centrally managed by IT with company policies and applications installed.
    • Internal IT Service Desk: Maintain the internal JIRA Service Desk, fulfilling day-to-day requests to support the company.
    • Access Control: Build and maintain systems using Better Cloud for granting and revoking employee access across each department's SaaS toolchain.
    • Systems Integration: Work with departments across the organization to automate and improve technology experience.

Who You Are

    • This isn’t your first rodeo. You have proven experience in Security, Compliance, and IT at the Manager/Director level role.
    • No job is too big or too small, you have a "happy to help" and easy-going attitude towards supporting both technical and non-technical employees with regard to Security, Compliance, and IT.
    • You have a reputation for being meticulously organized and you couldn’t imagine it any other way.
    • You always follow through. If there is an issue that needs solving you always see it to completion. 
    • You have experience creating policies and procedures relating to IT governance and are comfortable educating IT colleagues on segregation of duties, documentation standards required, audit logs and audit trails.
    • You have experience overseeing/developing IT security architecture and security/privacy improvement roadmaps.
    • You have worked with a variety of modern best practices and tools for network and physical security.
    • You have experience in managing external and internal audit requests on a timely basis and coordination of remediation efforts.
    • You have had exposure to various security tools and methodologies, including vulnerability management, vulnerability & penetration assessments, anti-malware, and endpoint security management.
Recruiters: Sorry, we only deal with applicants directly!

Bonfire Interactive Ltd. strives to create an accessible and inclusive work environment where everyone is treated with respect and dignity.  Bonfire Interactive Ltd. aims to create a selection process that’s inclusive and accessible. If you need accommodation during any stage of the process, please contact and we’ll provide reasonable accommodation confidentially. Bonfire Interactive Ltd. is an equal opportunity employer and encourages applications from all qualified individuals. We thank all applicants for showing an interest; however, only candidates selected for an interview will be contacted.