We seek a highly skilled Security and Compliance Lead to drive the companys security and compliance initiatives across our multi cloud environments and services. This is a technical, hands-on role responsible for securing applications, IT infrastructure, customer data, and employee endpoints, while ensuring compliance with industry standards. The role also includes leading audits (ISO 27001, SOC 2 Type 2), managing penetration tests, supporting customer security inquiries, and assisting the field departments (sales, marketing) with security-related needs.
Responsibilities:
Security Leadership:
Manage security across multi cloud environments (GCP, AWS, Azure) covering applications, IT systems, and endpoints.
Continuously assess vulnerabilities and develop mitigation strategies.
Develop, implement, and monitor security policies, standards, tools and procedures.
Lead incident response efforts, including root cause analysis and the implementation of remediation plans.
Cloud Security:
Oversee the security posture in multi-cloud environments (AWS, GCP, Azure) and services (such as Snowflake, MongoDB, Auth0 and others)
Familiarity with SIEM, CSPM and DSPM systems
Collaborate with DevOps and SRE teams to secure CI/CD pipelines and infrastructure.
Implement and manage security controls for workloads, applications, and sensitive data.
Vendor and Corporate Security Assessment:
Lead security assessments of third-party vendors and partners to ensure compliance with corporate security standards.
Conduct regular security evaluations of corporate systems, services, and tools to assess vulnerabilities.
Implement vendor management processes to maintain security controls and compliance across all third-party relationships.
Customer Security Support:
Answer customer security-related questions and assist in responding to RFPs and security questionnaires.
Support field departments (sales, marketing, etc.) by addressing security concerns, creating customer-facing security documentation, and maintaining a knowledge base with answers to common security inquiries.
Data Security and Privacy:
Protect customer data, including PII, using encryption, DLP strategies, and access controls.
Oversee endpoint security and data privacy policies, ensuring compliance with relevant regulations (e.g., GDPR, HIPAA).
Manage and enhance email security controls such as DMARC, DKIM, and SPF to protect against phishing and email fraud.
Compliance and Auditing:
Lead security audits such as ISO 27001, SOC 2, and ensure compliance with global regulations (GDPR, HIPAA, etc.).
Organize and manage penetration tests and vulnerability assessments, implementing remediation strategies based on findings.
Maintain comprehensive documentation and reporting for audits, senior management, and regulatory bodies.
Collaboration and Training:
Work with cross-functional teams (Legal, IT, Engineering) to embed security best practices across the organization.
Lead security awareness programs and training for employees.
Build and maintain a knowledge base of security policies, procedures, and common security questions for internal and external stakeholders.
Requirements: Experience:
5+ years in security roles, with at least 3 years in cloud security and compliance.
Expertise in SIEM, CSPM, DSPM tools
Expertise in cloud-based SaaS platforms
Proven experience managing security audits (ISO 27001, SOC 2) and overseeing penetration tests.
Experience responding to customer security inquiries and supporting sales and marketing teams.
Hands-on experience with security tools, including firewalls, DLP, SIEM, encryption, and endpoint protection.
Technical Skills:
Proficient in cloud security practices across AWS, GCP, and/or Azure.
Strong knowledge of email security controls such as DMARC, DKIM, and SPF.
This position is open to all candidates.