Head of Technical Security

What You'll Do

Technical Security

• Detect, triage, and drive remediation of vulnerabilities across the stack — infrastructure, application, and network.
• Manage third-party penetration tests and coordinate internal response to findings.
• Integrate security into the development lifecycle: code review guardrails, SAST/DAST tooling, dependency scanning, and developer security guidance.
• Own credential and secrets management, including rotation policies, vault configuration, and access controls.
• Manage infrastructure patching and hardening, working with engineering to keep systems current without disrupting delivery.

Security Compliance & Frameworks

• Own our SOC 2 compliance program end-to-end, including audit preparation, evidence collection, and remediation tracking.
• Maintain and mature our GDPR compliance posture, partnering with legal and product to ensure data protection requirements are met.
• Lead our ISO 42001 certification efforts, establishing and maintaining the required AI management system controls.
• Research and implement additional compliance frameworks as we expand into new markets, acting as the internal authority on what's required and when.

Vendor & Customer Security Diligence

• Manage inbound security diligence requests that arise during client sales processes — completing questionnaires, coordinating evidence, and joining calls as needed.
• Build and maintain a vendor security review process for evaluating third-party tools and services before they're adopted.
• Maintain a library of up-to-date security documentation (policies, SOC 2 reports, architecture diagrams) to accelerate deal cycles.

IT & Device Security

• Manage endpoint security across the company — MDM, disk encryption, OS patching, and device compliance policies.
• Maintain and enforce access control policies for corporate tools and systems (SSO, MFA, least-privilege access).

What We're Looking For

• 3–7 years of experience in security engineering, application security, or infrastructure security roles.
• Hands-on experience with SOC 2 audits and at least one other compliance framework (GDPR, ISO 27001, PCI-DSS, or similar).
• Strong technical foundation — you're comfortable reading code, reviewing AWS infrastructure, and working in a CI/CD environment.
• Experience with vulnerability management tooling (e.g., Snyk, Semgrep, Qualys, Burp Suite, or equivalents).
• Familiarity with AWS Secrets Manager and IAM best practices.
• Experience managing or coordinating third-party pentests.
• Clear, low-ego communication style — you can explain a risk to an engineer and a compliance requirement to a salesperson with equal clarity.
• Comfort with ambiguity and ownership. This is a build-it role, not a maintain-it role.

Nice to Have

• Prior experience at a fintech or other regulated-industry startup.
• Familiarity with ISO 42001 or AI governance frameworks.
• Experience with MDM platforms.
• Background supporting international expansion from a security/compliance perspective.

Benefits

• Salary range: $185,000–$300,000 + meaningful equity
• 401(k) with 5% company match
• Medical, dental, and vision coverage
• 15 days PTO + 11 company holidays + flexible sick time
• 2 additional PTO days for each year of service (up to 10 additional days)
• 10 remote days per year plus additional around the holidays
• Bi-annual off-sites and team retreats