Information Security Lead

Do you want to work for a mission-driven non-profit, managing the cybersecurity of systems that will contribute to helping the livelihoods of millions of coffee farmers around the world? Enveritas is a 501(c)3 non-profit and Y Combinator-backed startup looking to hire an information security lead for our Engineering & Data Group. You can learn more about this job at https://www.enveritas.org/jobs/infosec/

We are looking for an experienced information security lead based out of the EU or United States with a focus on security policy and risk management to join us on a remote work, full-time basis. In this role, you will work as part of the Engineering and Data Group  — a quirky, talented, and humble group of about twenty with diverse backgrounds ranging from journalism to academia to international industry.

About Our Engineering & Data Group

The Engineering & Data Group builds software to collect, analyze, and report data about coffee farmers’ conditions and practices. This large-scale data-collection effort requires many moving parts to work together, and we use technology to support that effort at every step of the process — from identifying coffee farms in satellite imagery, to coordinating survey edits across country teams, to detecting data anomalies in real-time that can be investigated while teams are still in the field. A core part of our work is in data aggregation and report generation, with insights ultimately being shared with roasters and other stakeholders on how to assist in improving the social, economic, and environmental conditions of smallholder farmers. 

While our tooling varies across products, our organization primarily uses Google Workspace for collaborating, and our Engineering & Data Group uses AWS and Google Cloud for running the platforms that power our Impact, Ops, and Partnerships groups. We also use a standard assortment of SaaS platforms.

What You’ll Be Doing

You will be responsible for cybersecurity policies and practices, ensuring compliance with cybersecurity frameworks and working across teams to implement security best practices. As a dedicated security specialist, you will work closely with our IT, legal, and engineering teams to assess risks, define policies, and enhance security across the organization.

Your work will include:

• Assess and improve security policies and risk posture by reviewing audits, prioritizing key improvements, and ensuring compliance with best practices.
• Manage security configurations and access controls across Google Workspace, AWS/GCP, and SaaS vendors.
• Lead security operations and incident response, including monitoring alerts, running tabletop exercises, and implementing MDM, patch management, and Zero Trust initiatives.
• Drive security awareness and training, working with internal teams to enhance security practices, refine IAM roles, and strengthen data protection.
• Support IT operations and system security – act as a backup for our Head of IT, assisting with access management, IT troubleshooting, and ensuring secure day-to-day operations.

Qualifications

Read this first: research shows that people of different backgrounds read job postings differently. If you don’t think you meet all of the qualifications but do think you’d be a great match for us, please consider applying and sharing more in your application. We’d love to talk with you to see what skills you can bring to our team. This said, we are most likely to be interested in your candidacy if you can demonstrate the majority of the qualifications listed below:

• 5+ years of experience in cybersecurity, IT security, or a related field, with a focus on policy development, risk management, and incident response.
• Strong understanding of identity and access management (IAM), data protection, compliance frameworks (e.g., GDPR, SOC 2, ISO 27001), and security operations.
• Hands-on experience managing security configurations in Google Workspace, AWS/GCP, and SaaS applications.
• Experience developing and implementing security policies, including asset management, risk governance, and third-party risk management.
• Strong communication skills and experience collaborating across IT, legal, and engineering teams.

Who You Are

Our team is fully distributed, so you should be comfortable with remote work. This role is a full-time individual contributor role. While you can be located anywhere in the United States or European Union regions that our EOR (Deel) supports, note that the core hours for this role are 9 am to 2 pm Eastern Time, Monday through Friday, with flexibility to start earlier or finish later based on your schedule.

You should be inspired by our mission to improve the lives of smallholder coffee farmers, and have an interest in sustainability. You should have a deep empathy for users of our tools and understand the importance of supporting the work of other teams. Because operational and business needs can be ambiguous and change on a short time-scale, you should have a love for environments with uncertainty, and enjoy not only solving problems, but discovering and demystifying them.

We are a small team! You should be comfortable working both independently and as a thoughtful collaborator, and have experience working in smaller organizations where flexibility and adaptability are keys to success.

About Working With Us & Compensation

Enveritas has teams around the world: we are about 100 people spread over almost two dozen countries, and of all backgrounds, faiths, and identities. To learn more about working at Enveritas, see https://www.enveritas.org/jobs/

For a US-Based hire, base salary for this position will be between $110,000 and $135,000 annually (paid semi-monthly). This is a full-time exempt position. Full benefits include 401k with matching contributions, Medical/Dental/Vision, and Flexible Spending Account (FSA), 4 weeks vacation in addition to 13 standard holidays, and personal/sick time.

For a hire outside the US, our offer will be competitive; the specific benefits and compensation details will vary as required to account for your region’s laws and requirements. Salary for this position will be paid in relevant local currency.

For all staff, we are able to offer:

• Annual education budget for conferences, books, and other professional development opportunities.
• Annual all-company retreat and annual Engineering & Data meetup.
• Field visits to our Country Ops teams in coffee-growing countries such as Colombia, Costa Rica, Ethiopia, and Indonesia.

Interview Process

We are committed to fair and equitable hiring. To honor this commitment, we are being transparent about our interview process. We are interested in learning what working with you would be like and believe the below is the fairest method for us to see you at your best — and for you to learn about us! If you feel that a different method would be better for us to learn what working together would be like, please tell us in your application. 

After your introductory interview, the process typically takes four to six weeks (but will depend on scheduling), and consist of four conversations that total about five hours of time. You should plan to also spend about four hours in total preparing for interviews. See the hiring page at https://www.enveritas.org/jobs/infosec/ for details about each of these interviews.

• Introductory Interview (30 minutes; Google Meet; audio-only)
• First Technical Interview (60 minutes; Google Meet)
• Second Technical Interview (60-90 minutes; Google Meet)
• Manager Interview (45-60 minutes; Google Meet)

How to Apply

Please apply using our Greenhouse application form. Feel free to contact us at jobs@enveritas.org should you have any questions about the position or the interview process. Questions about this opportunity or process will not reflect negatively on your application.

We care deeply about diversity. Our work is complex and nuanced, so the more diversity we have in the voices working on our problems, the larger of an impact our work can have for the world. Enveritas is an Equal Opportunity Employer ​encouraging an inclusive and diverse workforce. We embrace and celebrate the unique experiences, perspectives, and cultural backgrounds that each individual brings to the workplace. We are dedicated to hiring employees who reflect the communities we serve and strongly encourage qualified candidates from all backgrounds to apply.​

A few notes about our communications: We are not able to reply to messages sent to staff outside of either our application process or our jobs email address, as this is unfair to other candidates. Also, Enveritas has been made aware of fake job postings by individuals pretending to hire persons seeking employment. These individuals are looking to collect personal information about you for fraudulent purposes. All legitimate Enveritas job openings are posted under https://enveritas.org/jobs/ and all recruiting emails from Enveritas team members will come from @enveritas.org.