Back to jobs

Information Security Engineer

Palo Alto, CA
Globality was founded with a simple but ambitious goal: to use AI to transform enterprise spending into a smarter, fairer process—creating more efficient, inclusive markets worldwide. Today, our AI-driven solution is reshaping how enterprises spend, turning procurement into a guided, insight-led process that’s easier for everyone, open to anyone, and better for business.
 
At the forefront of enterprise AI, Globality optimizes spending, drives efficiency, and guarantees bottom-line impact. Our culture is built on Trust, Collaboration, and Innovation, fostering an environment where every individual feels valued and included. Bring your expertise, passion, and perspective—together, we’re shaping the future of enterprise spending.

Role Summary:

As an Information Security Engineer, you will leverage your strategic and operational security expertise to assess risks, enforce governance, and ensure compliance across the organization. Your role will focus on risk identification and mitigation, emphasizing collaboration and cross-functional trust.

What you will be doing:

  • Ensure compliance with security and privacy regulations, including ISO 27001 and SOC 2 Type 2
  • Refresh policies, manage exceptions, and maintain documentation
  • Host ISSC, MRM, and AI governance meetings
  • Develop and manage security risk programs, assessments, and metrics
  • Oversee network security, threat intelligence, phishing reports, and external security tests
  • Perform DPO activities (DSARs, GSARs) and conduct DPIAs
  • Lead internal audits, track findings, and manage remediation
  • Prepare risk reports and dashboards
  • Implement business continuity, IT, and enterprise risk management programs
  • Oversee web security, malware protection, SAST, DLP, and code dependency analysis
  • Improve ISQ processes, conduct classifications, and refresh DD/RAs
  • Approve applications, review DPAs, and track remediation
  • Manage incident triage and remediation
  • Drive and maintain all information security-related certifications, ensuring they are up to date

 What we are looking for: 

  • 3+ years of experience in security governance, risk, and compliance
  • Proven experience performing security audits, particularly ISO 27001 and SOC 2
  • Proficiency with eGRC systems and enterprise risk assessments
  • Familiarity with security frameworks such as ISO 27001, SOC 2 Type 2, and CSA STAR
  • Strong program management skills, including process development and implementation
  • Experience coordinating with internal and external auditors to drive security compliance
  • Ability to thrive in a fast-paced environment and manage multiple security tasks simultaneously
  • Adaptability to shifting priorities and timelines
  • Excellent written, verbal, and technical program management skills
  • Openness to new ideas and a willingness to innovate

The anticipated annual pay scale for this position is $115,000 -$185,000. Actual salaries will vary depending on factors including but not limited to location, experience, and performance. The range listed is just one component of Globality's total compensation package for employees. This information is provided per the California Equal Pay Act. We are an equal opportunity employer and a participant in the E-Verify program. We believe diversity makes teams better and that discrimination based on race, gender, or anything else is self-defeating.

Apply for this job

*

indicates a required field

Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf

Education

Select...
Select...
Select...
Select...
Select...
California Consumer Privacy Act (CCPA) *

California Privacy Right Notice for Job Applicants 

The purpose of this notice is to provide you with information on the categories of personal information that are collected by Globality, Inc. (“Company”) about employees and applicants and the purposes for which this personal information is used. 

Definition 

Personal information means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular employee or applicant.  Personal information does not include publicly available information. 

Categories of Personal Information

Company collects and stores different types of personal information about employees and applicants such as:

  • Pre-recruitment data, e.g. personal data contained in a job application form, resume, education, references, interview notes, etc.
  • Where permitted by law and applicable, we may collect the results of credit and criminal background checks, the results of drug and alcohol testing, screening
  • Name, gender, home address and telephone number, date of birth, marital status, employee identification number and emergency contacts
  • Residency and work permit status, nationality and passport information
  • Information related to gender, race, or ethnic origin for purposes of complying with anti-discrimination laws
  • Social security or other taxpayer/government identification number
  • Payroll data, e.g. tax forms, bank account information, etc.
  • Information related to benefit entitlements and plans, e.g. details of participation, contributions made, beneficiary information, etc.
  • Employee stock information
  • Employment details such as job title/position, office location, hire/transfer/promotion dates, offer letters/employment agreements, compensation data, performance data, disciplinary and complaint/grievance documentation, training records, travel and expense records
  • Medical and other relevant information/documentation for purposes of disability accommodation, leaves of absence, verification of need for time off, etc.
  • Time and attendance records
  • Clothing sizes, photograph, videos, physical limitations and special needs
  • Date of resignation or termination, reason for resignation or termination, information relating to administering termination of employment
  • Data collected through monitoring processes (e.g. building access control records collected via wall terminals, records of automatic monitoring operations of Company IT and Communications equipment, as carried out by software operating automatically)
  • Images captured/recorded by Company’s CCTV system
  • Voicemails, e-mails, correspondence, documents, and other work product and communications created, stored or transmitted using our networks, applications, devices, computers or communications equipment
  • Data relating to accidents or dangerous occurrences in the workplace
  • Information required for Company to comply with laws, the requests and directions of law enforcement authorities or court orders (e.g., child support and debt payment information)
  • Acknowledgements regarding our policies, including employee handbooks, ethics and/or conflicts of interest policies and computer and other corporate resource usage policies
  • Any other information that you provide directly to us

Purposes For Which The Categories Of Personal Information Will Be Used

Company may use your personal information for the following purposes:

  • Managing all aspects of an employee’s employment relationship, including, but not limited to: determining eligibility for initial employment, including the verification of references and qualifications; pay and benefit administration; the issuance and management of stock options and restricted stock units; corporate travel and other reimbursable expenses; development and training; absence monitoring; project management; auditing, compliance, and risk management activities; conflict of interest reporting; employee communications; performance evaluation; disciplinary actions; internal investigation activities; career management, including the assessment of qualifications for a particular job or task; processing employee work-related claims (e.g., worker compensation, insurance claims); succession planning; relocation assistance; obtaining and maintaining insurance; the provision of employee related services; and other general operations, administrative, financial, and human resources related purposes.
  • Assisting you with obtaining an immigration visa or work permit where required
  • Video conferencing
  • Maintaining directories of employees
  • Employee engagement programs, including surveys
  • Administering our occupational safety and health programs
  • Protecting the safety and security of our workforce, guests, property and assets (including controlling and facilitating access to and monitoring activity on and in our premises and activity using our computers, devices, networks, communications and other assets and resources)
  • Investigating and responding to claims against Company
  • Maintaining emergency contact and beneficiary details
  • Complying with applicable laws (e.g. health and safety, employment laws, office of foreign asset controls regulations, tax laws), including judicial or administrative orders regarding individual employees (e.g., garnishments, child support payments)
  • Carrying out any additional purposes that we advise you of (if applicable law requires your express consent for such additional use or disclosure we will obtain it from you)
  • Carrying out other purposes as part of our business activities when reasonably required by us

Questions? 

Any questions or concerns about this notice should be referred by email directly to HR@globality.com or Recruiting@globality.com.