About the role

As our Head of Information Security, you’ll be responsible for leading and evolving our information security strategy, policies, and operations. You’ll work cross-functionally to ensure we meet customer expectations, regulatory requirements, and internal standards. You’ll be the primary point of contact for all things security, including audits, security questionnaires, incident response, and internal policy enforcement.

You will be working with customer IT and information security teams to ensure that our platform meets and exceeds the security requirements of their organizations.

As part of this role you will:

• Develop, maintain, and enforce the company’s information security policies, standards, and procedures.
• Lead internal security programs, including risk assessments, security training, external penetration tests, and incident response planning.
• Own and drive security and compliance initiatives (e.g., SOC 2, ISO 27001).
• Serve as the primary contact for customers and partners on security-related inquiries, including due diligence and audits.
• Manage vendor security assessments and third-party risk management.
• Collaborate with engineering and DevOps to ensure secure systems design, infrastructure hardening, and secure SDLC practices.
• Monitor and assess the threat landscape; proactively recommend improvements to our security posture.
• Report regularly on the status of the security program to the executive team.
• Champion a security-first culture across the company.
• Embrace a ‘roll-up-your-sleeves’ approach to any challenge that is presented, whether directly related to information security or not.

About the candidate

• 5+ years of experience in information security, with at least 2 years in a senior or leadership capacity.
• Proven experience implementing or managing security compliance frameworks (e.g., SOC 2, ISO 27001, NIST).
• Deep understanding of security operations, application and cloud security, and risk management.
• Comfortable interfacing with customers, auditors, and non-technical stakeholders.
• Comfortable joining customer meetings during US business hours.
• Ability to operate independently in a fast-paced, startup environment.