Head of Security & IT

About The Position

Requirements

• Have 5+ years hands‑on security engineering in cloud‑native (AWS/GCP/Azure) product environments.
• Can demonstrate end‑to‑end ownership of at least one compliance framework (SOC 2, ISO 27001, HIPAA, PCI DSS, etc.).
• Are fluent in modern DevSecOps tooling (Terraform, Kubernetes, GitHub Actions, OIDC/OAuth).
• Write code well enough to build internal tooling or fix a critical bug (we use Elixir & Terraform).
• Communicate complex risks in plain language to engineers, execs, and customers.
• Are comfortable being a “team of one” at first and progressively hiring/mentoring teammates.

Nice To Haves

• experience with multi‑tenant data isolation, SAML/SCIM integrations, or selling to regulated industries (FinTech, HealthTech, GovTech).

Responsibilities

• Manage a team of security engineers (ranging in skill from IT, GRC, CloudSec & AppSec)
• Provide guidance, training, and tools to developers on secure coding principles, common vulnerabilities, and secure design patterns.
• Analyze, fix, and test vulnerabilities.
• Do code reviews, audit and analyze source code for vulnerabilities.
• Monitor the security industry for new developments.
• Evaluate, recommend, and implement security tools and technologies to improve our application security posture.
• Conduct threat modeling exercises for new and existing applications and systems.
• Ensure systems and processes adhere to relevant security standards, regulations (e.g., ISO 27001, SOC 2, GDPR, HIPAA), and internal policies.
• Implement and manage security controls for cloud environments (e.g., AWS, GCP), including identity and access management (IAM), network security, and data protection.
• Maintain comprehensive documentation for security processes, tools, and configurations.

Benefits

• Health/dental/vision
• 401k (no match yet)
• Flexible PTO with manager approval
• Top‑spec laptop, stipend for home office/security hardware
• $2,000 annual training/certifications budget