Head of Security

About The Position

Requirements

• 6–10+ years of experience in security, with leadership responsibility in a startup or high-growth SaaS environment
• Direct ownership of SOC 2 compliance in a cloud-native company
• Strong understanding of AWS security, IAM, networking, logging, and monitoring
• Experience securing containerized workloads (ECS, Kubernetes, or similar) and modern SaaS architectures
• Familiarity with secure software development practices and application security concepts
• Ability to translate regulatory and customer requirements into practical, implementable controls
• Strong communication skills — comfortable working with engineers, executives, auditors, and customers
• Pragmatic, business-aligned mindset focused on real risk reduction rather than checkbox compliance
• Relevant certifications (CISSP, CISM, CCSP)
• Experience in financial services or other highly regulated industries (working directly with enterprise security teams as a service provider)

Nice To Haves

• Exposure to GDPR, ISO 27001, or international regulatory frameworks
• Experience supporting enterprise security reviews and customer-driven compliance requirements
• Familiarity with vulnerability management tooling, security monitoring, and cloud security posture management
• Familiarity with modern SaaS stacks and AI-enabled platforms

Responsibilities

• Own and maintain our SOC 2 compliance program, including audits, evidence collection, control design, and continuous improvement
• Define a forward-looking security and compliance roadmap (e.g., GDPR, ISO 27001) aligned with company growth and customer needs
• Serve as the primary security leader and point of contact for executives, auditors, partners, and enterprise customers
• Design and enforce security best practices across our AWS-based, containerized (ECS) infrastructure, including strong isolation for our single-tenant-per-customer architecture
• Partner closely with engineering to embed security into system design, SDLC, and operational workflows
• Own incident response planning, tabletop exercises, and real-world response coordination
• Lead risk assessments, vendor security reviews, and customer security questionnaires
• Develop and maintain security policies, standards, and internal documentation appropriate for a regulated environment
• Promote a strong security culture through training, awareness, and cross-functional collaboration
• Act as a trusted advisor to the leadership team on security tradeoffs, risk, and investment priorities
• Over time, help scale security processes, tooling, and potentially team members as the company grows

Benefits

• Competitive compensation + meaningful equity
• Opportunity to define and scale the security foundation of a rapidly growing AI platform in financial services
• Direct impact and visibility at the executive level
• A culture optimized for ownership, focus, and high-quality execution
• Remote work flexibility with a preference for NYC-based collaboration