Information Security Specialist

About The Position

Requirements

• 4+ years of experience in information security, cybersecurity, or a related technical discipline.
• A pragmatic, enabling mindset toward AI — you understand the risks but you're not reflexively restrictive. You've thought critically about how organizations can use AI tools like LLMs, coding assistants, and automation responsibly.
• Hands-on experience with compliance frameworks (SOC 2, ISO 27001) — you've been through audits and know how to keep controls healthy.
• Strong knowledge of cloud security fundamentals (AWS, GCP, or similar), endpoint protection, and identity/access management.
• Experience with security tooling — EDR, SIEM, vulnerability scanners, DLP, and email security platforms.
• Solid understanding of incident response processes and the ability to stay calm under pressure.
• Familiarity with SaaS environments, remote-first operations, and the security challenges that come with them.
• Strong written communication skills — you can write a clear policy, a concise incident report, and a Slack message that people actually read.
• Self-starter mentality — you're comfortable working autonomously and prioritizing across competing demands.

Nice To Haves

• Experience evaluating AI/ML tools for data privacy and security risks is a strong plus.
• Experience in vendor risk assessment and third-party security reviews.
• Security certifications (CISSP, CISM, CompTIA Security+, or similar) are a plus but not required.

Responsibilities

• AI Governance & Enablement — Develop and maintain a practical framework for evaluating, approving, and securely deploying AI tools across the organization. Assess data exposure risks, establish acceptable use guidelines, and help teams adopt AI confidently — not fearfully.
• Vulnerability Management — Own our vulnerability management program — scanning, triaging, coordinating remediation, and tracking resolution across infrastructure, applications, and endpoints.
• Compliance — Support and improve our compliance posture (SOC 2, ISO 27001), including evidence collection, control monitoring, and audit support. Ensure AI usage aligns with our regulatory and contractual obligations.
• Incident Response — Lead security incident response — investigate alerts, coordinate containment, document root causes, and drive improvements.
• Security Tooling — Manage and tune security tooling (EDR, SIEM/logging, DLP, email security, identity and access management controls).
• Vendor & Third-Party Risk — Conduct security reviews of third-party vendors, SaaS integrations, and AI services — evaluating data handling, model training policies, and privacy commitments.
• Policy & Standards — Develop and maintain security policies, standards, and runbooks that are practical and right-sized for our environment — including clear, usable AI usage policies that people actually follow.
• Application Security Partnership — Partner with Platform Security and Engineering on application security topics — advising on secure architecture, reviewing configurations, and supporting penetration testing efforts.
• Security Awareness — Drive security awareness initiatives — phishing simulations, training programs, AI literacy education, and ongoing guidance for the team.
• Threat Intelligence — Monitor and assess emerging threats (including AI-driven attack vectors), and translate them into actionable recommendations for leadership.

Benefits

• Our inclusive benefits package supports your well-being and growth, including 100% coverage of medical, dental, vision, mental health, and supplemental insurance premiums for you and your family.
• We also offer 16 weeks paid parental leave, unlimited PTO, stipends for remote work and wellness, a professional development budget, and more.