IT & Information Security Officer Specialist

About The Position

Requirements

• Education & Skills: Bachelor’s degree in Computer Science, Information Security, or related field. Strong communication skills with the ability to translate technical concepts into business language.
• Security & Compliance Expertise: Proven experience managing or supporting frameworks such as SOC 2 Type II, ISO 27001, and data privacy regulations like GDPR.
• Risk & Security Knowledge: Strong understanding of risk management, cloud security, and application security principles.
• Execution Mindset: Hands-on, proactive, and comfortable building processes from scratch in fast-paced environments.
• Client-Facing Experience: Experience interacting with clients or supporting commercial teams in security-related discussions is highly valued.
• Entrepreneurial Mindset: Self-starter with strong ownership, adaptability, and ability to thrive in high-growth environments.
• Technical Fluency: Comfortable working closely with engineering teams and understanding technical architectures.
• AI Fluency & Continuous Learning: Demonstrated curiosity and ability to quickly learn and adopt new tools, including AI-driven solutions. Comfortable leveraging emerging technologies to improve security processes, automate workflows, and increase efficiency.
• Able to work onsite in our Boston (MA), Menlo Park (CA) or Santiago (CL) office 4 days a week.

Responsibilities

• Security & Compliance Ownership: Own and evolve Topsort’s information security program, ensuring alignment with frameworks such as SOC 2 Type II, ISO 27001, and GDPR. Define, implement, and maintain policies, controls, and procedures.
• Client-Facing Security: Act as the primary point of contact for clients and prospects on security and compliance topics. Support RFPs, security questionnaires, and trust discussions to enable commercial success.
• Risk Management: Design and implement risk management frameworks. Identify, assess, and mitigate security risks across systems, processes, and third-party vendors.
• Data Privacy: Ensure compliance with global data privacy regulations. Partner with Product and Engineering to embed privacy-by-design principles across all solutions.
• Audit & Certification Management: Lead and coordinate internal and external audits, ensuring readiness and successful certification processes.
• Incident & Security Operations: Support incident response processes, monitor security posture, and continuously improve detection and prevention capabilities.
• Cross-Functional Collaboration: Work closely with Engineering, Product, and Sales teams to ensure security is embedded into product development and client interactions.