Security and Privacy Lead

About The Position

Requirements

• 6+ years of experience in information security, privacy, or compliance roles at a fast-growing startup.
• Experience with frameworks such as SOC 2, ISO 27001, and GDPR.
• Familiarity with monitoring and compliance tools (e.g., Vanta, Drata, or similar).
• Strong understanding of enterprise customer security expectations and documentation.
• Excellent written and verbal communication skills; ability to simplify complex topics for diverse audiences.
• A proactive, ownership-oriented mindset - you thrive in fast-paced environments, enjoy building processes from the ground up, and enjoy wearing multiple hats.

Responsibilities

• Implement and maintain company-wide security and privacy policies.
• Manage Braintrust’s compliance certifications (SOC 2 and others as needed).
• Partner with legal and operations to ensure alignment with GDPR, CCPA, and global data protection standards.
• Lead responses to customer security and privacy inquiries.
• Oversee continuous security monitoring tools (e.g., Vanta) and coordinate remediation.
• Conduct periodic risk assessments and support penetration testing and vendor audits.
• Establish metrics, dashboards, and reporting to track security posture.
• Own the incident response process and ensure clear communication across teams.
• Advise on access management, encryption standards, and data retention practices.
• Serve as the primary point of contact for internal and external data privacy and security matters.
• Support teams during enterprise due diligence and procurement processes.

Benefits

• Medical, dental, and vision insurance
• 401k plan
• Daily lunch, snacks, and beverages
• Flexible time off
• Competitive salary and equity
• AI Stipend