Key skills
AWSCloudGoogle Cloud PlatformIoTSDLCGCPGoogle CloudSaaSCI/CDLeadershipRisk ManagementMentoringCommunicationOWASP
About this role
Role Overview
- Own and evolve the company’s security and privacy strategy
- Scale and mentor the Security team, developing great security team members as the company grows.
- Build and mature the company’s security framework, balancing pragmatism and rigor across system security, application security, infrastructure security, and device security.
- Lead security operations and incident response, ensuring the company can rapidly detect, respond to, and recover from threats.
- Oversee compliance programs (e.g., SOC 2, GDPR, CPRA) and maintain a continuous improvement mindset beyond checkbox compliance.
- Partner with Engineering and Product to embed security into the SDLC, CI/CD pipelines, and IoT device lifecycle.
- Establish and maintain relationships with key stakeholders, such as executive leadership, providing actionable metrics and insights into security posture, risk trends, and emerging threats.
- Oversee vendor risk management and ensure robust controls across third-party services and integrations.
- Conduct regular security awareness training and education programs for employees.
- Evaluate and select security technologies and tools to enhance the organization's security posture.
- Build a strong security culture, from awareness and education to clear policies and positive engagement across all teams.
- Optimize the security budget and make pragmatic tradeoffs that balance protection, velocity, and business impact.
Requirements
- 10+ years of progressive experience in information security, including 3+ in a leadership role at a SaaS or technology company.
- Experience securing cloud-native systems (AWS/GCP) and managing organizational security at a remote-first company.
- Deep understanding of security frameworks and standards (e.g., NIST CSF, CIS, ISO 27001, SOC 2, OWASP).
- Strong background in incident response, threat modeling, and risk management.
- Proven ability to partner with product and engineering teams to design secure, scalable architectures.
- Experience building and mentoring high-performing security teams.
- Excellent communication skills enabling you to distill complex security topics for executives, engineers, and customers alike.
- A balanced, business-first mindset: you make practical, risk-informed decisions rather than striving for theoretical perfection.
- Certifications such as CISSP, CISM, or CRISC (preferred but not required).
Tech Stack
- AWS
- Cloud
- Google Cloud Platform
- IoT
- SDLC
Benefits
- Comprehensive Medical, Dental and Vision plans (ButterflyMX covers 80% of the cost) starting day 1
- 401(k) plan with a match
- 10 paid holidays, 20 vacation days, 5 sick days, 3 floating holidays
- Basic Life and Accidental Death and Dismemberment Insurance (ButterflyMX covers 100% of the cost)
- Short and Long Term Disability (ButterflyMX covers 100% of the cost)
- Paid Family Leave
- Employee Assistance Program
- Quarterly self-care stipends
- Access to optional benefits including pre-tax flexible healthcare spending accounts (FSA and HSA), Dependent Care FSA, and Commuter Benefits, as well as optional Supplemental Life, AD&D, Hospital Indemnity, Legal, Accident, Critical Illness, Pet, and Personal Liability Insurance
- And more!