Key skills
AWSCloudKubernetesSDLCAIECSIAMSaaSLeadershipCommunicationCollaborationRemote Work
About this role
Role Overview
- Own and maintain our SOC 2 compliance program, including audits, evidence collection, control design, and continuous improvement
- Define a forward-looking security and compliance roadmap (e.g., GDPR, ISO 27001) aligned with company growth and customer needs
- Serve as the primary security leader and point of contact for executives, auditors, partners, and enterprise customers
- Design and enforce security best practices across our AWS-based, containerized (ECS) infrastructure, including strong isolation for our single-tenant-per-customer architecture
- Partner closely with engineering to embed security into system design, SDLC, and operational workflows
- Own incident response planning, tabletop exercises, and real-world response coordination
- Lead risk assessments, vendor security reviews, and customer security questionnaires
- Develop and maintain security policies, standards, and internal documentation appropriate for a regulated environment
- Promote a strong security culture through training, awareness, and cross-functional collaboration
- Act as a trusted advisor to the leadership team on security tradeoffs, risk, and investment priorities
- Over time, help scale security processes, tooling, and potentially team members as the company grows
Requirements
- 6–10+ years of experience in security, with leadership responsibility in a startup or high-growth SaaS environment
- Direct ownership of SOC 2 compliance in a cloud-native company
- Strong understanding of AWS security, IAM, networking, logging, and monitoring
- Experience securing containerized workloads (ECS, Kubernetes, or similar) and modern SaaS architectures
- Familiarity with secure software development practices and application security concepts
- Ability to translate regulatory and customer requirements into practical, implementable controls
- Strong communication skills — comfortable working with engineers, executives, auditors, and customers
- Pragmatic, business-aligned mindset focused on real risk reduction rather than checkbox compliance
- Relevant certifications (CISSP, CISM, CCSP)
- Experience in financial services or other highly regulated industries (working directly with enterprise security teams as a service provider)
Tech Stack
- AWS
- Cloud
- Kubernetes
- SDLC
Benefits
- Competitive compensation + meaningful equity
- Opportunity to define and scale the security foundation of a rapidly growing AI platform in financial services
- Direct impact and visibility at the executive level
- A culture optimized for ownership, focus, and high-quality execution
- Remote work flexibility with a preference for NYC-based collaboration