Career Details

Job Description:

The Security & Compliance Officer will own information security, privacy and regulatory compliance across product, infrastructure and client engagements. You’ll create and run the company’s security program (policies, controls, risk assessments), lead audits/certifications, manage incidents and vendor/security posture and partner with Product, Engineering, Legal and Sales to ensure our solutions are secure, auditable and trustable for enterprise customers.

Responsibilities:

• Design, implement and maintain the company-wide information security and privacy program (policies, standards, procedures, controls).

• Lead compliance efforts and external certifications/audits such as SOC 2, ISO 27001, GDPR readiness, and relevant regional data protection frameworks.

• Create and run the risk management process: asset inventory, risk assessments, threat modeling, risk treatment and regular reporting to execs.

• Develop and operate incident response and breach notification processes; lead incident triage, root-cause analysis, remediation and post-mortems.

• Implement secure development lifecycle practices: code review standards, dependency management, secrets management, secure CI/CD, and SAST/DAST pipelines.

• Establish and maintain vulnerability management: pen test coordination, vulnerability scanning, prioritized remediation, and patch management.

• Drive cloud & infrastructure security: IAM, network segmentation, encryption at rest/in transit, logging/monitoring, and secure configuration baselines (AWS/GCP/Azure).

• Own third-party / vendor security assessments and contract controls (security questionnaires, AOCs, DPAs, SLAs) to reduce supply-chain risk.

• Partner with Product, ML and Engineering teams to assess model/ data risks (data minimization, provenance, explainability, model access controls) and embed privacy-by-design.

• Run employee security awareness, phishing simulations, and role-based training to raise organizational security posture.

• Maintain security telemetry and dashboards (SIEM/Cloud logs), define KPIs (MTTR, patch rates, open vulnerabilities, mean time to detect), and report program health to leadership.

• Draft and negotiate security & privacy clauses for customer contracts, NDAs and data processing agreements together with Legal and Sales when needed.

• Keep abreast of regulatory changes and industry best practices; recommend controls, tooling and process investments to leadership.

Preferred Qualifications:

• 4+ years in information security, security engineering, privacy or compliance roles (longer for senior/head roles); experience with SaaS / cloud-native products strongly preferred.

• Practical experience leading SOC 2 Type I/II or ISO 27001 readiness and audits, or equivalent compliance frameworks.

• Hands-on technical skills: vulnerability scanning, cloud security (IAM, KMS), logging/monitoring, incident response and secure SDLC practices.

• Familiarity with privacy and data protection frameworks (GDPR, PDPA or similar), and experience drafting/negotiating DPAs, AOCs.

• Experience assessing vendor risk and running security questionnaires / third-party assurance processes.

• Strong understanding of cloud platforms and services (AWS/GCP/Azure) and container/orchestration security (Docker/Kubernetes) is a plus.

• Relevant certifications desirable: CISSP, CISM, CISA, CRISC, ISO27001 Lead Implementer/Auditor, or equivalent.

• Comfortable reading and writing technical and legal security documentation; able to translate technical risks into business impact for execs and customers.

• Excellent communication and stakeholder management — works across Product, Engineering, Legal, Sales and Operations.

• Analytical problem-solver with attention to process and detail; proactive mindset and ability to prioritise remediation for highest business impact.

• Degree in Computer Science, Information Security, Engineering, or equivalent experience.