Head of Security & Compliance
Key Responsibilities
- Own endpoint, identity, and network security across a ~300-person, largely remote and hybrid organization
- Manage core security tooling, including SIEM, EDR, and identity and access management, and the vendor relationships behind them
- Run employee security awareness training and phishing simulation programs
- Identify and assess security risks within the organization in real time and implement security measures to mitigate risks
- Own incident response planning and execution for corporate systems, including business continuity and disaster recovery
- Define security policies, standards, and procedures aligned with business objectives and industry best practices
- Partner with engineering in a way that keeps security a natural part of how engineering ships rather than a separate gate
- Own the secure development lifecycle for Aerospike's database and cloud products
- Manage third-party penetration testing and the vulnerability disclosure program
- Own vulnerability management and patching SLAs across the product line, including emerging risks specific to AI infrastructure workloads
- Own SOC 2 Type II and lead the path toward ISO 27001 as the sales pipeline requires it, hiring and managing a compliance lead to run the program day to day
- Respond to customer security questionnaires and support technical due diligence during enterprise procurement
- Conduct regular security assessments and internal/external audits to ensure compliance and effectiveness
- Own customer-facing incident communication and disclosure when a security event triggers contractual notification obligations
- Maintain the security portion of vendor risk assessments and data processing agreements
- Serve as the primary point of contact for customer security teams during the sales cycle
- Manage a team of security and compliance professionals, with a hiring plan tied to company growth
- Own a security risk register and risk appetite framework, and report posture, incident trends, and compliance status against it to executive leadership and the board
- Serve as the primary technical voice on security for executive leadership and customers during procurement, translating risk into terms both audiences can act on
- Own the security budget and prioritize spend against risk
Requirements
- 10-12 years in security roles, with deep, hands-on experience in corporate and product security, including 3-5 years managing a team; a strategic thinker who is still comfortable doing the work directly given the team's current size
- Deep understanding of cloud security architecture and tooling, and familiarity with emerging AI-specific security risk
- Working fluency in compliance frameworks, particularly SOC 2 Type II, sufficient to hire, direct, and evaluate a compliance-focused direct report
- Experience presenting security posture and risk to a board or executive audience
- Track record of partnering with engineering and GTM teams as an enabler
- Experience at a B2B infrastructure or database company preferred, given the technical sophistication of our prospects and customers
Aerospike is an Equal Opportunity Employer. We are committed to providing an environment free from discrimination on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status, or any other basis covered by appropriate law.
To keep our recruitment pipeline as high-performance as our database, Aerospike uses AI-driven tools to streamline resume reviews, scheduling, and communication. While we love smart tech, we value human connection even more. AI helps us optimize the process, but real people make 100% of the actual hiring decisions.
Create a Job Alert
Interested in building your career at Aerospike? Get future opportunities sent straight to your email.
Apply for this job