Jobs · Information Technology

InfoSec & IT Lead

RevOptimal · New Orleans, LA · 6 mo ago
RemoteRemoteInformation TechnologyFull-time

About the role

RevOptimal is building the future of privacy-conscious identity resolution for advertising. Instead of relying on outdated identifiers like cookies, IP addresses, or device IDs, we resolve identity using deterministic, people-based signals to help advertisers reach real audiences with greater precision and confidence.

Responsibilities

  • Security strategy & architecture
    • Define and execute the company security strategy and roadmap across cloud, data, application, and infrastructure security.
    • Lead the design and pragmatic implementation of Zero Trust architecture principles (identity-centric controls, least-privilege access, micro-segmentation, device posture and conditional access).
    • Design and enforce secure cloud architecture patterns (AWS best practices for S3, IAM, KMS, VPCs, cross-account roles and clean-room integrations).
    • Implement secure key management, encryption at rest / in transit, and data classification & retention standards appropriate for sensitive data.
    • Own SOC 2 readiness, audit lifecycles and evidence automation.
    • Lead ISO 27001:2022 readiness and the ISMS lifecycle when appropriate (scoping, risk assessment & treatment, SoA, internal/external audits).
    • Own data privacy compliance frameworks across relevant regimes: US state privacy laws (e.g., CPRA/CCPA and other state statutes) and EU GDPR.
      • Maintain a comprehensive data map / Record of Processing Activities (RoPA) covering personal data flows, storage locations, retention and processors.
      • Run Data Protection Impact Assessments (DPIAs) for high-risk processing and partner integrations.
      • Operate a DSAR / DSR process (data subject access/deletion/portability requests) and ensure timely responses that meet legal deadlines.
      • Manage Data Processing Agreements (DPAs) and contractual privacy controls with vendors and partners.
      • Implement and enforce privacy-by-design/default controls and data minimization across technical and product solutions.
      • Ensure lawful cross-border data transfer mechanisms (e.g., SCCs, adequacy assessments, and technical safeguards) and document them appropriately.
    • Operate and maintain compliance automation tooling (e.g., Vanta) and privacy management tooling; track remediation and evidence collection.
    • Build and operate detection & monitoring (centralized logging, alerting and lightweight SIEM).
    • Manage vulnerability scanning, third-party pen testing, remediation workflows and risk treatment.
    • Secure onboarding and hardening of partner integrations (S3 buckets, IAM roles, cross-account access, clean-room patterns).
    • Assess and govern third-party security and privacy posture with technical and contractual controls.
    • Manage day-to-day IT for a company
    • Own vendor relationships for IT/security/privacy services and provide escalated IT support.
    • Evangelize security and privacy across the company: training, phishing simulations, privacy awareness.
    • Report security and privacy KPIs to executives (SOC 2/ISO coverage, Zero Trust adoption, DSAR SLAs, MTTR).

    Requirements

    • 6+ years of professional experience in information security, with at least 3 years in a leadership/managerial role.
    • Hands-on cloud security experience in AWS (S3, IAM, KMS, CloudTrail, CloudWatch, VPCs, cross-account roles).
    • Practical experience leading SOC 2 readiness and audit programs and operating compliance automation tools.
    • Practical experience implementing Zero Trust principles in cloud environments.
    • Practical experience with GDPR and with US state privacy laws (CCPA/CPRA and/or other modern state privacy statutes), including DSAR/DSR handling, DPIAs, RoPA, DPAs and breach notification processes.
    • Strong operational security capabilities (vulnerability management, IR, logging/monitoring, IAM, encryption).
    • Practical IT operations experience for small companies (MDM, SSO/MFA, onboarding/offboarding).
    • Excellent written and verbal communication skills.
    • Formal security certification preferred (CISSP, CISM).
    • Experience directly driving or supporting ISO 27001:2022 certification and managing an ISMS.
    • Privacy certifications: CIPP/US, CIPP/E or equivalent.
    • Experience designing and implementing Zero Trust at scale and familiarity with NIST SP 800-207.
    • Familiarity with privacy and governance tooling (OneTrust, TrustArc, BigID) and with SOC 2 automation (Vanta).
    • Infrastructure as code experience (Terraform/CloudFormation) and secure CI/CD pipelines.
    • Experience with global privacy topics (Schrems II implications, SCCs, adequacy) and with managing cross-border transfer risk.
    • Familiarity with CPRA, Virginia, Colorado, Connecticut, Utah privacy rules and breach notification regimes.
    • Cloud: AWS — S3, IAM, KMS, CloudTrail, CloudWatch, Inspector/Inspector2, cross-account roles, clean-room patterns.
    • Compliance & privacy: Vanta (SOC 2 automation) and privacy management tools (OneTrust/TrustArc or equivalent) for RoPA/DPIAs/DSAR workflows.
    • Identity & Zero Trust tooling: SSO/IdP (Okta/AWS SSO), MFA/conditional access, ZTNA/SASE or equivalent.
    • Productivity & HR: Google Workspace, Slack, Atlassian (Jira/Confluence), Rippling.
    • Detection/EDR/SIEM: CloudWatch/CloudTrail, AWS Inspector/Inspector2, chosen EDR/SIEM tooling.

Similar jobs

Information Security Lead

Click Therapeutics, Inc.New York, NY· 3 wk ago
Information Technology$130k–$200k/yrapply on grnh.se

Information Systems Lead

Amphenol Communications SolutionsNashua, NH· 2 wk ago
Information Technologyapply on amphenol-tcs.acquiretm.com