Security & Trust Lead
Jobgether · United States · Yesterday
RemoteRemoteFinanceFull-time
About the role
The Security & Trust Lead will be responsible for building and scaling a comprehensive security, privacy, and compliance program that protects customer data and strengthens organizational trust.
Responsibilities
- Own and develop the organization’s security governance, risk, and compliance (GRC) programs, including security controls, policies, audits, evidence management, and risk assessments.
- Lead compliance initiatives such as SOC 2 Type 2 audits and evaluate additional frameworks where relevant, including ISO 27001 and HIPAA.
- Build scalable and automated security processes by replacing manual evidence collection, reviews, and recurring checks with scripts, APIs, and AI-powered solutions.
- Manage customer data security practices by reviewing data flows, third-party integrations, deletion processes, and privacy-related operational requirements.
- Act as the security reviewer for new tools and vendors by assessing security posture, managing documentation, and ensuring safe adoption of new technologies.
- Own customer-facing trust resources, ensuring security, privacy, and compliance information is clear, accurate, and easily accessible.
- Cook up product security audits, penetration tests, and external assessments in collaboration with engineering teams.
- Investigate and manage security incidents, driving response efforts, root cause analysis, and improvements to prevent future issues.
- Own identity and device security practices, including SSO/IAM strategy, access reviews, onboarding and offboarding processes, and device management.
- Develop employee security programs through engaging training, phishing simulations, and ongoing security awareness initiatives.
Requirements
- 5+ years of experience building and operating security, trust, governance, risk, and compliance programs, ideally within a 50-300 person technology company.
- Proven hands-on experience managing security frameworks, audits, compliance processes, and customer-facing security requirements.
- Strong technical understanding of identity management, SSO/IAM configurations, device security, third-party risk, and data flows.
- Ability to investigate incidents independently by analyzing logs, understanding systems, and coordinating effective responses.
- Experience automating security processes using scripts, APIs, workflow tools, or AI-based solutions.
- A proactive and efficiency-focused mindset, with the ability to identify repetitive processes and turn them into scalable systems.
- Comfortable working cross-functionally with engineering, operations, legal, and leadership teams.
- Strong communication skills with the ability to translate technical security topics into clear business and customer-facing language.
- An AI-positive mindset, with the ability to evaluate risks pragmatically while identifying opportunities to use AI safely and effectively.
Benefits
- Competitive compensation package with an organization-wide goal-based bonus.
- Approximately 5 weeks of paid time off to start, plus company-wide winter holiday break and paid US holidays.
- Flexible 80% work option, allowing employees to choose between a standard schedule or a four-day workweek with adjusted compensation.
- Paid parental leave for primary and secondary caregivers.
- One-month paid sabbatical after every five years with the team.
- Comprehensive healthcare coverage for US residents, including medical, dental, vision, HSA, FSA, and company-paid long-term disability insurance.
- 401(k) matching program for US residents with immediate vesting.
- Fully remote work environment with a strong focus on autonomy, trust, and collaboration.
- Inclusive culture centered around transparency, continuous learning, and long-term impact.