This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Security & Trust Lead based in United States.
As a Security & Trust Lead, you will take ownership of building and scaling a comprehensive security, privacy, and compliance program that protects customer data and strengthens organizational trust. This role offers the opportunity to establish security practices from the ground up, combining technical expertise, operational excellence, and automation-driven thinking. You will work closely with engineering, operations, and leadership teams to create secure processes, improve compliance readiness, and enable business growth. The position is ideal for a hands-on security professional who enjoys solving complex challenges, leveraging technology to improve efficiency, and building programs that have a direct impact on customer confidence. You will operate in a remote, collaborative environment where ownership, transparency, and continuous improvement are highly valued.
This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Security & Trust Lead based in United States.
As a Security & Trust Lead, you will take ownership of building and scaling a comprehensive security, privacy, and compliance program that protects customer data and strengthens organizational trust. This role offers the opportunity to establish security practices from the ground up, combining technical expertise, operational excellence, and automation-driven thinking. You will work closely with engineering, operations, and leadership teams to create secure processes, improve compliance readiness, and enable business growth. The position is ideal for a hands-on security professional who enjoys solving complex challenges, leveraging technology to improve efficiency, and building programs that have a direct impact on customer confidence. You will operate in a remote, collaborative environment where ownership, transparency, and continuous improvement are highly valued.
Accountabilities:
- Own and develop the organization’s security governance, risk, and compliance (GRC) programs, including security controls, policies, audits, evidence management, and risk assessments.
- Lead compliance initiatives such as SOC 2 Type 2 audits and evaluate additional frameworks where relevant, including ISO 27001 and HIPAA.
- Build scalable and automated security processes by replacing manual evidence collection, reviews, and recurring checks with scripts, APIs, and AI-powered solutions.
- Manage customer data security practices by reviewing data flows, third-party integrations, deletion processes, and privacy-related operational requirements.
- Act as the security reviewer for new tools and vendors by assessing security posture, managing documentation, and ensuring safe adoption of new technologies.
- Own customer-facing trust resources, ensuring security, privacy, and compliance information is clear, accurate, and easily accessible.
- Coordinate product security audits, penetration tests, and external assessments in collaboration with engineering teams.
- Investigate and manage security incidents, driving response efforts, root cause analysis, and improvements to prevent future issues.
- Oversee identity and device security practices, including SSO/IAM strategy, access reviews, onboarding and offboarding processes, and device management.
- Develop employee security programs through engaging training, phishing simulations, and ongoing security awareness initiatives.
- 5+ years of experience building and operating security, trust, governance, risk, and compliance programs, ideally within a 50–300 person technology company.
- Proven hands-on experience managing security frameworks, audits, compliance processes, and customer-facing security requirements.
- Strong technical understanding of identity management, SSO/IAM configurations, device security, third-party risk, and data flows.
- Ability to investigate incidents independently by analyzing logs, understanding systems, and coordinating effective responses.
- Experience automating security processes using scripts, APIs, workflow tools, or AI-based solutions.
- A proactive and efficiency-focused mindset, with the ability to identify repetitive processes and turn them into scalable systems.
- Comfortable working cross-functionally with engineering, operations, legal, and leadership teams.
- Strong communication skills with the ability to translate technical security topics into clear business and customer-facing language.
- An AI-positive mindset, with the ability to evaluate risks pragmatically while identifying opportunities to use AI safely and effectively.
- Competitive compensation package with an organization-wide goal-based bonus.
- Approximately 5 weeks of paid time off to start, plus company-wide winter holiday break and paid US holidays.
- Flexible 80% work option, allowing employees to choose between a standard schedule or a four-day workweek with adjusted compensation.
- Paid parental leave for primary and secondary caregivers.
- One-month paid sabbatical after every five years with the team.
- Comprehensive healthcare coverage for US residents, including medical, dental, vision, HSA, FSA, and company-paid long-term disability insurance.
- 401(k) matching program for US residents with immediate vesting.
- Fully remote work environment with a strong focus on autonomy, trust, and collaboration.
- Inclusive culture centered around transparency, continuous learning, and long-term impact.