Security Guard ensuring safety and security at Lincoln Electric facility in Euclid, Ohio. Monitoring access control systems, alarm systems, and coordinating emergency responses effectively.
About the role
- Information Security Manager responsible for Aircall’s information security strategy, governance, and risk management. Operating across security, IT, privacy, and product teams in a fast-paced environment.
Responsibilities
- Develop and maintain the company-wide security strategy, policies, and governance frameworks.
- Ensure ongoing compliance with SOC 2, GDPR, NIST.
- Determine in conjunction with the other security stakeholders the company’s strategy to pursue additional certifications and other relevant global security standards (e.g., ISO 27001).
- Participate in building the Governance, Risk & Compliance (GRC) function, aligning with privacy, compliance, and enterprise risk function; maintaining and executing against a risk matrix.
- Ensure that each branch of Information Security is performing its responsibilities effectively and operating in a coordinated manner.
- Lead enterprise-wide security risk assessments, gap analyses, and mitigation planning.
- Partner closely with Legal/Privacy on regulatory obligations, including GDPR, data residency requirements, and incident reporting.
- Oversee vendor risk management and security due diligence, ensuring consistent assessment standards and cross-functional alignment.
- Build and manage a scalable vendor security program, including due diligence, remediation, and monitoring.
- Maintain and refine incident response policies, workflows, roles, and communication procedures.
- Coordinate cross-functional participation during security events, ensuring documentation, communication, and post-incident reporting.
- Serve as the point of escalation for major security events.
- Ensure clear reporting lines, accountability, and coordination between IT Security and Engineering/Product Security.
- Work closely with IT, Product, Engineering, and Data teams to embed security-by-design throughout the development lifecycle.
- Manage dotted-line reporting relationships with Security Engineers and IT team members, ensuring unified strategic direction while respecting functional dependencies.
- Represent Information Security to the Board, Audit Committee, customers, and regulators, as needed.
- Lead company-wide security training and awareness initiatives.
- Promote a security-first culture across all functions, ensuring employees understand their role in protecting company and customer data.
Requirements
- 8+ years of experience in Information Security, including security governance or GRC leadership roles within SaaS or cloud based companies.
- Deep knowledge of SOC 2, ISO 27001, NIST, GDPR, and modern security frameworks.
- Hands-on experience with GRC platform (Drata, One Trust, Vanta etc.)
- Experience leading cross-functional initiatives and managing multiple stakeholders.
- Experience with risk management, vendor security, and policy development.
- Proven ability in dealing with incident response and security operations.
- Strong communication skills, with experience presenting to executives or boards.
Benefits
- Medical, dental, and vision insurance is 100% covered
- 401k plan with company matching!
- Unlimited PTO — take the time you need to come to work feeling great!
- Wellness, commuter, and childcare reimbursements
- Generous parental leave policy
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Cybersecurity & Data Security Junior Associate supporting organizations in data protection through risk assessments and policy development. Collaborating with teams for meaningful contributions in cybersecurity.
Senior Security Consultant delivering complex cybersecurity engagements for high - profile clients. Advising organizations on critical national infrastructure security and compliance.
Safety Specialist focused on fortifying safety culture through engineering and efficiency measures. Managing compliance and conducting training in a hybrid work setting.
Manufacturing Security Specialist ensuring safe and secure satellite manufacturing at ICEYE. Focused on protecting facilities, production, and sensitive information from threats.
Information Security Specialist responsible for implementing security solutions in Tokio Marine. Analyzing and enhancing cybersecurity architectures and tools for diverse IT projects.
Security Engineer II focusing on EDR at Cyderes, providing expert technical support and improving security postures across enterprise environments.
Security Engineer responsible for managing Microsoft Sentinel and Defender XDR systems at Cyderes, a cybersecurity service provider. Focused on detection engineering and platform optimization in a hybrid work setting.
Entra ID Security Specialist developing Identity & Access Management solutions focusing on Microsoft Entra ID. Strategically enhancing modern identity and security architectures in a hybrid work environment.
Senior Staff IT Security Auditor leading complex audit engagements for WGU. Strengthening security posture while mentoring junior analysts and collaborating across teams.