Head of Information Security- 5 days onsite New York, NY

Head of Information Security

We are seeking a visionary and hands-on Head of Information Security to design, implement, and scale our security strategy in a dynamic startup environment. This critical leadership role requires both deep technical expertise and strategic acumen, with a focus on enabling business growth while safeguarding our systems and data. Reporting directly to the CTO, you will own the company's security posture, driving the framework, processes, and culture needed to scale securely and build long-term customer trust.

The company is located in Brooklyn, NY and will be 5 days onsite.

What You Will Be Doing:

• Define and lead a secure-by-design architecture that balances risk mitigation with operational efficiency.
• Enhance endpoint and cloud security using tools such as CrowdStrike and modern MDM solutions.
• Establish and enforce best practices for Google Workspace security and select critical security tooling to enable a scalable, low-friction environment.

• Act as the primary security partner for business stakeholders, supporting compliance initiatives such as SOC 2 and ISO 27001.
• Develop security policies, procedures, and documentation that mitigate risk, accelerate sales cycles, and strengthen customer confidence.

• Lead end-to-end security operations, including proactive threat hunting, monitoring, and incident response.
• Define and track risk metrics, build robust alerting systems, and act as the primary incident commander during security events.

• Partner with IT, product, and engineering to embed security into all stages of the development lifecycle.
• Provide guidance on secure identity and access patterns (SSO/SAML) and enforce least-privilege access.
• Clearly communicate complex risks to technical and non-technical audiences, fostering a culture of shared responsibility for security.

Required Skills & Experience:

• Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience).
• 7+ years of progressive information security experience in a SaaS environment, with strong focus on endpoint and cloud security.
• 3+ years in a startup or high-growth setting.
• Hands-on expertise with EDR platforms, particularly CrowdStrike Falcon (architecture, configuration, threat hunting, and incident response).
• Proven success implementing and managing MDM solutions across macOS, Windows, iOS, and Android.
• Strong administrative knowledge of Google Workspace security features (DLP, context-aware access, advanced configurations).
• Experience designing and managing SSO/SAML integrations and enforcing least-privilege access across SaaS environments.
• Background in vulnerability management, from scanning through remediation.
• Familiarity with compliance frameworks (SOC 2, ISO 27001, NIST, GDPR) is preferred.
• Scripting and automation skills (Python, PowerShell) are a plus.

Applicants must be currently authorized to work in the United States on a full-time basis now and in the future.
This position doesn't provide sponsorship.