A full-time job opportunity for a senior level IT Security & Compliance Specialist to spearhead security initiatives and governance frameworks. In this role, you will bridge the gap between high-level compliance and hands-on technical security engineering. You will manage our compliance pipelines, protect our fintech workflows, and champion a security-first culture across our entire organization.
This job is perfect for a proactive security professional who thrives in SaaS environments and loves securing cutting-edge tech ecosystems (including cloud, mobile, and AI).
Β
Responsibilities:
ββ Lead and manage the end-to-end process of achieving and maintaining our SOC 2 compliance.
ββ Create, enforce, and govern comprehensive IT and Information security policies across the entire organization.
ββ Serve as the primary security liaison for enterprise clients, confidently answering complex security questionnaires and navigating financial audits.
ββ Interface directly with client security teams, respond to vendor security questionnaires, and optimize our IT Managed Service Provider (MSP) relationships to dictate how we best leverage them.
ββ Act as a hands-on security engineer to review and improve secure coding practices across our React and Node.js codebase, ensuring the safety of our fintech workflows.
ββ Manage and monitor DevSecOps tools like Snyk to catch vulnerabilities early in the CI/CD pipeline.
ββ Conduct internal penetration tests, review Β Β Β Β Firebase/Firestore security rules, and rigorously develop disaster recovery plans.
ββ Design and execute vulnerability testing specifically for our AI features, running prompt injection tests against our LLMs and chat-bots to ensure data integrity.
ββ Take full ownership of company-wide security awareness training, Β Β Β Β actively building an internal culture of vigilance and security awareness.
Β
Required experience & skills:
ββ Experience managing/leading the end-to-end process of achieving and maintaining SOC 2 compliance, OR comparable/translatable audit and compliance frameworks (e.g., ISO 27001, HIPAA, PCI-DSS). β Recent experience preferred; minimum 5 years; multiple audits/renewals preferred.
ββ A proven background working within SaaS environments, with a strong preference for candidates experienced in logistics, supply chain, or short-haul trucking platforms (specifically dealing with truck routing and fleet dispatch).
ββ Proven experience serving as a primary security contact for medium to large enterprises.
ββ Strong exposure to secure processes for diverse, interconnected ecosystems across web, mobile, cloud infrastructure, and APIs.
Β
Preferred deep hands-on software-security engineering is a bonus and not expected day one.
Next-Level Technical Requirements. . .
ββ Ability to work hands-on with React and Node.js codebases to implement secure coding practices.
ββ Direct experience with DevSecOps tools (e.g., Snyk), CI/CD pipelines, internal penetration testing, and Firestore/Firebase security rule governance.
ββ Experience or strong capability in running prompt injection tests and securing LLM-powered chatbots.
ββ Familiarity with cloud security, preferably within the Google Cloud Platform (Google Cloud Platform) and Firebase ecosystem.
ββ Familiarity with modern AI security frameworks, including protecting custom AI models and securing Model Context Protocol (MCP) servers.