Tech Stack

Description

You'll lead the security, privacy, and compliance program for Code and Theory's SaaS products and client projects. This includes owning SOC 2 and ISO certifications, establishing governance, and partnering with teams to embed security into delivery. Your work builds trust and enables the company to win and deliver projects securely.

Requirements

• 8+ years in information security, including leadership in SaaS and/or professional services.
• Strong understanding of application and cloud security fundamentals.
• Demonstrated ownership of SOC 2 Type II and ISO 27001 programs.
• Strong working knowledge of HIPAA, GDPR, and CCPA/CPRA.
• Ability to communicate security concepts to diverse stakeholders.

Responsibilities

• Lead SOC 2 Type II, ISO 27001, and ISO 42001 readiness and ongoing compliance.
• Own ISMS and AI governance documentation and oversight.
• Lead privacy governance ensuring compliance with HIPAA, GDPR, CCPA/CPRA.
• Partner with delivery teams to embed security and privacy into build processes.
• Establish client engagement security plans and lead vendor security reviews.