- Company Name
- Ashby
- Job Title
- Head of Security
- Job Description
-
**Job Title**
Head of Security
**Role Summary**
Lead the security function at a high‑growth SaaS company, scaling an existing security program from a single‑person team to a 1–3 person squad. Oversee strategy, policy, automation, and incident response while ensuring rapid, secure product development and compliance with enterprise‑level data protection regulations.
**Expectations**
- Expand the security team and mature processes to support 120%+ YoY growth.
- Achieve a balanced risk profile that protects PII and infrastructure while enabling agile product innovation.
- Actively communicate security posture, incidents, and best practices to internal stakeholders and key enterprise customers.
- Deliver measurable improvements in security KPIs (e.g., reduced mean time to detect, increased automation coverage).
**Key Responsibilities**
1. **Team & Program Development** – Recruit, onboard, and mentor security engineers; define roles and workflows.
2. **Policy & Process Engineering** – Design and document enterprise‑wide security policies (access, data handling, third‑party risk).
3. **Automation & Tooling** – Build or integrate security automation (CI/CD pipeline checks, IAM controls, threat detection).
4. **AI & Product Security** – Develop controls for LLM/AI adoption; collaborate with product/engineering to embed security in new features.
5. **Incident Response & Risk Management** – Lead investigations, coordinate with support and engineering, and define post‑incident lessons.
6. **Compliance & Governance** – Ensure adherence to GDPR, CCPA, SOC 2, ISO 27001, and other relevant standards.
7. **Stakeholder Engagement** – Partner with customer security teams, executive leadership, and external auditors.
**Required Skills**
- **Technical Expertise**: Cloud security (AWS/Azure/GCP), CI/CD security scans, threat modeling, IAM, encryption, secure coding.
- **Security Frameworks**: NIST, ISO 27001/27002, SOC 2, PCI‑DSS, GDPR, CCPA.
- **Automation**: Scripting (Python/Bash), configuration management (Terraform, Ansible), in‑house security tooling.
- **AI/ML Security**: Knowledge of LLM vulnerabilities and mitigation strategies.
- **Leadership**: Team building, cross‑functional collaboration, influence without authority.
- **Communication**: Executive‑level briefing, incident reporting, technical documentation, customer engagement.
**Required Education & Certifications**
- Bachelor’s or Master’s in Computer Science, Cybersecurity, Information Assurance, or related field.
- Certifications (preferred): CISSP, CISM, CISA, or Cloud Security (e.g., CCSP).
- Proven experience leading a full‑cycle security program in a fast‑growth SaaS environment.