CrawlJobs Logo

Head of Security and Compliance

United States · Job Posted February 21, 2026
Apply Position
Job Link Share

Job Description

The Head of Security and Compliance will be responsible for building and leading Eight Sleep’s security strategy across physical, digital, and operational domains. This leader will ensure the confidentiality, integrity, and availability of our data, systems, and devices, while also protecting our employees and customers. This is a highly cross-functional role requiring collaboration with engineering, product, legal, operations, and executive leadership.

Job Responsibility

  • Oversight and implementation, operation and monitoring of information security tools and processes in customer production environments
  • Responsible for conducting IT risk assessments, documenting identified threats and maintaining risk register
  • Communicates information security risks to executive leadership
  • Reports information security risks annually to Eight Sleep leadership and gains approvals to bring risks to acceptable levels
  • Define and own Eight Sleep’s end-to-end security strategy across cloud, product, corporate, and customer environments
  • Serve as the primary security advisor to the executive team—translating risk into clear business decisions and helping set the company’s security posture and risk tolerance
  • Build and scale Eight Sleep’s security program, including roadmap, processes, metrics, and future team structure
  • Oversee security architecture and practices for software, cloud infrastructure, connected devices (IoT), and data storage
  • Ensure compliance with security frameworks (e.g., SOC 2, GDPR, HIPAA)
  • Lead vulnerability management, threat detection, and incident response
  • Develop protocols for access management, disaster recovery, and crisis response
  • Partner with engineering and product teams to embed security-by-design into all Eight Sleep products
  • Guide threat modeling for cloud services, mobile apps, and hardware/firmware components
  • Implement privacy and security controls that protect customer data and build trust
  • Conduct penetration tests, risk assessments, and security audits
  • Lead Eight Sleep’s compliance programs (e.g., SOC 2, GDPR) and partner with legal on privacy obligations
  • Establish policies, training programs, and awareness initiatives across the organization
  • Lead third-party risk management and vendor security reviews
  • Stay ahead of evolving global regulations around data privacy and security

Requirements

  • 8-10+ years of experience in security engineering, with deep expertise in mobile app security, IoT device security, or cloud infrastructure security
  • Proven expertise in cybersecurity, cloud infrastructure security (AWS), IoT device security, and corporate risk management
  • Experience in consumer technology, health tech, or regulated industries is highly desirable
  • Strong knowledge of compliance standards (SOC 2, ISO 27001, HIPAA, GDPR, etc.)
  • Excellent communication and stakeholder management skills
  • Ability to balance risk with business agility in a fast-paced startup environment

Nice to have

  • Knowledge of embedded or firmware security, secure boot processes, firmware signing, or hardware supply chain security
  • Experience with wireless communication protocols (Bluetooth, Wi-Fi) and their security implications
  • Familiarity with data observability, automated testing frameworks, or security instrumentation for IoT systems
  • Ability to lead or review low-level security considerations in constrained environments (embedded systems, microcontrollers), even if not your primary specialty
  • Experience scaling a security function from early-stage foundations to a mature, metrics-driven program

What we offer

  • Equity participation
  • Periodic equity refreshments based on performance
  • Every Eight Sleep employee receives a Pod

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Head of Security and Compliance

8 matching positions

Head of Workforce Security and Compliance

Head of Workforce Security and Compliance is a senior leadership position within...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
jobs.360resourcing.co.uk Logo
360 Resourcing Solutions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive experience in senior security leadership, ideally in large-scale international events, complex organisations, or critical infrastructure.
  • Proven track record in workforce planning, workforce security management and security training.
  • Experience in procurement and delivery of significant security contracts
  • Experience managing cross-functional teams and multiple security programs simultaneously.
  • Strong leadership, strategic thinking, and decision-making capabilities.
  • Proficiency in workforce modelling, resource planning, and operational security frameworks.
  • Experienced in trusted workforce programme development through risk-based analysis
  • Excellent communication and stakeholder management skills.
  • Problem solver – ability to use own initiative to find new solutions and methods of working
Job Responsibility
Job Responsibility
  • Strategic planning, oversight, and delivery of all workforce-focused security and compliance functions for the tournament.
  • Private Contract Safety & Security Planning – planning, procurement, and deployment of safety and security personnel across all venues.
  • Trusted Workforce Program, Training & Communications – overseeing vetting, safeguarding, training, and security-conscious communications.
  • Developing policies, operational frameworks, and workforce strategies that mitigate risk, enhance security outcomes, and deliver a robust, reliable, and compliant workforce.
What we offer
What we offer
  • 25 days holiday
  • contributory pension
  • Private Medical Insurance
  • Fulltime
Read More
Arrow Right

Head of Security Projects and Compliance

You’ll have an important part to play for the assurance of a safe and secure wor...
Location
Location
United Kingdom , Nuneaton
Salary
Salary:
60000.00 GBP / Year
unipart.com Logo
Unipart Logistics
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Demonstrable engaging leadership experience in a security risk management position, ideally within the logistics industry
  • Excellent knowledge and understanding of Supply Chain Security Solutions (Warehouse and Transport) and operational procedures
  • High level of demonstrable knowledge regarding the management and delivery of multiple security projects in complex environments
  • Proven experience in prioritising own workload around tight deadlines in a pressurised environment
  • Excellent presentation and communication skills, as well as excellent organisational skills
  • Management of physical security systems to ensure effective control measures remain proportionate and cost effective
  • Demonstrate in-depth experience of managing external security suppliers
  • High level of PC literacy, in particular Microsoft Office and Google suite
Job Responsibility
Job Responsibility
  • Proactively develop collaborative relationships with our Commercial, Bid Management and Project teams to ensure active engagement on all new business opportunities and projects
  • Manage the installation of any security infrastructure upgrades and/or new builds as required
  • Ensure all relevant security documented processes and procedures are developed and implemented across your area of responsibility
  • Work collaboratively with the Security Operations team to identify cost efficiencies and resource optimisation on security related projects
  • Safeguard the reputation of the business by ensuring strict adherence to legislative, regulatory, and customer security requirements are effectively implemented and maintained (E.g. AEO, C-TPAT)
  • Support and mentor the Security Operations team to ensure site Security Risk Classification and audit programmes are strictly adhered to
  • Investigate breaches of technical security policies
  • Provide security systems training and ongoing support
  • Serve as a point of contact for security-system related issues
What we offer
What we offer
  • car / car allowance
  • 33 days holiday
  • pension
  • life assurance
  • employee assistance programme
  • wellbeing support
  • flexible benefits scheme
  • Fulltime
Read More
Arrow Right

Head of Information Security, Risk and Compliance

Senior leadership position within the IT Operations team. The primary mission is...
Location
Location
United Kingdom , Thame
Salary
Salary:
110000.00 GBP / Year
travelodge.co.uk Logo
Travelodge Hotels Limited
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Certifications: CCSP, CISSP-ISSMP, or CISM
  • Methodologies: ITIL v4 Foundation
  • FAIR Risk Modelling
  • experience in Project Management or Business Change
  • Advanced Tech: Experience defining Zero Trust Architecture (ZTA) and implementing security controls within public cloud environments (IaaS/PaaS)
  • pragmatic, hands-on leader
  • master of communication
  • self-starter
  • technical expertise rooted in securing critical B2B and B2C eCommerce platforms, particularly within hosted and SaaS-heavy environments
  • expert-level knowledge of perimeter, cloud, network, and data security
Job Responsibility
Job Responsibility
  • Strategic Leadership: Develop a continuously evolving security roadmap and "defence in depth" strategy
  • manage both internal teams and strategic third-party partners
  • Operational Management: Oversee 24x7x365 security operations, including continuous monitoring, threat assessment, incident response (CIRT)
  • Risk & Compliance: Develop and maintain an industry-standard Risk Management framework
  • ensure compliance with PCI-DSS, GDPR, and NIST frameworks
  • Governance & Policy: Maintain Information Security policies and conduct regular audits of processes and controls
  • Technical Oversight: Coordinate vulnerability management, penetration testing, and code reviews
  • provide "Secure by Design" architectural guidance for all new initiatives
  • Supply Chain & Budget: Manage a portfolio of security vendors to ensure value and responsiveness
  • oversee the OPEX and CAPEX budgets that enable your function to operate and continuously improve
What we offer
What we offer
  • Annualise Bonus
  • Car Allowance
  • Contributory pension scheme
  • 50% personal discount for hotel bookings and great friends and family discounts too
  • 25 days holiday + bank holidays, increasing with length of service
  • A focus on learning and career development
  • Fulltime
Read More
Arrow Right

Head of Security & Compliance

Plaud is building the next generation intelligence infrastructure and interfaces...
Location
Location
United States , San Francisco
Salary
Salary:
260000.00 - 340000.00 USD / Year
plaud.ai Logo
Plaud
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree or higher in Computer Science, Software Engineering, or a related field
  • At least 5 years of experience working in global SaaS/AI companies
  • Comfortable working across time zones and collaborating asynchronously
  • Strong communication skills with empathy
  • Adaptive, collaborative, and proactive in driving outcomes
Job Responsibility
Job Responsibility
  • Build and execute a comprehensive security and compliance strategy covering enterprise IT, product, and cloud environments
  • Establish data protection, access control, and incident response policies across all regions and platforms
  • Partner with Engineering, IT, and Legal to ensure security-by-design in all AI systems, devices, and data pipelines
  • Lead company-wide security awareness and governance programs to embed a culture of trust and compliance
  • Drive SOC2, GDPR, and ISO27001 readiness, managing external audits and maintaining global certification programs
What we offer
What we offer
  • Top-tier healthcare for employees and dependents, including dental and vision, and a generous employer subsidy
  • 401(k) plan for full time employees with company matching
  • Unlimited PTO, plus 13 paid holidays
  • 12 weeks of paid time off to spend time with your new family, regardless of gender
  • New hires are equipped with their choice of new top-of-the-line laptops and workstation setups
  • Best office equipment
  • Annual offsites
  • Free office drinks and snacks
  • Fulltime
Read More
Arrow Right

Head of Governance, Risk and Compliance - CISO function - BPL

The Head of GRC leads the pillar responsible for ensuring the organisation under...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
barclays.co.uk Logo
Barclays
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • CISM, CRISC, or CISSP certification
  • Experience with DORA (Digital Operational Resilience Act) compliance requirements and implementation
  • ISO 27001 Lead Auditor or Lead Implementer certification
  • PCI QSA or Internal Security Assessor (ISA) qualification
  • Previous experience in FinTech, Digital Banking, Payment Acquiring organisation
  • Experience with Visa GACS and Mastercard SDP acquirer compliance programmes
  • Significant experience of progressive experience in information security governance, risk, and compliance, with at least 5 years leading a GRC team in a regulated environment
  • Strong understanding of UK GDPR and the role of security controls in meeting data protection obligations, including breach notification requirements and data protection impact assessments
  • Experience designing and operating security control frameworks mapped to multiple regulatory requirements simultaneously (e.g., a single framework serving PCI DSS, FCA, and GDPR)
  • Understanding of cloud-native architectures and their implications for compliance and risk management
Job Responsibility
Job Responsibility
  • Own the security policy framework, ensuring policies are current, proportionate, and aligned to PCI DSS, FCA expectations, UK GDPR, and DORA requirements
  • Maintain and operate the security risk register, ensuring risks are assessed consistently using a defined methodology, owned explicitly, and reported accurately to the CISO and Executive Leadership Team (ETL)
  • Manage the relationship with external auditors, the Qualified Security Assessor (QSA), and 2nd/3rd Line of Defence (LoD) on all security and technology risk matters
  • Own the third-party security assurance process, ensuring all vendors, partners, and card scheme integrations are risk-assessed with a tiered approach proportionate to data access and criticality
  • Chair the monthly Cyber and Tech Risk and Controls Forum, presenting risk posture, compliance status, and material findings to the CISO, CIO and ELT
  • Design and maintain the control framework, mapping controls to PCI DSS, FCA, UK GDPR, and DORA requirements, and ensuring control effectiveness is tested on a continuous cycle
  • Produce KRI dashboards and risk reporting for CISO, CIO, and ELT consumption, ensuring risk is communicated in business terms
  • Lead regulatory and audit engagement on security matters, coordinating regulatory review and audit interactions and proactively managing stakeholder relationships
  • Own the risk assessment calendar, ensuring both cyclical and event-driven assessments are executed on schedule with appropriate rigour
  • Manage the risk acceptance process, ensuring risk acceptance decisions are documented, time-bound, approved at the appropriate authority level, and reviewed before expiry
What we offer
What we offer
  • Competitive holiday allowance
  • Life assurance
  • Private medical care
  • Pension contribution
  • Fulltime
Read More
Arrow Right

Global Head of Cyber Risk and Compliance

The Technology & Cyber Compliance and Operational Risk Office (TCCORO) at Citi i...
Location
Location
United States , Irving, Texas, United States, New York, New York, United States
Salary
Salary:
250000.00 - 500000.00 USD / Year
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 20+ years' experience in technology risk and/or cyber risk management in the banking/financial services industry, or related field, with at least 5+ years in 2nd or 3rd line senior leadership positions
  • Subject matter expert in technology risk and/or cyber risk management principles and practices across various information system architecture and engineering domains
  • Proven experience in managing complex risk portfolios and developing strategic risk management frameworks for large organizations
  • Robust understanding of operational risk management frameworks, industry standards, regulatory requirements, and risk mitigation practices
  • Experience managing and overseeing large remediation and transformation programs to achieve intended results
  • Extensive experience in effective written and verbal communication with executive audiences including Boards
  • Experienced risk challenger who balances risks vs. rewards aligned with corporate risk culture
  • Understanding of Citi products and services and downstream impacts of technology risk and/or cyber risk strategy
  • Professional certifications in either technology risk and/or cyber risk preferred, including: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), ERM, CET, ISO27001, COBIT, TOGAF, or CRI
  • In-depth, working knowledge of banking technologies, fraud, cybercrime detection and countermeasures, encryption, data retention, as well as information security support for segregation of duties, application development, network and systems operation, testing and vendor management
Job Responsibility
Job Responsibility
  • Oversight and challenge of the cybersecurity incident response programs
  • Oversight of the security operations center (SOC) and cybersecurity fusion center (CSFC)
  • Oversight of cybersecurity penetration testing and red-team operations
  • Oversight of the Chief Information Security Office (CISO), including the review of the effectiveness of the controls, standards and programs across the enterprise
  • Implementation of guidance for overseeing Emerging Technology and Operational Risks, in compliance with OCC Heightened Standards
  • Able to present and lead discussions with key Regulators, internal and external auditors, as well the Board of Directors and the Risk and Audit sub-committees
  • Governance and Oversight of security risks impacting the business and technology
  • Support in the development of Cyber Policy and Standards
  • Oversight of Key Operational Risks and related indicators and thresholds
  • Challenge of Cyber Risk Self Assessments
What we offer
What we offer
  • Discretionary and formulaic incentive and retention awards
  • medical, dental & vision coverage
  • 401(k)
  • life, accident, and disability insurance
  • wellness programs
  • paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays
  • Fulltime
Read More
Arrow Right

Head of Health, Safety, Environment, and Security

Interim Head of Health, Safety, Environment, and Security to foster a 'safety fi...
Location
Location
United Kingdom , West Midlands
Salary
Salary:
Not provided
boden-group.co.uk Logo
Boden Group
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive leadership experience in Health, Safety, Environmental, and Security management within the Facilities Management sector
  • Deep knowledge of health and safety legislation and practical experience managing ISO 45001 standards
  • Strong technical proficiency in conducting risk assessments and leading serious incident investigations
  • Exceptional stakeholder management skills, with the ability to influence at the Board level and engage effectively with site teams
  • A proactive, problem-solving approach to continuous improvement and operational safety
  • Flexibility and presence you are expected to be hands-on and visible across site locations in the West Midlands.
Job Responsibility
Job Responsibility
  • Develop and execute a comprehensive HSE strategy, cultivating a robust safety culture and ensuring continuous improvement across the entire business
  • Provide expert counsel to Directors and Managers, ensuring full compliance with the Health and Safety at Work Act 1974 and all other pertinent legislation
  • Oversee ISO 45001 certification, managing the ongoing non-conformance reporting process and maintaining high governance standards
  • Lead complex investigations into accidents and near-miss incidents, performing root cause analyses and ensuring the implementation of corrective actions
  • Drive operational risk management, conducting workplace inspections and audits to ensure effective control measures and PPE standards are met
  • Manage HSES reporting and documentation, engaging with clients, regulators, and external bodies while overseeing the safety budget and KPIs
  • Develop training programmes for employees and contractors, ensuring every individual understands their specific HSES responsibilities.
What we offer
What we offer
  • A competitive day rate ranging from £600 to £700 per day
  • A high-influence role reporting directly to senior leadership
  • The opportunity to collaborate with a dedicated team focused on operational excellence
  • A supportive environment that values innovation and a proactive safety culture
  • The chance to shape safety practices within a market-leading FM provider.
  • Fulltime
Read More
Arrow Right

Director for APAC and EMEA Head of Middle Office and Fund Accounting Shared Services

This Director-level role leads the EMEA and APAC Middle Office and Fund Accounti...
Location
Location
Poland , Warsaw
Salary
Salary:
510000.00 PLN / Year
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of progressive experience in a senior Middle Office or Investment Operations role
  • 10+ years of people management experience, including leading manager-of-manager teams or similarly sized large teams
  • Proven stakeholder management skills with a demonstrated ability to build and nurture long-term relationships
  • Deep knowledge of pre-NAV functions and the essential inputs for publishing IBOR and ABOR records for complex assets
  • Demonstrated track record of implementing process standardization and efficiency initiatives
  • Possess a continuous improvement and transformation mindset, utilizing data-driven insights to identify opportunities and develop innovative solutions
  • Extensive experience working on complex projects, leveraging agile methodologies and rapid development to deliver quick-to-market, client-focused solutions that achieve quantifiable commercial and operational objectives
  • Excellent communication skills (oral & written) and demonstrated executive presence
  • Proven experience in direct, senior-level client and vendor engagement
  • Bachelor's/University degree required
Job Responsibility
Job Responsibility
  • Provide functional leadership for global Transaction Control, Corporate Action, and Product Reference Data teams
  • Deliver day-to-day leadership across APAC and EMEA regions, ensuring timely and accurate data provision to Middle Office and Fund Accounting teams for IBOR and ABOR NAV generation
  • Serve as a primary escalation point for the operations team, ensuring transparent and consistent communication across all operational groups
  • Monitor service level standards and provide senior management with comprehensive compliance reporting
  • Maintain an environment where processes and controls are rigorously monitored, and potential risks are escalated promptly
  • Drive productivity and scale across teams, developing and leading strategic plans, and securing necessary budgetary and resourcing support
  • Collaborate with implementation teams to ensure smooth client onboarding and seamless integration into fully automated, scalable operating models
  • Partner with Product, Technology, and Change teams to define and execute the roadmap for platform investment initiatives
  • Coordinate, execute, and report on initiatives designed to understand cost drivers and evaluate client profitability
  • Engage with Operations partners in Enterprise Reference Data teams to develop an end-to-end global target state operating model that maximizes efficiency, ensures resilience, and aligns with downstream NAV producing teams
What we offer
What we offer
  • Employer paid Defined Contribution Pension Plan contribution of 6% of employee's pensionable earnings (PPE Program)
  • Employer paid Private Medical Care Package for employees and Private Medical Care Packages for certain family members available at preferential rates
  • Employer paid Life Insurance Program for employees and Life Insurance for certain family members available at preferential rates
  • Employee Assistance Program financed by Employer
  • Paid Parental Leave Program (maternity and paternity leave
  • statutory and 2 weeks additional paid paternity leave)
  • Sport Card for employees subsidised via Social Benefits Fund and Sport Cards for certain family members available at preferential rates
  • Additional benefits from Company's Social Benefit Fund, in particular: Holidays Allowance, support for sport and cultural activities, team building events
  • Additional day off for volunteering
  • Cafeteria/ flex benefit – a company benefits system which enables employees to select and purchase benefits offered by a provider and available for employees on the platform
  • Fulltime
Read More
Arrow Right