CrawlJobs Logo
Helpcare AI Logo Helpcare AI · IT - Administration

Security & Compliance Lead

United States, New York 150000.00 - 225000.00 USD / Year · Job Posted June 16, 2026
Apply Position
Job Link Share

Job Description

We're a fast-growing startup with a small but talented engineering team, and we're hiring our first Security & Compliance Lead to build the foundation for our security program. This is a high-ownership, high-autonomy role with a broad mandate: you'll own the security and compliance surface end-to-end, from access management and SOC 2 to infrastructure security and customer trust. You'll report to CTO with full ownership of the security and compliance domain. In year one, the work skews toward access management, SOC 2, and customer-facing security. Over time, the role grows into broader security engineering: monitoring, incident response, vendor risk, and architecture review. If you've built a security program from scratch before and liked it, you'll recognize this job. If you want to build something from the ground up rather than slot into an existing program, read on.

Job Responsibility

  • Access & identity management (Production access, service accounts, SSO, and the lifecycle of both - provisioning, periodic review, deprovisioning)
  • SOC 2 (own the program end-to-end, mapping controls to our environment, driving evidence collection, and getting us through Type 1 and then Type 2 and other security frameworks)
  • Customer trust (own security questionnaires, RFP security sections, and the customer-facing trust narrative - trust center, security overview docs, DPAs)
  • Infrastructure security (VM lifecycle and patching, baseline hardening, secrets management, vulnerability management, and cloud security posture)
  • Security engineering over time (logging and monitoring, incident response runbooks, vendor security reviews, and partnering with engineering on secure design)

Requirements

  • 5+ years in security or security-adjacent roles
  • You've driven a SOC 2 audit - ideally owned one end-to-end, but if you ran the bulk of a program under a fractional CISO or security leader, that counts
  • Comfortable in cloud environments (AWS, GCP, or Azure) and writing enough code or Terraform to automate access and infrastructure workflows
  • You've owned customer security questionnaires and know how to make them faster
  • Strong written communication

Nice to have

  • A previous tour as the first or early security hire at a startup
  • Experience with identity tooling (Okta, AWS IAM Identity Center, Teleport, ConductorOne)
  • Experience with compliance platforms (Vanta, Drata, Secureframe)
  • Other frameworks beyond SOC 2 (ISO 27001, HIPAA, FedRAMP)
  • Background in security engineering, detection, or incident response
Helpcare AI - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Security & Compliance Lead

8 matching positions

It Security & Compliance Lead (Healthcare) - Administration

Premium Health’s Information Technology (IT) department is based in our Administ...
Location
Location
United States , Brooklyn
Salary
Salary:
Not provided
premiumhealth.org Logo
Premium Health
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in IT security, compliance, or risk management
  • Experience in healthcare or regulated environments (HIPAA strongly preferred)
  • Experience managing or supporting security programs, audits, and compliance initiatives
  • Strong understanding of identity and access management, vendor risk, and security controls
  • Ability to work cross-functionally and translate security requirements into practical processes
  • Hands-on experience administering or supporting security technologies and operational controls, including areas such as identity and access management, endpoint protection, email security, MFA/conditional access, DLP, or SaaS security administration
Job Responsibility
Job Responsibility
  • Own and operate the organization's security program, ensuring policies, procedures, and controls are consistently implemented
  • Maintain and update security policies, standards, and procedures
  • Ensure alignment with regulatory and organizational requirements
  • Support ongoing maturation of the organization's security posture and controls framework, including alignment with industry-standard practices such as NIST
  • Stay current on emerging cybersecurity threats, vulnerabilities, technologies, AI-related risks, and evolving industry best practices
  • Administer and support security technologies and operational controls across the environment, including email security, endpoint protection, identity and access management, MFA, conditional access, DLP, and firewall/security platforms
  • Configure, tune, monitor, and maintain security rules, alerts, policies, and protections across Microsoft 365, SaaS, endpoint, and network security platforms
  • Support email security administration, including phishing protection, impersonation protection, quarantine management, and coordination of SPF/DKIM/DMARC-related controls
  • Coordinate and manage phishing simulations, user remediation, and security awareness follow-up activities
  • Support SaaS application governance and review of third-party application access, permissions, and security risks
What we offer
What we offer
  • Paid time Off
  • Medical
  • Dental and Vision plans
  • Retirement plans
  • Public Service Loan Forgiveness (PSLF)
  • Fulltime
Read More
Arrow Right

Cyber Security Compliance Tech. Lead

Conduct regular cybersecurity assessments and audits for Vodafone Cash and other...
Location
Location
Egypt , Giza
Salary
Salary:
Not provided
vodafone.com Logo
Vodafone
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Certifications in cybersecurity (e.g., CISSP, CISM, CISA, ISO27001)
  • Very good knowledge with PCI_DSS
  • Experience in the fintech industry, with a focus on mobile money services at least 2 years
  • Knowledge of specific fintech products and services, including mobile wallets and payment systems
  • Reporting & project management skills is a plus
  • Good grasp of mobile network security and vulnerabilitie
  • Bachelor’s degree in engineering, or computer science
  • Strong understanding of cybersecurity frameworks and standards (e.g., ISO 27001, PCI-DSS, NIST Cybersecurity Framework)
  • In-depth knowledge of cybersecurity threats, vulnerabilities, and countermeasures
  • Proficiency in cybersecurity tools and technologies
Job Responsibility
Job Responsibility
  • Conduct regular cybersecurity assessments and audits for Vodafone Cash and other fintech products
  • Develop and implement cybersecurity policies, procedures, and controls specific to mobile money services
  • Monitor and report on cybersecurity metrics and KPIs for Vodafone Cash and other fintech products
  • Risk Management for cash & fintech products
  • Identify, assess, and mitigate cybersecurity risks associated with Vodafone Cash and other fintech products
  • Develop and implement cybersecurity risk management frameworks and strategies
  • Conduct threat and vulnerability assessments for Vodafone Cash and other fintech products
  • Ensure the implementation of data protection measures, including data encryption, access controls, and data loss prevention
  • Assess the cybersecurity posture of third-party vendors and partners involved in Vodafone Cash and other fintech products
  • Follow up on cybersecurity risks associated with third-party relationships
  • Fulltime
Read More
Arrow Right

Data Governance, Compliance and Security Lead

Over the past 12 months, AO has seen incredible growth, and with ambitious plans...
Location
Location
United Kingdom , Bolton
Salary
Salary:
Not provided
ao.com Logo
AO
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Lead the charge on defining and delivering AO’s Data Governance, Security & Compliance strategies
  • Own the roadmap and drive the projects that bring your strategy to life
  • Get stuck in—implementing standards, tools and third-party tech
  • Take ownership of audit points, risk registers and security requirements for the Data team
  • Solve problems with impact—propose and deliver solutions to close audit gaps
  • Build the model—create and roll out our operating framework across Tech and the wider business
  • Shape the conversation—chair the Data Governance Board
  • Set the standard—define data processes, best practices and design patterns
  • Drive awareness—lead literacy initiatives to embed governance, security and compliance
  • Influence at every level—build strong relationships with senior leaders, stakeholders and teams
Job Responsibility
Job Responsibility
  • Take the lead on shaping and delivering our group-wide approach to Data Security, Compliance and Governance
  • Build something from the ground up
  • Bring together strategy, stakeholders and solutions under one roof
  • Define the roadmap, deliver the solutions, and make the case for scaling the team
  • Embed best practice into our 24/7 operations and every change project
  • Work closely with other Data leads and partner with teams across AO
  • Manage a portfolio of projects that improve how we govern data
  • Engage with stakeholders, vendors and third parties to keep our data capabilities sharp and scalable
What we offer
What we offer
  • 25 days holiday plus bank holidays (increasing to 27 days after 2 years)
  • Pension: Contribute 5% of annual salary and we'll do the same
  • Be a VIP at the AO Arena (opportunities to win free tickets and pre-sale access)
  • Health & wellbeing: discounted gym membership, onsite spa, Help @ Hand scheme (virtual GP’s, Mental Health support)
  • Discounts: exclusive discounts across our product range
  • Family leave: Enhanced Maternity, Paternity and Adoption leave
  • 2 fully paid days a year to donate time to any charity
  • On site perks: free on site parking, complimentary breakfast, subsidised in house coffee shop
  • Fulltime
Read More
Arrow Right

Security and Compliance Lead

We’re on the hunt for a hands-on, sharp-thinking Security & Compliance Lead to l...
Location
Location
Salary
Salary:
110000.00 - 120000.00 USD / Year
corporatetools.com Logo
Corporate Tools
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or equivalent experience in security and compliance
  • 5+ years in security, compliance, or audit roles within IT infrastructure or data centers
  • Demonstrable experience managing SOC 2, ISO 27001, PCI DSS, HIPAA, or GDPR compliance
  • Hands‑on familiarity with physical security systems like CCTV, badge control, biometric access, and alarms
  • Deep knowledge of SIEM systems, incident response frameworks, and risk assessment methodologies
  • Comfortable with networking/physical infrastructure concepts: VLANs, firewalls, environmental sensors, racks
  • A great human
  • Strong leadership and interpersonal skills
  • A person who gets things done themselves with or without a team
Job Responsibility
Job Responsibility
  • Develop and maintain security policies, standards, and baseline configurations for the data center
  • Enhance layered physical security systems, including CCTV, badge readers, biometrics, and intrusion alarms
  • Manage 24/7 access controls, including visitor management, staff clearances, badge systems, and vendor accreditation
  • Lead risk assessments (e.g., FMEA, threat modeling), identify vulnerabilities, and recommend remediation
  • Ensure compliance with standards like SOC 2, ISO 27001, and PCI DSS
  • coordinate audits and maintain audit-ready documentation
  • Serve as Incident Commander or key responder for physical breaches, alarms, or policy violations
  • lead investigations and reporting
  • Maintain and improve incident response playbooks
  • train staff on protocols and best practices
What we offer
What we offer
  • 100% employer-paid medical, dental and vision for employees
  • Annual review with raise option
  • 22 days Paid Time Off accrued annually, and 4 holidays
  • After 3 years, PTO increases to 29 days. Employees transition to flexible time off after 5 years with the company—not accrued, not capped, take time off when you want
  • The 4 holidays are: New Year’s Day, Fourth of July, Thanksgiving, and Christmas Day
  • Paid Parental Leave
  • Up to 6% company matching 401(k) with no vesting period
  • Quarterly allowance
  • Use to make your remote work set up more comfortable, for continuing education classes, a plant for your desk, coffee for your coworker, a massage for yourself... really, whatever
  • Open concept office with friendly coworkers
Read More
Arrow Right

Data Security Governance and Compliance Lead

Barclays is seeking a Data Security Governance & Compliance Lead to provide lead...
Location
Location
United Kingdom , Knutsford
Salary
Salary:
Not provided
barclays.co.uk Logo
Barclays
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Data Security Governance & Policy Leadership -Proven ability to define, own, and enforce enterprise‑wide data security policies, standards, and governance frameworks in a regulated environment, covering areas such as data classification, DLP, encryption, and access controls.
  • Regulatory & Risk Management Expertise- Deep understanding of data protection and security regulations (e.g. GDPR, banking regulatory standards) and the ability to demonstrate compliance through robust governance, metrics, and audit or regulator engagement.
  • Senior Stakeholder Influence & Leadership - Strong capability to influence senior executives and cross‑functional leaders (CISO, CDO, CTO, Privacy, Operations) and lead teams within a global, matrixed organisation, without relying solely on direct authority.
Job Responsibility
Job Responsibility
  • Collaboration with stakeholders to understand their security requirements in business processes and IT projects, to enhance overall risk management.
  • Execution of risk assessments to identify and prioritise potential cybersecurity threats that could impact the banks operations and data and guide the implementation of mitigation strategies and communicate findings to relevant findings to relevant senior stakeholders.
  • Collaboration with business units to develop and implement security policies and procedures for the banks operations aligned to the risk management framework.
  • Management of the implementation, testing and monitoring of security controls across the banks IT systems to ensure the effectiveness of controls and mitigation of risk.
  • Execution of training content and sessions to educate employees, enhance cybersecurity awareness and provide guidance on safe online practices.
  • Management of complex cybersecurity incidents by collaborating with IT teams and response experts to effectively resolve cases through analysis, expertise support and project supervision.
  • Identification of emerging cybersecurity trends, threats, and new technologies to address potential risks by advocating the adoption of new security solutions.
What we offer
What we offer
  • Competitive holiday allowance
  • Life assurance
  • Private medical care
  • Pension contribution
  • Fulltime
Read More
Arrow Right

Lead Analyst, Information Security Governance & Compliance

Beacon Hill Technologies is partnering with a client to identify a Lead Analyst,...
Location
Location
United States , Boca Raton
Salary
Salary:
Not provided
bhsg.com Logo
Beacon Hill
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Practical, working knowledge of audit and assurance concepts and terminology
  • Experience supporting both internal and external audits
  • Ability to evaluate the quality and sufficiency of audit evidence
  • Strong attention to documentation, traceability, and control effectiveness
  • Prior experience in information security governance, compliance, or risk management
  • Demonstrated ability to lead work while remaining directly involved in execution
  • Clear communication skills, particularly when explaining audit or compliance topics
  • Bachelor’s degree in Information Security, Risk Management, or a related discipline
  • 7+ years of experience in governance, risk, and compliance or information security roles
  • Familiarity with security and control frameworks such as NIST or ISO
Job Responsibility
Job Responsibility
  • Support and guide audit, compliance, and risk activities within the information security organization
  • Ensure audit readiness
  • Coordinate audit responses
  • Validate the quality and completeness of evidence
Read More
Arrow Right

Industrial Security Lead – Installation Security and Program Protection

Location
Location
United States , Huntsville
Salary
Salary:
Not provided
astrion.us Logo
Astrion
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience supporting DoD, USSF, USAF, or related federal organizations in industrial security, program protection, acquisition security, or mission assurance roles
  • BA or BS degree
  • Equivalent experience may be substituted for education requirements
  • Active DoD TS/SCI clearance with current investigation
  • Experience supporting classified programs and secure facility operations in accordance with DoD and IC security requirements
  • Knowledge of Program Protection Planning (PPP), Critical Program Information (CPI), base level security, and acquisition security processes
  • Experience supporting base-level or installation security operations, including personnel security, physical security, and classified material control
  • Familiarity with DoDI 5200.39, DoDI 5200.44, DoDM 5200.01 Volumes 1–4, NISPOM, and related security directives
  • Experience coordinating with government program offices, contractors, security managers, and engineering teams
  • Strong organizational, analytical, and communication skills with attention to detail
Job Responsibility
Job Responsibility
  • Support industrial security, program protection, and mission assurance activities for critical defense and space acquisition programs
  • Develop, review, and maintain Security Classification Guides (SCGs) in accordance with DoD policies and directives
  • Evaluate acquisition documentation with program security and Critical Program Information (CPI) protection requirements
  • Coordinate with government and contractor stakeholders to identify and mitigate risks to mission systems, technologies, and sensitive information
  • Support base-level security operations including personnel security, classified visit coordination, secure facility compliance, and physical security requirements
  • Conduct security assessments, contractor site visits, and compliance reviews to evaluate implementation of security controls and protection measures
  • Support System Security Working Groups (SSWG), program reviews, and acquisition security meetings through coordination, documentation, and action tracking
  • Analyze evolving threats, policy updates, and security directives to determine impacts to acquisition and mission systems
  • Develop written assessments, executive briefings, and security recommendations for program leadership and government customers
  • Maintain security documentation repositories, tracking matrices, and reporting tools supporting enterprise mission assurance and program protection efforts
What we offer
What we offer
  • Competitive salaries
  • Continuing education assistance
  • Professional development
  • Multiple healthcare benefits package options
  • 401K with employer matching
  • Competitive time off policy along with a federally recognized holiday schedule
  • Fulltime
Read More
Arrow Right

Security Lead – Cloud & IT Security

HPE Operations is our innovative IT services organization. It provides the exper...
Location
Location
India , Bangalore
Salary
Salary:
Not provided
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's or Master's degree in Computer Science, Information Security, or related field
  • Minimum 10 years in IT security
  • At least 5 years in a leadership role
  • Proven track record in deploying and managing enterprise firewalls (e.g., Palo Alto, Fortinet, Check Point)
  • Strong knowledge of cloud security for AWS, Azure, and/or Google Cloud
  • Experience with DDoS mitigation solutions (e.g., Cloudflare, Akamai, AWS Shield)
  • Experience with Burpsuite
  • Hands-on knowledge of SIEM, SOAR, EDR, and vulnerability management tools
  • Strong analytical thinking
  • Problem-solving ability
Job Responsibility
Job Responsibility
  • Develop and maintain the organization's IT security roadmap aligned with cloud and enterprise infrastructure
  • Lead security design reviews for new systems, services, and cloud deployments
  • Deploy, configure, and manage network security appliances including next-generation firewalls, IDS/IPS, and web application firewalls
  • Implement and maintain cybersecurity protocols, including endpoint protection, identity management, and access control policies
  • Design and operate DDoS protection mechanisms to ensure availability of critical systems
  • Implement and enforce security measures in public, private, and sovereign cloud environments
  • Monitor and audit cloud configurations to ensure compliance with industry standards (ISO 27001, NIST, CIS, etc.)
  • Lead threat modeling, risk assessment, and vulnerability management initiatives
  • Oversee incident detection, response, and recovery processes to minimize business impact
  • Ensure adherence to regulatory and compliance requirements such as GDPR, HIPAA, PCI-DSS
What we offer
What we offer
  • Health & Wellbeing benefits
  • Personal & Professional Development programs
  • Unconditional Inclusion environment
  • Comprehensive suite of benefits supporting physical, financial and emotional wellbeing
  • Fulltime
Read More
Arrow Right