Information Security Specialist

As our first dedicated InfoSec hire, you'll be the go-to person for securing our organization.

### What you’ll do - **AI Governance & Enablement** — Develop and maintain a practical framework for evaluating, approving, and securely deploying AI tools across the organization. - **Vulnerability Management** — Own our vulnerability management program — scanning, triaging, coordinating remediation, and tracking resolution across infrastructure, applications, and endpoints. - **Compliance** — Support and improve our compliance posture (SOC 2, ISO 27001), including evidence collection, control monitoring, and audit support. - **Incident Response** — Lead security incident response — investigate alerts, coordinate containment, document root causes, and drive improvements. - **Security Tooling** — Manage and tune security tooling (EDR, SIEM/logging, DLP, email security, identity and access management controls). - **Vendor & Third-Party Risk** — Conduct security reviews of third-party vendors, SaaS integrations, and AI services — evaluating data handling, model training policies, and privacy commitments. - **Policy & Standards** — Develop and maintain security policies, standards, and runbooks that are practical and right-sized for our environment. - **Application Security Partnership** — Partner with Platform Security and Engineering on application security topics. - **Security Awareness** — Drive security awareness initiatives — phishing simulations, training programs, AI literacy education, and ongoing guidance for the team. - **Threat Intelligence** — Monitor and assess emerging threats (including AI-driven attack vectors).

### Who you are - 4+ years of experience in information security, cybersecurity, or a related technical discipline. - A pragmatic, enabling mindset toward AI. - Hands-on experience with compliance frameworks (SOC 2, ISO 27001). - Strong knowledge of cloud security fundamentals (AWS, GCP, or similar). - Experience with security tooling — EDR, SIEM, vulnerability scanners, DLP, and email security platforms. - Solid understanding of incident response processes. - Familiarity with SaaS environments and remote-first operations. - Strong written communication skills. - Self-starter mentality. - Experience evaluating AI/ML tools for data privacy and security risks is a strong plus. - Experience in vendor risk assessment and third-party security reviews. - Security certifications (CISSP, CISM, CompTIA Security+, or similar) are a plus but not required.

### What you'll get - **Compensation & Benefits**: Starting salary for this role is $151,000 to $170,000 depending on experience. - **Inclusive benefits package** supports your well-being and growth, including 100% coverage of medical, dental, vision, mental health, and supplemental insurance premiums for you and your family. - **16 weeks paid parental leave**. - **Unlimited PTO**. - **Stipends for remote work and wellness**. - **Professional development budget**.

People-First Jobs is a community platform connecting job seekers with companies that prioritize people-first workplace cultures and values. The platform matches motivated candidates with remote and flexible job opportunities at organizations committed to employee well-being and inclusive hiring practices.