Security Officer

Duties

• Lead and oversee the organization’s information security and cybersecurity strategy, ensuring alignment with business and pre-IPO requirements.
• Establish and maintain security governance frameworks, including reporting to executive leadership and board-level committees.
• Develop, implement, and regularly update security policies and procedures (e.g., Information Security, Incident Response, Data Protection, Access Control, Business Continuity).
• Conduct and maintain cyber risk assessments, risk registers, and mitigation plans aligned with recognized frameworks (ISO 27001, NIST, SOC 2).
• Manage and continuously improve incident response and breach preparedness, including escalation procedures and regulatory notification processes.
• Maintain records of historical security incidents, assess materiality, and support legal and disclosure readiness for IPO requirements.
• Oversee identity and access management (IAM), ensuring proper controls such as MFA, RBAC, and user lifecycle management.
• Ensure infrastructure and operational security, including asset management, patching, endpoint protection, backups, and disaster recovery planning.
• Implement and enforce data protection and privacy practices, including data classification, encryption, retention, and regulatory compliance (e.g., GDPR, CCPA).
• Collaborate with engineering teams to ensure secure application development practices, including SDLC security, code access controls, and vulnerability management.
• Manage third-party and vendor security risks, including assessments, contracts, and ongoing monitoring.
• Lead security awareness and training programs across the organization.
• Coordinate internal and external audits, track remediation efforts, and drive continuous security improvements.
• Ensure full IPO cybersecurity readiness, including risk disclosure, control validation, and investor communication support.

Technical Requirements

• Strong experience in information security, cybersecurity, or IT risk management (typically 5+ years).
• Deep understanding of security frameworks and standards such as ISO 27001, NIST CSF, and SOC 2.
• Hands-on experience with:
  • Risk assessment and risk management methodologies
  • Incident response planning and execution
  • Identity and Access Management (IAM) systems and controls
  • Multi-Factor Authentication (MFA) and privileged access management
• Knowledge of network, infrastructure, and cloud security principles.
• Experience with:
  • Vulnerability management and penetration testing
  • Endpoint protection and monitoring tools
  • Backup and disaster recovery solutions (RTO/RPO)
• Strong understanding of data protection and privacy regulations (e.g., GDPR, CCPA).
• Familiarity with secure software development practices (Secure SDLC, SAST/DAST).
• Experience managing third-party/vendor security risk and reviewing security controls (e.g., SOC reports).
• Ability to produce and maintain security documentation, reports, and audit evidence.
• Experience supporting compliance, audit, or IPO readiness activities is highly preferred.

Non-Technical Requirements

• Excellent communication skills, with the ability to present cyber risks to executives and board members.
• High level of integrity, confidentiality, and accountability.
• Strong analytical and problem-solving capabilities.
• Detail-oriented with strong organizational and documentation skills.
• Ability to manage multiple priorities in a high-pressure, pre-IPO environment.
• Proactive mindset focused on risk prevention and continuous improvement.
• Experience in training, mentoring, and raising organizational security awareness.