Director of Security and Compliance

Summary

Join Backlight, a media management company working with major brands like Netflix and Spotify, as their Director of Security and Compliance. Lead and develop security strategies, overseeing all aspects of the security program. Ensure compliance with industry standards like SOC 2, manage security systems, and mitigate risks. Mentor the security team, conduct audits, and develop security training programs. Collaborate cross-functionally and report to senior leadership. This role requires extensive experience in security and compliance, relevant certifications, and strong leadership skills.

Requirements

• Relevant security certifications (e.g., CISSP, CISM)
• Bachelor’s degree in computer science, information security, or a related field
• 8+ years of experience in security and compliance roles, including 3+ years in a leadership capacity within a technology environment
• Expertise in managing SOC 2 compliance and corporate security systems, including tools like Crowdstrike, Orca, and Snyk
• Strong understanding of security frameworks and regulatory requirements (e.g., SOC 2, GDPR, ISO 27001)
• Exceptional project management and audit oversight skills
• Excellent communication and leadership abilities, with a collaborative and proactive approach

Responsibilities

• Develop and execute security strategies to protect company assets, data, and infrastructure while aligning with business objectives
• Oversee compliance with SOC 2 and other regulatory frameworks, managing end-to-end audit processes
• Mentor and grow the security and compliance team, including direct oversight of the Compliance Analyst, to scale security operations
• Lead the administration and optimization of security systems, such as Crowdstrike (endpoint security), Okta (identity and access management), Orca (cloud security), and application security tools (SAST, SCA, DAST)
• Assess and enhance the effectiveness of security tools, ensuring seamless integration across the infrastructure
• Conduct risk assessments, vulnerability testing, and penetration testing to identify and mitigate security risks
• Implement policies and procedures to address and minimize organizational risks
• Serve as the primary contact for SOC 2 and other industry-standard audits, ensuring readiness and managing audit processes
• Oversee customer and vendor security reviews, including due diligence questionnaires, with support from the Compliance Analyst
• Develop and deliver security training programs to promote awareness of security best practices and compliance
• Oversee policy creation, updates, and compliance tracking to foster a culture of security within the organization
• Partner with IT, product, and engineering teams to embed security controls throughout the software development lifecycle
• Provide regular updates to senior leadership on security posture, compliance initiatives, and risk management efforts