Lead IT Security Engineer

Summary

Join ZOE, a leading science and nutrition company, as their Lead IT Security Engineer. This crucial role is the first dedicated IT security position, offering the opportunity to build and implement the company's security strategy from the ground up. You will be responsible for shaping and implementing a comprehensive IT security roadmap, driving security programs, assessing and mitigating risks, developing and enforcing security policies, and fostering a security-first culture. The position requires extensive experience in corporate IT security and a strong understanding of various security domains. ZOE offers a competitive compensation package including base pay and stock options, along with a comprehensive benefits package designed to support employee well-being and professional growth.

Requirements

• Extensive experience in corporate IT security, cybersecurity, or information security, ideally in a fast-paced, SaaS-based and cloud-based environment
• Proven ability to design, implement, and own security strategies independently
• Strong understanding of network security, and device management (Mac, Chromebook, or other)
• Awareness of cloud security practices (AWS, GCP, or Azure)
• Hands-on expertise in incident response, vulnerability management, endpoint protection (e.g., EDR), and security operations (logging, SIEM)
• Deep knowledge of security industry best practices and data privacy regulations (GDPR, DPA, CCPA)
• Ability to communicate security risks and concepts effectively to both technical and non-technical stakeholders, and work autonomously on big initiatives
• A proactive, problem-solving mindset: comfortable tackling complex issues like domain migrations, privileged access reviews, and DLP rollout in a single role

Responsibilities

• Shape and implement a comprehensive IT security roadmap that aligns with ZOE’s business goals, covering everything from endpoint security and identity/access management to DLP (Data Loss Prevention) and logging/monitoring
• Drive security programs around OS and application patch management, disk encryption, and local admin privilege management, ensuring corporate devices and contractor/BYOD setups meet compliance and security standards
• Assess, mitigate, and manage security risks across our SaaS ecosystem (over 100 apps), corporate IT systems, and infrastructure. Lead projects such as domain registration migrations, centralised logging/SIEM setup, and endpoint protection rollouts
• Develop and enforce security policies and frameworks, covering identity and access management, incident response, vendor security reviews, and data handling
• Drive automation and adopt Infrastructure-as-Code (IaC) patterns to ensure security controls and configurations are repeatable, consistent, and easily deployed across our endpoints and cloud resources
• Lead security compliance efforts in partnership with the Legal team, and provide technical guidance to the organisation on data privacy regulations (GDPR, DPA, CCPA etc.)
• Monitor, investigate, and respond to security incidents, performing root cause analysis, implementing proactive measures and taking lead on responding to IT security incidents
• Cultivate a security-first culture by delivering ongoing training (e.g., phishing simulations, secure practices) and collaborating with teams on secure SaaS configuration
• Evaluate, select, and deploy security tools and technologies (e.g., EDR, MDM solutions), balancing strong security posture with user experience
• Own privileged access reviews and work with stakeholders to enforce least privilege across critical applications and data
• Stay ahead of evolving security threats and trends, continuously improving our security capabilities and processes

Preferred Qualifications

Experience working in a remote, international team is a plus

Benefits

• Base pay and stock options
• Competitive health insurance and wellness packages
• Inclusive parental policies
• Tailored professional development programs