Careers

Haul Yeah! 

Our team creates an efficient and service-based short haul solution with modern tools that improve the bottom line.

We work together to ensure that brokers, contractors, material suppliers and haulers have what they need to be more successful. We have respect for each other and trust in our ability to problem solve on behalf of our contractors. Our team wants to change the way users think about the dump truck hauling and we are committed to deliver on our brand promise to make hauling simple and smart. And we want to have fun while we do it…haul, yeah!

Lead Information Security & Compliance Specialist

Job Description

Location: Remote, with a preference for candidates within ~2 hours' drive of Williamsburg, VA (nice-to-have, for periodic on-site audit and consensus work).

We are seeking a highly skilled Lead Information Security & Compliance Specialist to spearhead our security initiatives and governance frameworks. In this role, you will bridge the gap between high-level compliance and hands-on technical security engineering. You will manage our compliance pipelines, protect our fintech workflows, and champion a security-first culture across our entire organization.

If you are a proactive security professional who thrives in SaaS environments and loves securing cutting-edge tech ecosystems (including cloud, mobile, and AI), we want to hear from you.

Key Responsibilities

  • Compliance Leadership: Lead and manage the end-to-end process of achieving and maintaining our SOC 2 compliance.
  • Policy & Governance: Create, enforce, and govern comprehensive IT and Information Security policies across the entire organization.
  • Client Security Liaison: Serve as the primary security liaison for enterprise clients, confidently answering complex security questionnaires and navigating financial audits.
  • Vendor Management: Interface directly with client security teams, respond to vendor security questionnaires, and optimize our IT Managed Service Provider (MSP) relationships to dictate how we best leverage them.
  • Security Engineering: Act as a hands-on security engineer to review and improve secure coding practices across our React and Node.js codebase, ensuring the safety of our fintech workflows.
  • Vulnerability & DevSecOps Management: Manage and monitor DevSecOps tools like Snyk to catch vulnerabilities early in the CI/CD pipeline.
  • Testing & Infrastructure Security: Conduct internal penetration tests, review Firebase/Firestore security rules, and rigorously develop disaster recovery plans.
  • AI Security Implementation: Design and execute vulnerability testing specifically for our AI features, running prompt injection tests against our LLMs and chat-bots to ensure data integrity.
  • Security Culture: Take full ownership of company-wide security awareness training, actively building an internal culture of vigilance and security awareness.

Job Requirements & Skills

Core Requirements (Must Have)

  • SOC 2 Expertise: Experience managing/leading the end-to-end process of achieving and maintaining SOC 2 compliance, OR comparable/translatable audit and compliance frameworks (e.g., ISO 27001, HIPAA, PCI-DSS). — Recent experience preferred; minimum 5 years; multiple audits/renewals preferred.
  • SaaS & Industry Background: A proven background working within SaaS environments, with a strong preference for candidates experienced in logistics, supply chain, or short-haul trucking platforms (specifically dealing with truck routing and fleet dispatch).
  • Enterprise Experience: Proven experience serving as a primary security contact for medium to large enterprises.
  • Ecosystem Exposure: Strong exposure to secure processes for diverse, interconnected ecosystems across web, mobile, cloud infrastructure, and APIs.

These are valued pluses, not core requirements. This role is process- and compliance-led; deep hands-on software-security engineering is a bonus and not expected day one.

Technical & Next-Level Requirements

  • Codebase Security: Ability to work hands-on with React and Node.js codebases to implement secure coding practices.
  • Tooling & Testing: Direct experience with DevSecOps tools (e.g., Snyk), CI/CD pipelines, internal penetration testing, and Firestore/Firebase security rule governance.
  • AI Vulnerability Testing: Experience or strong capability in running prompt injection tests and securing LLM-powered chatbots.

Nice to Have (Bonus Points)

  • Familiarity with cloud security, preferably within the Google Cloud Platform (GCP) and Firebase ecosystem.
  • Familiarity with modern AI security frameworks, including protecting custom AI models and securing Model Context Protocol (MCP) servers.

Success in this role means that security is seamlessly integrated into our engineering and business operations, culminating in a state where the entire company becomes thoroughly aware of the importance of security throughout everything we do.

Why Iron Sheepdog?

  • Transform a Legacy Industry: Be part of a team that is revolutionizing the massive, essential short-haul trucking industry. We’re creating an tech enabled future that addresses the entire construction materials supply chain.
  • The Iron Sheepdog Standard: Experience a unique business model where industry-leading software is backed by a relentless commitment to personal service and operational excellence.
  • High-Growth Environment: Experience the thrill of a scaling startup where your contributions are essential to our collective success.
  • Innovation at the Core: Join a company that values "what’s next," where we use technology to solve real-world problems for hard-working people.

Total Rewards Package

Iron Sheepdog is committed to offer a competitive compensation and benefits package to include salary, bonus, 401k, healthcare, dental, and PTO.

Equal Opportunity Employer

Iron Sheepdog is an equal opportunity employer and prohibits discrimination against all candidates.