As the Lead Security & Compliance Officer at Iron Sheepdog, you won’t just be writing policies. You will be the definitive voice of security across our entire organization. Your primary objective will be to establish robust IT governance, spearhead our SOC II compliance efforts, and ensure we confidently pass enterprise-level financial and security audits. When you aren't leading compliance initiatives, you will act as a hands-on security engineer: partnering with our engineering team to elevate secure coding practices, fortifying our Firebase infrastructure, and ensuring our innovative AI integrations (like our chat-with-data bots) are resilient against prompt injection and other modern vulnerabilities. This role offers the exciting opportunity to take complete ownership of our security posture from the ground up. 

‍

Responsibilities

• Spearhead and manage the end-to-end process of achieving and maintaining SOC II compliance.
• Serve as the primary security liaison for enterprise clients, confidently answering complex security questionnaires and navigating financial audits.
• Create, enforce, and govern comprehensive IT and Information Security policies across the organization.
• Evaluate, manage, and optimize our IT Managed Service Provider (MSP) relationships, dictating how we best leverage them.
• Take ownership of company-wide security awareness training, building a culture of security.
• Act as a hands-on security engineer to review and improve secure coding practices across our React and Node.js codebase, ensuring the safety of our fintech workflows.
• Manage and monitor DevSecOps tools like Snyk to catch vulnerabilities early in the CI/CD pipeline.
• Conduct internal penetration tests, develop disaster recovery plans, and rigorously review Firebase/Firestore security rules.
• Design and execute vulnerability testing specifically for our AI features, running prompt injection tests against our LLMs and chat-bots to ensure data integrity.

‍

Skills and Qualifications ‍

• 5+ years of professional experience in Information Security, with a strong mix of compliance and application security.
• Proven, hands-on experience successfully leading a software company through a SOC II audit.
• Deep expertise in drafting and enforcing IT governance, security policies, and disaster recovery plans.
• Experience responding to enterprise vendor security questionnaires and interacting directly with client security teams.
• Experience configuring and managing security scanning tools (e.g., Snyk, SonarQube).
• Familiarity with cloud security, preferably within the Google Cloud Platform (GCP) and Firebase ecosystem.
• Strong communication and leadership skills, with the ability to translate complex security requirements into actionable tasks for a lean engineering team.
• Ability to take initiative, work independently, and own the security roadmap in a fully remote environment. ‍ 

‍

Additional Skills are a Bonus ‍

• Experience with AI security concepts, including defending against prompt injections and securing LLM architectures.
• Experience managing or migrating IT Managed Service Providers (MSPs) and MDM solutions.
• Background in Fintech security, specifically concerning payment gateways, escrow logic, or anti-fraud measures.
• Certifications such as CISSP, CISM, or Certified DevSecOps Professional (CDP).
• Solid understanding of modern web application architecture (React, Node.js) and secure coding principles (OWASP Top 10).
• Practical experience conducting network or application-level penetration testing.

‍

Why Iron Sheepdog?

• Transform a Legacy Industry: Be part of a team that is revolutionizing the massive, essential short-haul trucking industry. We’re creating an tech enabled future that addresses the entire construction materials supply chain.
• The Iron Sheepdog Standard: Experience a unique business model where industry-leading software is backed by a relentless commitment to personal service and operational excellence.
• High-Growth Environment: Experience the thrill of a scaling startup where your contributions are essential to our collective success.
• Innovation at the Core: Join a company that values "what’s next," where we use technology to solve real-world problems for hard-working people.
• Take absolute ownership of our security and compliance posture, making a highly visible impact on the company’s ability to close enterprise deals.
• Enjoy the flexibility of a fully remote work environment where innovation, intensity, and integrity are highly valued.
• Work closely with a talented and passionate engineering team that is excited to learn and implement your security best practices.
• Opportunity to grow your skills and define the security roadmap for our technology stack, ensuring we scale safely.

‍

Total Rewards Package:

Iron Sheepdog is committed to offer a competitive compensation and benefits package to include salary, bonus, 401k,  healthcare, dental, paid time off and much more.

Equal Opportunity Employer:

Iron Sheepdog is an equal opportunity employer and prohibits against the discrimination against all candidates. 

‍