Close

Security & Trust Lead (USA Only - 100% Remote)

Close$120K — $150K *
US-AnywhereRemote in United States
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years of experience leading Security & Trust programs specifically in a 50-300 person company.
  • Technical proficiency in SSO/IAM configurations and data flow management.
  • Strong automation mindset with a focus on efficiency through scripts, APIs, and AI usage.
  • Proactive and positive attitude towards integrating AI in security practices.
  • Experience in managing security frameworks and compliance, such as SOC 2, ISO 27001, or HIPAA.

Responsibilities

  • Run and automate the Governance, Risk, and Compliance (GRC) program.
  • Audit customer data movement and implement processes for data deletion requests.
  • Evaluate and manage new vendor security reviews efficiently.
  • Develop best-in-class communication resources for customer security information.
  • Coordinate product security audits with Engineering and ensure necessary artifacts are produced.
  • Conduct investigations and incident response for security breaches.
  • Manage identity and device security protocols, including SSO and access reviews.

Benefits

  • Competitive pay plus organization-wide bonus based on goals.
  • Approximately 5 weeks of PTO to start, with additional days for each year of service.
  • Flexibility to choose a 4-day work week at 80% pay or standard 5-day week.
  • Paid parental leave for primary and secondary caregivers.
  • One month paid sabbatical every five years of service.
  • Comprehensive healthcare options with Close covering 99% of premiums.
  • 401k matching up to 6% from the first day of employment.
Full Job Description
About the Role

We have 11k+ customers, which means we have a lot of data in our care. Earning and keeping their trust - rigorous security and privacy practices, plus the compliance and audit work that verifies it to customers - has so far been spread across engineering leadership, our founders, and our ops team. It's high time this had a real owner.

You'll be the first person at Close whose full-time job is protecting our customers' data and our company: GRC (security governance, risk, and compliance), internal security (identity, devices, access, vendors), incidents, and the customer-facing resources that prove we do this well. Your mandate is to build this like an engineer - automate the evidence, codify the processes, use AI aggressively. We recommend giving grc.engineering a read; this is the mentality we're hiring for.

You are
  • A hands-on operator, with 5+ years of building Security & Trust programs. You've personally run security and compliance programs, ideally at a 50-300 person company. You've been the one configuring SSO, running access reviews, answering the SOC 2 auditor's questions.
  • Technical enough to know how our systems work. You can reason about SSO/IAM configuration details, trace how customer data flows through third-party tools, and dig through logs (e.g., in Loki) to run down an incident yourself.
  • Automation and efficiency minded. You'll happily grind through manual work when it's needed - screenshotting evidence, searching logs - but you refuse to still be doing it by hand a year later, so you automate it away with scripts, APIs, and AI.
  • AI-positive. You see AI as something to help us adopt faster, not just a risk to manage. Your instinct is to find the safe path to yes and you can tell the difference between exposure and vibes.
You will
  • Run our GRC program - then automate it. Vanta day to day (controls, policies, alerts, evidence, vendor reviews), leading our SOC 2 Type 2 audits, annual risk assessments, and evaluating additional frameworks (ISO 27001, HIPAA). Wherever a recurring check, evidence pull, or list (like our GDPR subprocessors) can come from code or an API instead of by hand, make it so.
  • Own how customer data moves through our stack. Audit what flows to third-party tools (and stop what shouldn't), and build a real process for deletion requests across our analytics stack.
  • Be the security gate for new tools and vendors. Confirm SOC 2 status, get the DPA signed, add them in Vanta, update the subprocessor list - with a process that lets the team adopt new tools (AI especially) quickly and safely. Procurement and spend stay with finance/ops; the security and privacy review is yours.
  • Make Close best-in-class at communicating trustworthiness. Own trust.close.com and our security/privacy/GDPR pages, and turn them into the place where customers' security questions can answer themselves.
  • Coordinate product security audits. Run pen tests and audits of our product jointly with Engineering - vendor selection, scoping, and the artifacts we need for customers and partners (e.g., Google OAuth restricted scopes). Engineering fixes what's found; you make sure the audits happen and produce what we need.
  • Investigate and clean up security incidents. When something looks off, you're the one who digs in to run it down and contain it - work that currently falls to Engineering by default.
  • Own our identity and device security. SSO/IAM strategy and configuration, MDM across the fleet, the security side of onboarding/offboarding, and regular access reviews so no one keeps a key they shouldn't. You make the call on where we require SSO and what we'll pay for it.
  • Run our employee security program. Training people actually remember, phishing simulations to keep us honest, and ongoing monitoring (e.g., 1Password Watchtower) with follow-through.
What this role is not
  • Product or application security engineering. You'll coordinate audits of our product and drive incident investigations, but you won't ship code to our product, own its architecture, or be responsible for implementing fixes - that belongs to our engineering org.
  • Infrastructure. Our AWS and production infrastructure belong to our DevOps/SRE team. Where your work touches production, you drive the investigation; engineering implements what needs production access.
  • Legal. Privacy policy, DPAs, and legal interpretation of GDPR/CCPA will sit with our legal function. You own the operational side and partner closely with them.
  • Only IT support. You'll help with the occasional IT request - it comes with owning devices, identity, and tooling - but it's a small slice of the job, and you'll automate the routine parts. If helpdesk work is the whole of your background, this isn't the fit.
Benefits
  • Compensation: Competitive pay plus an organization-wide goal-based bonus
  • Paid Time Off: ~5 weeks of PTO to start. Plus a 1-week all-company Winter Holiday Break and paid US holidays. You'll earn 2 extra days for every year you're with Close.
  • 80% Work Option: Work with your manager to choose between a standard 5-day week or a 4-day week at 80% pay
  • Parental Leave: Paid leave for primary and secondary caregivers
  • Sabbatical: A 1-month paid sabbatical every 5 years with the team
  • Healthcare (US residents): Two medical plans with Close covering 99% of your premium, plus Dental, Vision, HSA, FSA, and company-paid Long-Term Disability
  • 401k (US residents): We match your contributions up to 6%, vested immediately

About Close

Close is a sales CRM for startups and SMBs. The platform helps businesses manage their sales process by providing a suite of tools for lead management, email marketing, and reporting. Close was founded in 2013 by Steli Efti, Nick Persico, and Anthony Nemitz.
Learn more about Close
Size
100 employees
Industry

Similar Jobs

More Jobs at Close

More Information Technology Jobs

Find similar Security & Trust Lead (USA Only - 100% Remote) jobs: