2 months ago
Remote, United States or Toronto, CanadaSenior
Responsibilities
- Own and evolve Overstory’s compliance program with SOC 2 and ISO 27001.
- Drive end-to-end vulnerability management from detection to remediation.
- Design and improve security processes across infrastructure and applications.
- Lead security input in architecture and engineering decisions.
- Oversee identity and access management and endpoint security.
- Manage vendor security and third-party risk assessments.
- Lead audit readiness for SOC 2 and ISO 27001.
- Partner with customer-facing teams on security questionnaires.
- Contribute to security awareness and culture within the organization.
Requirements
- 5+ years of experience in security engineering or related fields.
- Direct experience with SOC 2 and ISO 27001 compliance frameworks.
- Deep experience in vulnerability management and remediation workflows.
- Fluency in cloud environments like AWS, GCP, or Azure.
- Experience with identity and access management and IT security operations.
- Ability to translate security risks into actionable guidance.
- Interest in leveraging AI tooling for business impact.
- Strong written communication skills for documentation.
- Proactive mindset balancing security best practices with business needs.
- Experience working cross-functionally in a remote-first environment.
Benefits
- Competitive, location-specific compensation and benefits.
- Flexible, autonomous working environment.
- Home office stipend and ongoing education budgets.
- A company culture that embodies core values.
- Opportunity to work on mission-driven projects addressing climate change.