RemoteLeaf Logo
Log in Sign up

Head of Security

1 month, 1 week ago
Canada
Full-time
Lead
Security Engineer
Cybersecurity
AWS Azure Confluence GCP JIRA Penetration Testing SIEM
Apply Now
Reach

Reach

Reach is an ecommerce acceleration platform that helps online retailers expand into new markets and optimize cross-border transactions. With a Merchant of Record model, Reach enables businesses to save on processing fees, maximize conversions, and offe...

Internet Software & Services
51-250
Founded 2016
$24M raised
View All Jobs 2

Description

  • Own the vulnerability management lifecycle end-to-end, including intake, triage, prioritization, risk acceptance, remediation tracking, and external penetration testing.
  • Manage the security operations program, including the MSSP relationship, SIEM and SOC monitoring, detections, playbooks, incident response, tabletop exercises, and post-incident reviews.
  • Define, maintain, and improve the company’s security policies, controls, and risk framework.
  • Own SOC 2 Type II and PCI DSS compliance, including continuous control monitoring, evidence collection, and auditor coordination.
  • Partner with engineering on secure SDLC practices, threat modeling, application security testing coverage, and cloud security posture.
  • Own identity and access management processes, including access reviews, privileged access, and joiner/mover/leaver workflows.
  • Run the vendor risk program and respond to customer and prospect security questionnaires and reviews.
  • Lead security awareness efforts, including phishing simulations, training, and company-wide education on emerging threats.
  • Provide regular executive updates on security posture, metrics, risks, and audit readiness.
  • Mentor the security team member, and own the security budget and tooling lifecycle.

Requirements

  • 8+ years of experience in information security.
  • 3+ years leading a security program or a major security function.
  • Direct, end-to-end experience owning SOC 2 Type II audits.
  • PCI DSS experience strongly preferred.
  • Proven hands-on ownership of vulnerability management programs at scale.
  • Experience managing an MSSP/MDR relationship for SIEM and 24/7 SOC coverage.
  • Strong application and cloud security fundamentals with hands-on experience in AWS, GCP, or Azure.
  • Experience leading incident response end-to-end, including cross-functional coordination and external parties.
  • Experience writing and operationalizing security policies against frameworks such as NIST CSF, ISO 27001, or CIS Controls.
  • Excellent written and verbal communication skills for working with engineers, executives, auditors, and customers.
  • Comfort working as a player-coach in a lean environment with strong ownership and bias for action.
  • Experience in fintech, payments, or ecommerce, especially cross-border or merchant-of-record, is an asset.
  • Prior experience standing up or scaling a security program at a growth-stage company is an asset.
  • Familiarity with GRC or continuous compliance platforms such as Vanta, Drata, or Secureframe is an asset.
  • AWS experience is preferred as Reach’s primary cloud, and familiarity with Atlassian tools like Jira and Confluence is an asset.
  • Formal people-management experience is an asset.
  • Relevant certifications such as CISSP, CISM, or CCSP are an asset.

Benefits

  • Competitive compensation.
  • Flexible remote work.
  • Comprehensive benefits.
  • Opportunity to build and own a security function.
  • Direct impact on a global commerce platform.
  • Work/life balance with an emphasis on sustainability over constant intensity.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

The Missing Link

Saviynt IAM Specialist

The Missing Link 51-250 Internet Software & Services

The Missing Link is seeking a Security Engineer - Saviynt to support large enterprise identity governance initiatives, design and deliver Saviynt-based solutions, and strengthen its growing cyber security practice.

India Full-time Mid Level Security Engineer
Active Directory Azure Cybersecurity JavaScript PowerShell REST API SAP SQL
15 hours, 26 minutes ago
EnableComp

AI Security Architect (REMOTE - United States)

EnableComp 251-1K Insurance

EnableComp is seeking a remote AI Security Architect to secure and govern its AI and machine learning initiatives within its healthcare revenue cycle management environment.

United States Full-time Senior AI Engineer Security Engineer
Azure Cybersecurity HIPAA LLM Machine Learning
15 hours, 41 minutes ago
Dropbox

Senior Infrastructure Security Engineer

Dropbox 1K-5K Internet Software & Services

Dropbox is hiring a Security Engineer to secure its AI and agentic infrastructure while helping protect products and users across cloud and on-prem environments.

Canada Full-time Lead Infrastructure Engineer Security Engineer
$152k-$206k
Bash CI/CD CrowdStrike Go Java Kubernetes Linux LLM Node.js OAuth OpenID Connect OWASP Python Ruby Rust SIEM
15 hours, 41 minutes ago
Fullscript

Staff, Security Engineer

Fullscript 251-1K Health Care Providers & Services

Fullscript is hiring a Staff Security Engineer to lead hands-on security engineering across its healthcare technology platform, shaping secure product development and protecting systems that support practitioners and patients.

United States Canada Full-time Lead Security Engineer
AWS GitHub GitLab GraphQL JavaScript Node.js Penetration Testing Ruby on Rails
16 hours, 11 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers