RemoteLeaf Logo
Log in Sign up

Head of Security

1 hour, 56 minutes ago
Canada
Full-time
Lead
Security Engineer
Cybersecurity
AWS Azure Confluence GCP JIRA Penetration Testing SIEM
Apply Now
Reach

Reach

Reach is an ecommerce acceleration platform that helps online retailers expand into new markets and optimize cross-border transactions. With a Merchant of Record model, Reach enables businesses to save on processing fees, maximize conversions, and offe...

Internet Software & Services
51-250
Founded 2016
$24M raised
View All Jobs 3

Description

  • Own the vulnerability management lifecycle end-to-end, including intake, triage, prioritization, risk acceptance, remediation tracking, and external penetration testing.
  • Manage the security operations program, including the MSSP relationship, SIEM and SOC monitoring, detections, playbooks, incident response, tabletop exercises, and post-incident reviews.
  • Define, maintain, and improve the company’s security policies, controls, and risk framework.
  • Own SOC 2 Type II and PCI DSS compliance, including continuous control monitoring, evidence collection, and auditor coordination.
  • Partner with engineering on secure SDLC practices, threat modeling, application security testing coverage, and cloud security posture.
  • Own identity and access management processes, including access reviews, privileged access, and joiner/mover/leaver workflows.
  • Run the vendor risk program and respond to customer and prospect security questionnaires and reviews.
  • Lead security awareness efforts, including phishing simulations, training, and company-wide education on emerging threats.
  • Provide regular executive updates on security posture, metrics, risks, and audit readiness.
  • Mentor the security team member, and own the security budget and tooling lifecycle.

Requirements

  • 8+ years of experience in information security.
  • 3+ years leading a security program or a major security function.
  • Direct, end-to-end experience owning SOC 2 Type II audits.
  • PCI DSS experience strongly preferred.
  • Proven hands-on ownership of vulnerability management programs at scale.
  • Experience managing an MSSP/MDR relationship for SIEM and 24/7 SOC coverage.
  • Strong application and cloud security fundamentals with hands-on experience in AWS, GCP, or Azure.
  • Experience leading incident response end-to-end, including cross-functional coordination and external parties.
  • Experience writing and operationalizing security policies against frameworks such as NIST CSF, ISO 27001, or CIS Controls.
  • Excellent written and verbal communication skills for working with engineers, executives, auditors, and customers.
  • Comfort working as a player-coach in a lean environment with strong ownership and bias for action.
  • Experience in fintech, payments, or ecommerce, especially cross-border or merchant-of-record, is an asset.
  • Prior experience standing up or scaling a security program at a growth-stage company is an asset.
  • Familiarity with GRC or continuous compliance platforms such as Vanta, Drata, or Secureframe is an asset.
  • AWS experience is preferred as Reach’s primary cloud, and familiarity with Atlassian tools like Jira and Confluence is an asset.
  • Formal people-management experience is an asset.
  • Relevant certifications such as CISSP, CISM, or CCSP are an asset.

Benefits

  • Competitive compensation.
  • Flexible remote work.
  • Comprehensive benefits.
  • Opportunity to build and own a security function.
  • Direct impact on a global commerce platform.
  • Work/life balance with an emphasis on sustainability over constant intensity.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

AlphaSense

Senior Business Applications Security Engineer

AlphaSense 251-1K Internet Software & Services

AlphaSense is hiring a Senior Business Applications Security Engineer to build and own a centralized security program for its business application ecosystem, spanning SaaS, cloud, and on-premise tools.

India Full-time Senior Application Security Engineer Security Engineer
OAuth Salesforce SAML
8 minutes ago
h

Cybersecurity Engineer - EU/US Timezones

hermeneutic Investments 11-50 Technology, Information and Internet

hermeneutic Investments is seeking a Junior–Mid Cybersecurity Engineer to run day-to-day security operations and strengthen protections across cloud, endpoints, identity, and collaboration systems in its proprietary trading and hedge fund environment.

United States United Kingdom Full-time Mid Level Security Engineer
AWS Azure Cybersecurity GCP OAuth SIEM System Design WAF
23 minutes ago
S

Security Engineer

SymSoft Solutions Web Design, Development, and System Integration

Symsoft Solutions is hiring a remote six-month contract professional to support state and local government web, application, and data services work with prior State of California experience.

United States Contract Senior Security Engineer
$100k-$120k
23 minutes ago
SpaceX

Sr. Security Software Engineer (Starshield)

SpaceX 10K-50K Aerospace & Defense

SpaceX is hiring a Sr. Security Software Engineer for Starshield to secure software and infrastructure supporting government-focused space systems, including communications, sensing, and in-space mesh networks.

United States Full-time Senior Security Engineer
$168k-$230k
C++ Go Network Security Python TCP/IP
23 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers