Senior Security & Compliance

Optimove is a global marketing tech company, recognized as a Leader by Forrester and a Challenger by Gartner. We work with some of the world's most exciting brands, such as Sephora, Staples, and Entain, who love our thought-provoking combination of art and science. With a strong product, a proven business, and the DNA of a vibrant, fast-growing startup, we're on the cusp of our next growth spurt. It's the perfect time to join our team of ~450 thinkers and doers across NYC, LDN, TLV, and other locations, where 2 of every 3 managers were promoted from within. Growing your career with Optimove is basically guaranteed.

We seek a highly skilled Security and Compliance Lead to drive the company's security and compliance initiatives across our multi cloud environments and services. This is a technical, hands-on role responsible for securing applications, IT infrastructure, customer data, and employee endpoints, while ensuring compliance with industry standards. The role also includes leading audits (ISO 27001, SOC 2 Type 2), managing penetration tests, supporting customer security inquiries, and assisting the field departments (sales, marketing) with security-related needs.

Responsibilities:

Security Leadership:

• Manage security across multi cloud environments (GCP, AWS, Azure) covering applications, IT systems, and endpoints.
• Continuously assess vulnerabilities and develop mitigation strategies.
• Develop, implement, and monitor security policies, standards, tools and procedures.
• Lead incident response efforts, including root cause analysis and the implementation of remediation plans.
  
  

• Oversee the security posture in multi-cloud environments (AWS, GCP, Azure) and services (such as Snowflake, MongoDB, Auth0 and others)
• Familiarity with SIEM, CSPM and DSPM systems
• Collaborate with DevOps and SRE teams to secure CI/CD pipelines and infrastructure.
• Implement and manage security controls for workloads, applications, and sensitive data.
• Vendor and Corporate Security Assessment:
• Lead security assessments of third-party vendors and partners to ensure compliance with corporate security standards.
• Conduct regular security evaluations of corporate systems, services, and tools to assess vulnerabilities.
• Implement vendor management processes to maintain security controls and compliance across all third-party relationships.
  
  

• Answer customer security-related questions and assist in responding to RFPs and security questionnaires.
• Support field departments (sales, marketing, etc.) by addressing security concerns, creating customer-facing security documentation, and maintaining a knowledge base with answers to common security inquiries.
  
  

• Protect customer data, including PII, using encryption, DLP strategies, and access controls.
• Oversee endpoint security and data privacy policies, ensuring compliance with relevant regulations (e.g., GDPR, HIPAA).
• Manage and enhance email security controls such as DMARC, DKIM, and SPF to protect against phishing and email fraud.
  
  

• Lead security audits such as ISO 27001, SOC 2, and ensure compliance with global regulations (GDPR, HIPAA, etc.).
• Organize and manage penetration tests and vulnerability assessments, implementing remediation strategies based on findings.
• Maintain comprehensive documentation and reporting for audits, senior management, and regulatory bodies.
  
  

• Work with cross-functional teams (Legal, IT, Engineering) to embed security best practices across the organization.
• Lead security awareness programs and training for employees.
• Build and maintain a knowledge base of security policies, procedures, and common security questions for internal and external stakeholders.
  
  

• 5+ years in security roles, with at least 3 years in cloud security and compliance.
• Expertise in SIEM, CSPM, DSPM tools
• Expertise in cloud-based SaaS platforms
• Proven experience managing security audits (ISO 27001, SOC 2) and overseeing penetration tests.
• Experience responding to customer security inquiries and supporting sales and marketing teams.
• Hands-on experience with security tools, including firewalls, DLP, SIEM, encryption, and endpoint protection.
  
  

• Proficient in cloud security practices across AWS, GCP, and/or Azure.
• Strong knowledge of email security controls such as DMARC, DKIM, and SPF.