Customer.io - Information Security Specialist
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT
Requirements
• 4+ years of experience in information security, cybersecurity, or a related technical discipline. • A pragmatic, enabling mindset toward AI — you understand the risks but you're not reflexively restrictive. You've thought critically about how organizations can use AI tools like LLMs, coding assistants, and automation responsibly. • Hands-on experience with compliance frameworks (SOC 2, ISO 27001) — you've been through audits and know how to keep controls healthy. • Strong knowledge of cloud security fundamentals (AWS, GCP, or similar), endpoint protection, and identity/access management. • Experience with security tooling — EDR, SIEM, vulnerability scanners, DLP, and email security platforms. • Solid understanding of incident response processes and the ability to stay calm under pressure. • Familiarity with SaaS environments, remote-first operations, and the security challenges that come with them. • Strong written communication skills — you can write a clear policy, a concise incident report, and a Slack message that people actually read. • Self-starter mentality — you're comfortable working autonomously and prioritizing across competing demands. • Experience evaluating AI/ML tools for data privacy and security risks is a strong plus. • Experience in vendor risk assessment and third-party security reviews. • Security certifications (CISSP, CISM, CompTIA Security+, or similar) are a plus but not required.
Responsibilities
• AI Governance & Enablement — Develop and maintain a practical framework for evaluating, approving, and securely deploying AI tools across the organization. Assess data exposure risks, establish acceptable use guidelines, and help teams adopt AI confidently — not fearfully. • AI Governance & Enablement • Vulnerability Management — Own our vulnerability management program — scanning, triaging, coordinating remediation, and tracking resolution across infrastructure, applications, and endpoints. • Vulnerability Management • Compliance — Support and improve our compliance posture (SOC 2, ISO 27001), including evidence collection, control monitoring, and audit support. Ensure AI usage aligns with our regulatory and contractual obligations. • Compliance • Incident Response — Lead security incident response — investigate alerts, coordinate containment, document root causes, and drive improvements. • Incident Response • Security Tooling — Manage and tune security tooling (EDR, SIEM/logging, DLP, email security, identity and access management controls). • Security Tooling • Vendor & Third-Party Risk — Conduct security reviews of third-party vendors, SaaS integrations, and AI services — evaluating data handling, model training policies, and privacy commitments. • Vendor & Third-Party Risk • Policy & Standards — Develop and maintain security policies, standards, and runbooks that are practical and right-sized for our environment — including clear, usable AI usage policies that people actually follow. • Policy & Standards • Application Security Partnership — Partner with Platform Security and Engineering on application security topics — advising on secure architecture, reviewing configurations, and supporting penetration testing efforts. • Application Security Partnership • Security Awareness — Drive security awareness initiatives — phishing simulations, training programs, AI literacy education, and ongoing guidance for the team. • Security Awareness • Threat Intelligence — Monitor and assess emerging threats (including AI-driven attack vectors), and translate them into actionable recommendations for leadership. • Threat Intelligence
Benefits
• We believe in transparency. Starting salary for this role is $151,000 to $170,000 (or equivalent in local currency) depending on experience and subject to market rate adjustment. • We know our people are what make us great, and we’re committed to taking great care of them. Our inclusive benefits package supports your well-being and growth, including 100% coverage of medical, dental, vision, mental health, and supplemental insurance premiums for you and your family. We also offer 16 weeks paid parental leave, unlimited PTO, stipends for remote work and wellness, a professional development budget, and more. • 100% coverage of medical, dental, vision, mental health, and supplemental insurance premiums for you and your family • 16 weeks paid parental leave, unlimited PTO • Our Process • No gotchas, no trick questions - just a clear, human process designed to help both of us make an informed decision. • 30-minute call with Recruiter • 45-minute video call with Hiring Manager • 3 x 30-minute video calls with Cross-Functional Partners (IT, Compliance, Platform Security) • 45-minute Case & Case Review Call with Team • All final candidates will be asked to complete a background check and employment verifications as part of our pre-employment process. • Customer.io recognizes the stifling impact of systemic injustice on diverse communities. We commit to using our influence to increase inclusion and equity within the tech industry. We strive to build an inclusive team culture, implement bias-free hiring practices, and develop community partnerships to expand our global impact. • Zoom is the only video conference platform that we use, virtual interviews will be conducted using the video capability (i.e., not via the chat), and offers will be extended in writing on official Customer.io letterhead. Please be vigilant in all of your job search activity, and if you have any questions please contact [email protected]. • Check out our careers page for more information about why you should come work with us! We believe in empathy, transparency, responsibility, and, yes, a little awkwardness. If you’re excited by what you read — apply now.
No credit card. Takes 10 seconds.