Company Overview
My client helps large B2B sales organizations win more business by improving how they message, position, and sell to buyers. In simple terms: they help enterprise sales teams communicate value more clearly, improve win rates, and create more consistent revenue outcomes.
They work with major global enterprises (including many $5B+ organizations) and operate with a strong “enterprise-grade” bar, even as a nimble, high-performing business.
The business is private equity-backed, has been building momentum with recent growth, and is investing in the systems, infrastructure, and leadership needed to scale for the next phase.
Why This Role / Why Now
As the business continues to serve more sophisticated enterprise customers, the expectations around security, privacy, and audit readiness continue to rise.
Today, the security program has been driven by a small team, with a heavy load concentrated in a single point of ownership. This role is being added to:
- Reduce key-person risk
- Strengthen and mature the security program
- Improve responsiveness to enterprise security reviews and contract questionnaires
- Ensure ongoing compliance readiness (SOC 2, GDPR, and emerging AI-related frameworks)
This is a highly visible role with real impact on the business and customer trust.
The Opportunity
This role is ideal for someone who enjoys being the owner—not just an advisor. You’ll run the security program end-to-end, partnering across IT, Legal, Sales, Product, and leadership.
It’s a “builder” role inside an established organization: the company is stable and enterprise-facing, but still benefits from someone who can create structure, tighten workflows, and mature the program without needing a massive team behind them.
What You’ll Own
Security Program Ownership (End-to-End)
- Own and evolve the company’s information security program with increasing autonomy
- Drive security and privacy as part of day-to-day operations (“secure by design”)
Compliance & Audit Readiness
- Lead ongoing SOC 2 readiness and annual renewal cycles
- Support expansion into additional frameworks (e.g., ISO readiness as a stretch goal)
- Partner with internal teams to ensure controls are implemented and maintained
Privacy & Enterprise Customer Requirements
- Own / deeply support GDPR processes and privacy posture
- Handle enterprise security questionnaires, vendor onboarding requests, and contract security reviews
- Collaborate closely with Legal (without needing to be a lawyer)
Tooling, Monitoring & Hands-On Security Work
- Manage and mature the GRC process (Vanta experience is a plus)
- Evaluate and implement improvements to monitoring / SIEM approach (currently Datadog)
- Develop repeatable playbooks, SOPs, and operational rhythms
Partner & Vendor Transition
- Work with current external security partner (Cobalt) through a structured handoff period
- Move toward internal ownership over time
What Success Looks Like
First 90 Days
- Become the go-to owner for security program questions and workflows
- Ramp on product, systems, and data flows to confidently support reviews and assessments
- Take point on the majority of contract/security questionnaire work (with support as needed)
- Establish early program KPIs and operating cadence
6 Months
- SOC renewal workstream running smoothly
- Noticeable improvement in responsiveness to enterprise customers and internal stakeholders
- Monitoring approach improved/implemented and operating reliably
- Security program is visibly more structured and less dependent on any one person
12 Months
- Security and privacy embedded more deeply across the organization
- Standardized playbooks and processes across core workflows
- Program maturity elevated in a measurable way
What We’re Looking For
Must-Haves
- Proven ability to own a security program (not only audit/GRC from the sidelines)
- Strong hands-on security orientation (comfortable with implementation and execution)
- Meaningful GDPR experience (not just awareness)
- Comfort partnering with Sales/Legal/Leadership on contract and customer requirements
- Ability to work cross-functionally with strong communication and practical judgment
Strong Pluses
- Experience in a SaaS or tech-enabled services environment serving enterprise customers
- Experience with modern GRC tooling (e.g., Vanta) and security program operations
- Experience evaluating/implementing SIEM or monitoring tooling
- Prior experience in a scale-up environment where you had to “build the muscle”
Mindset Fit
- Pragmatic, solutions-oriented, and able to work independently
- Comfortable with ambiguity and building structure
- Open to AI-enabled workflows and learning new tools (being strongly anti-AI is not a fit)
