Optimove is a global marketing tech company, recognized as a Leader by Forrester and a Challenger by Gartner. We work with some of the world's most exciting brands, such as Sephora, Staples, and Entain, who love our thought-provoking combination of art and science. With a strong product, a proven business, and the DNA of a vibrant, fast-growing startup, we're on the cusp of our next growth spurt. It's the perfect time to join our team of ~450 thinkers and doers across NYC, LDN, TLV, and other locations, where 2 of every 3 managers were promoted from within. Growing your career with Optimove is basically guaranteed. 

We seek a highly skilled Security and Compliance Lead to drive the company’s security and compliance initiatives across our multi-cloud environments and services. This technical, hands-on role is responsible for securing applications, IT infrastructure, customer data, and employee endpoints while ensuring compliance with industry standards. The role also includes leading audits (ISO 27001, SOC 2 Type 2), managing penetration tests, supporting customer security inquiries, and assisting the field departments (sales, marketing) with security-related needs.

Responsibilities:

Security Leadership:
  • Develop, implement, and monitor security policies, standards, tools and procedures.
  • Manage security across multi cloud environments (GCP, AWS, Azure) covering applications, IT systems, and endpoints.
  • Lead incident response efforts, including root cause analysis and the implementation of remediation plans.
  • Continuously assess vulnerabilities and develop mitigation strategies.
Cloud Security:
  • Oversee the security posture in multi-cloud environments (AWS, GCP, Azure) and services (such as Snowflake, MongoDB, Auth0 and others)
  • Collaborate with DevOps and SRE teams to secure CI/CD pipelines and infrastructure.
  • Implement and manage security controls for workloads, applications, and sensitive data.
  • Vendor and Corporate Security Assessment:
  • Lead security assessments of third-party vendors and partners to ensure compliance with corporate security standards.
  • Conduct regular security evaluations of corporate systems, services, and tools to assess vulnerabilities.
  • Implement vendor management processes to maintain security controls and compliance across all third-party relationships.
  • Customer Security Support:
  • Answer customer security-related questions and assist in responding to RFPs and security questionnaires.
  • Support field departments (sales, marketing, etc.) by addressing security concerns, creating customer-facing security documentation, and maintaining a knowledge base with answers to common security inquiries.
Data Security and Privacy:
  • Protect customer data, including PII, using encryption, DLP strategies, and access controls.
  • Oversee endpoint security and data privacy policies, ensuring compliance with relevant regulations (e.g., GDPR, HIPAA).
  • Manage and enhance email security controls such as DMARC, DKIM, and SPF to protect against phishing and email fraud.
Compliance and Auditing:
  • Lead security audits such as ISO 27001, SOC 2, and ensure compliance with global regulations (GDPR, HIPAA, etc.).
  • Organize and manage penetration tests and vulnerability assessments, implementing remediation strategies based on findings.
  • Maintain comprehensive documentation and reporting for audits, senior management, and regulatory bodies.
Collaboration and Training:
  • Work with cross-functional teams (Legal, IT, Engineering) to embed security best practices across the organization.
  • Lead security awareness programs and training for employees.
  • Build and maintain a knowledge base of security policies, procedures, and common security questions for internal and external stakeholders.
Requirements:
  • 5+ years in security roles, with at least 3 years in cloud security and compliance.
  • Proven experience managing security audits (ISO 27001, SOC 2) and overseeing penetration tests.
  • Expertise in cloud-based SaaS platforms
  • Experience responding to customer security inquiries and supporting sales and marketing teams.
  • Hands-on experience with security tools, including firewalls, DLP, SIEM, encryption, and endpoint protection.
Technical Skills:
  • Proficient in cloud security practices across AWS, GCP, and/or Azure.
  • Strong knowledge of email security controls such as DMARC, DKIM, and SPF.
  • In-depth understanding of security technologies like IAM, VPN, firewalls, IDS/IPS, and encryption.
  • Experience with integrating security into CI/CD pipelines through DevSecOps practices.
  • Familiarity with endpoint management and device security tools.
  • Certifications (preferred):
  • CISSP, CISM, CISA, or similar security certifications.
  • Cloud security certifications (AWS Certified Security Specialty, Google Professional Cloud Security Engineer, etc.).
Soft Skills:
  • Strong leadership, communication, and documentation skills.
  • Ability to collaborate with cross-functional teams and handle customer-facing tasks.
  • Analytical mindset and problem-solving abilities.
 

Apply for this Job

* Required
resume chosen  
(File types: pdf, doc, docx, txt, rtf)
cover_letter chosen  
(File types: pdf, doc, docx, txt, rtf)


Enter the verification code sent to to confirm you are not a robot, then submit your application.

This application was flagged as potential bot traffic. To resubmit your application, turn off any VPNs, clear the browser's cache and cookies, or try another browser. If you still can't submit it, contact our support team through the help center.