Security & Trust Lead (USA Only - 100% Remote)

Other Jobs To Apply

No other job posts for this day.

<div><strong><strong>About the Role</strong></strong><br/><br/>We have 11k+ customers, which means we have a lot of data in our care. Earning and keeping their trust - rigorous security and privacy practices, plus the compliance and audit work that verifies it to customers - has so far been spread across engineering leadership, our founders, and our ops team. It's high time this had a real owner.<br/><br/>You'll be the first person at Close whose full-time job is protecting our customers' data and our company: GRC (security governance, risk, and compliance), internal security (identity, devices, access, vendors), incidents, and the customer-facing resources that prove we do this well. Your mandate is to build this like an engineer - automate the evidence, codify the processes, use AI aggressively. We recommend giving grc.engineering a read; this is the mentality we're hiring for.<br/><br/><strong><strong>You are</strong></strong><br/><ul><li><strong>A hands-on operator, with 5+ years of building Security & Trust programs.</strong> You've personally run security and compliance programs, ideally at a 50-300 person company. You've been the one configuring SSO, running access reviews, answering the SOC 2 auditor's questions.</li><li><strong>Technical enough to know how our systems work.</strong> You can reason about SSO/IAM configuration details, trace how customer data flows through third-party tools, and dig through logs (e.g., in Loki) to run down an incident yourself.</li><li><strong>Automation and efficiency minded.</strong> You'll happily grind through manual work when it's needed - screenshotting evidence, searching logs - but you refuse to still be doing it by hand a year later, so you automate it away with scripts, APIs, and AI.</li><li><strong>AI-positive.</strong> You see AI as something to help us adopt faster, not just a risk to manage. Your instinct is to find the safe path to yes and you can tell the difference between exposure and vibes.</li></ul><strong><strong>You will</strong></strong><br/><ul><li><strong>Run our GRC program - then automate it.</strong> Vanta day to day (controls, policies, alerts, evidence, vendor reviews), leading our SOC 2 Type 2 audits, annual risk assessments, and evaluating additional frameworks (ISO 27001, HIPAA). Wherever a recurring check, evidence pull, or list (like our GDPR subprocessors) can come from code or an API instead of by hand, make it so.</li><li><strong>Own how customer data moves through our stack.</strong> Audit what flows to third-party tools (and stop what shouldn't), and build a real process for deletion requests across our analytics stack.</li><li><strong>Be the security gate for new tools and vendors.</strong> Confirm SOC 2 status, get the DPA signed, add them in Vanta, update the subprocessor list - with a process that lets the team adopt new tools (AI especially) quickly and safely. Procurement and spend stay with finance/ops; the security and privacy review is yours.</li><li><strong>Make Close best-in-class at communicating trustworthiness.</strong> Own trust.close.com and our security/privacy/GDPR pages, and turn them into the place where customers' security questions can answer themselves.</li><li><strong>Coordinate product security audits.</strong> Run pen tests and audits of our product jointly with Engineering - vendor selection, scoping, and the artifacts we need for customers and partners (e.g., Google OAuth restricted scopes). Engineering fixes what's found; you make sure the audits happen and produce what we need.</li><li><strong>Investigate and clean up security incidents.</strong> When something looks off, you're the one who digs in to run it down and contain it - work that currently falls to Engineering by default.</li><li><strong>Own our identity and device security.</strong> SSO/IAM strategy and configuration, MDM across the fleet, the security side of onboarding/offboarding, and regular access reviews so no one keeps a key they shouldn't. You make the call on where we require SSO and what we'll pay for it.</li><li><strong>Run our employee security program.</strong> Training people actually remember, phishing simulations to keep us honest, and ongoing monitoring (e.g., 1Password Watchtower) with follow-through.</li></ul><strong><strong>What this role is not</strong></strong><br/><ul><li><strong>Product or application security engineering.</strong> You'll coordinate audits of our product and drive incident investigations, but you won't ship code to our product, own its architecture, or be responsible for implementing fixes - that belongs to our engineering org.</li><li><strong>Infrastructure.</strong> Our AWS and production infrastructure belong to our DevOps/SRE team. Where your work touches production, you drive the investigation; engineering implements what needs production access.</li><li><strong>Legal.</strong> Privacy policy, DPAs, and legal interpretation of GDPR/CCPA will sit with our legal function. You own the operational side and partner closely with them.</li><li><strong>Only IT support.</strong> You'll help with the occasional IT request - it comes with owning devices, identity, and tooling - but it's a small slice of the job, and you'll automate the routine parts. If helpdesk work is the whole of your background, this isn't the fit.</li></ul><strong><strong>Benefits</strong></strong><br/><ul><li>Compensation: Competitive pay plus an organization-wide goal-based bonus</li><li>Paid Time Off: ~5 weeks of PTO to start. Plus a 1-week all-company Winter Holiday Break and paid US holidays. You'll earn 2 extra days for every year you're with Close.</li><li>80% Work Option: Work with your manager to choose between a standard 5-day week or a 4-day week at 80% pay</li><li>Parental Leave: Paid leave for primary and secondary caregivers</li><li>Sabbatical: A 1-month paid sabbatical every 5 years with the team</li><li>Healthcare (US residents): Two medical plans with Close covering 99% of your premium, plus Dental, Vision, HSA, FSA, and company-paid Long-Term Disability</li><li>401k (US residents): We match your contributions up to 6%, vested immediately</li></ul></div>

Back to blog

Common Interview Questions And Answers

1. HOW DO YOU PLAN YOUR DAY?

This is what this question poses: When do you focus and start working seriously? What are the hours you work optimally? Are you a night owl? A morning bird? Remote teams can be made up of people working on different shifts and around the world, so you won't necessarily be stuck in the 9-5 schedule if it's not for you...

2. HOW DO YOU USE THE DIFFERENT COMMUNICATION TOOLS IN DIFFERENT SITUATIONS?

When you're working on a remote team, there's no way to chat in the hallway between meetings or catch up on the latest project during an office carpool. Therefore, virtual communication will be absolutely essential to get your work done...

3. WHAT IS "WORKING REMOTE" REALLY FOR YOU?

Many people want to work remotely because of the flexibility it allows. You can work anywhere and at any time of the day...

4. WHAT DO YOU NEED IN YOUR PHYSICAL WORKSPACE TO SUCCEED IN YOUR WORK?

With this question, companies are looking to see what equipment they may need to provide you with and to verify how aware you are of what remote working could mean for you physically and logistically...

5. HOW DO YOU PROCESS INFORMATION?

Several years ago, I was working in a team to plan a big event. My supervisor made us all work as a team before the big day. One of our activities has been to find out how each of us processes information...

6. HOW DO YOU MANAGE THE CALENDAR AND THE PROGRAM? WHICH APPLICATIONS / SYSTEM DO YOU USE?

Or you may receive even more specific questions, such as: What's on your calendar? Do you plan blocks of time to do certain types of work? Do you have an open calendar that everyone can see?...

7. HOW DO YOU ORGANIZE FILES, LINKS, AND TABS ON YOUR COMPUTER?

Just like your schedule, how you track files and other information is very important. After all, everything is digital!...

8. HOW TO PRIORITIZE WORK?

The day I watched Marie Forleo's film separating the important from the urgent, my life changed. Not all remote jobs start fast, but most of them are...

9. HOW DO YOU PREPARE FOR A MEETING AND PREPARE A MEETING? WHAT DO YOU SEE HAPPENING DURING THE MEETING?

Just as communication is essential when working remotely, so is organization. Because you won't have those opportunities in the elevator or a casual conversation in the lunchroom, you should take advantage of the little time you have in a video or phone conference...

10. HOW DO YOU USE TECHNOLOGY ON A DAILY BASIS, IN YOUR WORK AND FOR YOUR PLEASURE?

This is a great question because it shows your comfort level with technology, which is very important for a remote worker because you will be working with technology over time...