Information Security & Compliance Leader

Benefits

Additional Information

⛰️ About Northslope The generational companies of the next century will run on mission-specific AI software that compounds their competitive advantage, not commoditized SaaS. We purpose-build production AI applications that enable our customers to operate at the speed, scale, and margins of an enterprise software company, in any industry. We're building something fundamentally different: software that's as adaptable as the businesses it serves, created by engineers who understand both code and customer. 🛠️ The Role Northslope operates at the intersection of AI and mission-critical software development for enterprise and defense organizations. We work across jurisdictions and under complex contractual security requirements. Our compliance posture must scale alongside our ambition. We have achieved ISO 27001, SOC 2 Type II, and Cyber Essentials Plus certification. We are now hiring our first dedicated security leader to own and evolve the program, and to serve as a security architecture partner to our product and delivery teams. This role is accountable for everything at the intersection of security, compliance, and customer trust. You will maintain and mature our certification portfolio, lead customer security diligence, and define governance around AI and SaaS usage. Just as importantly, you will be embedded in how we build and deploy software for customers, ensuring the systems we ship are actively secure and that we are protecting our customers' information as rigorously as our own. In a world where the attack and leak surface is taking on new dimensions as we field AI capabilities and partner with machines to build production software, this work has never been more urgent. You will partner closely with product engineering, delivery teams, and operations on technical risk, secure architecture, and compliance strategy. You will own our compliance platform and vendor relationships, and serve as the internal and external face of Northslope's security program. We are not looking for security theater. We are building durable, scalable security that protects the company and our customers without creating unnecessary friction. ✍️ What You'll Own Certification & Framework Leadership Own and mature Northslope's SOC 2, ISO 27001, Cyber Essentials Plus, HIPAA, and CMMC programs. Build a unified control environment that scales globally. Embed security requirements directly into our platform architecture from the start, so compliance is a product feature rather than an afterthought. Secure Platform Architecture Partner closely with our product engineering team as a security architect. Define and enforce security patterns across our platform's multi-agent orchestration layer, data isolation model, and customer-facing deployment surfaces. Own threat modeling for new platform capabilities and ensure our architecture meets the security bar required by enterprise and defense customers out of the box. Customer-Facing Security & Trust Lead all third-party risk assessments, security questionnaires, and audit engagements. Ensure our platform's architecture and documentation make it easy to demonstrate compliance to customers. Represent Northslope's security posture credibly to enterprise buyers, auditors, and legal teams, treating security as a commercial asset that accelerates deal velocity. AI & SaaS Governance Establish governance over AI tools and SaaS used in both internal operations and customer engagements. Define guardrails for how our platform's AI components handle customer data, including data residency, model access controls, and audit trails. Proactively assess emerging risks as the AI landscape evolves. Identity, Access & Tenant Isolation Own access control strategy across Northslope's internal systems (SSO, Okta, provisioning/deprovisioning) and across our platform's multi-tenant architecture. Define how customer data, workspaces, and third-party integrations are isolated. Ensure least-privilege access for both employees and system-level service accounts. Governance, Incident Readiness & Secure SDLC Own and evolve the ISMS, security awareness training, incident response, and business continuity. Define and enforce secure development lifecycle practices for our platform codebase, including dependency management, secret handling, code review security gates, and vulnerability remediation SLAs. Serve as the primary escalation point for security events across both internal systems and the platform. Vendor Risk, Background Checks & TechOps Partnership Lead background check compliance across the US and UK. Oversee third-party vendor risk management, including export controls and data residency. Define device and endpoint security standards in partnership with TechOps. Evaluate and approve third-party services integrated into our platform infrastructure, ensuring they meet the same security bar as our own systems. 🎯 What We're Looking For Proven Program Ownership: You have built or significantly matured an in

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at northslope-technologies? Share your experience