Information Security & Compliance Leader

⛰️ About Northslope The generational companies of the next century will run on mission‑specific AI software that compounds their competitive advantage, not commoditized SaaS. We purpose‑build production AI applications that enable our customers to operate at the speed, scale, and margins of an enterprise software company, in any industry. We’re building something fundamentally different: software that’s as adaptable as the businesses it serves, created by engineers who understand both code and customer. ️ The Role Northslope operates at the intersection of AI and mission‑critical software development for enterprise and defense organizations. We work across jurisdictions and under complex contractual security requirements. Our compliance posture must scale alongside our ambition. We have achieved ISO 27001, SOC 2 Type II, and Cyber Essentials Plus certification. We are now hiring our first dedicated security leader to own and evolve the program, and to serve as a security architecture partner to our product and delivery teams. This role is accountable for everything at the intersection of security, compliance, and customer trust. You will maintain and mature our certification portfolio, lead customer security diligence, and define governance around AI and SaaS usage. Just as importantly, you will be embedded in how we build and deploy software for customers, ensuring the systems we ship are actively secure and that we are protecting our customers’ information as rigorously as our own. In a world where the attack and leak surface is taking on new dimensions as we field AI capabilities and partner with machines to build production software, this work has never been more urgent. You will partner closely with product engineering, delivery teams, and operations on technical risk, secure architecture, and compliance strategy. You will own our compliance platform and vendor relationships, and serve as the internal and external face of Northslope’s security program. We are not looking for security theater. We are building durable, scalable security that protects the company and our customers without creating unnecessary friction. ✍️ What You’ll Own Certification & Framework Leadership Own and mature Northslope’s SOC 2, ISO 27001, Cyber Essentials Plus, HIPAA, and CMMC programs. Build a unified control environment that scales globally. Embed security requirements directly into our platform architecture from the start, so compliance is a product feature rather than an afterthought. Secure Platform Architecture Partner closely with our product engineering team as a security architect. Define and enforce security patterns across our platform’s multi‑agent orchestration layer, data isolation model, and customer‑facing deployment surfaces. Own threat modeling for new platform capabilities and ensure our architecture meets the security bar required by enterprise and defense customers out of the box. Customer‑Facing Security & Trust Lead all third‑party risk assessments, security questionnaires, and audit engagements. Ensure our platform’s architecture and documentation make it easy to demonstrate compliance to customers. Represent Northslope’s security posture credibly to enterprise buyers, auditors, and legal teams, treating security as a commercial asset that accelerates deal velocity. AI & SaaS Governance Establish governance over AI tools and SaaS used in both internal operations and customer engagements. Define guardrails for how our platform’s AI components handle customer data, including data residency, model access controls, and audit trails. Proactively assess emerging risks as the AI landscape evolves. Identity, Access & Tenant Isolation Own access control strategy across Northslope’s internal systems (SSO, Okta, provisioning/deprovisioning) and across our platform’s multi‑tenant architecture. Define how customer data, workspaces, and third‑party integrations are isolated. Ensure least‑privilege access for both employees and system‑level service accounts. Governance, Incident Readiness & Secure SDLC Own and evolve the ISMS, security awareness training, incident response, and business continuity. Define and enforce secure development lifecycle practices for our platform codebase, including dependency management, secret handling, code review security gates, and vulnerability remediation SLAs. Serve as the primary escalation point for security events across both internal systems and the platform. Vendor Risk, Background Checks & TechOps Partnership Lead background check compliance across the US and UK. Oversee third‑party vendor risk management, including export controls and data residency. Define device and endpoint security standards in partnership with TechOps. Evaluate and approve third‑party services integrated into our platform infrastructure, ensuring they meet the same security bar as our own systems. What We’re Looking For Proven Program Ownership: You have built or significantly matured an information security program at a company of comparable size and complexity. You have owned a GRC platform like Vanta and know how to operationalize it. You are comfortable being the accountable owner. Multi‑Framework Expertise: You have led SOC 2 and ISO 27001 engagements and have meaningful exposure to HIPAA, CMMC, or Cyber Essentials. You understand framework overlap and build unified programs rather than treating each certification as a separate initiative. Technical Credibility: You can design security into cloud‑native platforms and production software, not just audit them after the fact. You understand multi‑tenant data isolation, secure SDLC, and identity architecture at a systems level. Engineers trust your judgment because you’ve shipped alongside them, not because you’ve blocked them. Pragmatic Security Mindset: You focus on protecting the business and its customers, not accumulating certifications. You understand that in a forward‑deployed engineering model, security extends to the systems we build and operate for customers, not just our internal environment. You know how to get to yes. Secure Product Development Experience: You have defined security architecture for a product or platform, not just an internal IT environment. You’ve done threat modeling, designed data isolation patterns, defined secure SDLC practices, or owned security reviews in a CI/CD pipeline. You’re comfortable in a codebase, even if you’re not writing features. AI‑Era Security Awareness: You are thinking actively about the security implications of AI‑assisted software development: code generated by AI agents, data flowing through model APIs, prompt injection risks, and the expanding attack surface that comes with using AI to build production software. You don’t need to have all the answers, but you need to be asking the right questions and helping the team navigate uncharted territory. Delivery‑Embedded Security: You want to be involved in how we build and deploy software for customers, not just how we protect our own systems. You’re energized by working alongside engineering and delivery teams to ensure the systems we ship are secure by design. Executive‑Level Communication: You can clearly articulate risk to employees, customers, legal teams, and auditors. You translate technical complexity into business impact. High Ownership Mentality: You operate independently, close gaps end‑to‑end, and build scalable systems in environments that are evolving quickly. You embrace a ‘nothing is beneath you’ attitude, tackling any task necessary to achieve the desired outcomes. What We Offer Competitive base salary + equity in the form of stock options Comprehensive benefits package including health insurance (inclusive of dental and vision) and 401k matching Flexible hybrid work environment The opportunity to build solutions, systems, and software from the ground up as we scale A small, tight‑knit team where your contributions directly impacts our ability to execute on our mission Occasional travel (less than 10% of your time) for company offsites where you’ll connect with teams across our New York and London hubs Our Principles Only Valuable Problems: Not every problem is worth solving. We work on the projects that will significantly improve our customers’ bottom lines. Outcomes, Not Activity: We create value, not extract it. We focus on our business impact, not racking up billable hours. Forward Deployed Engineering: We never build in a vacuum. We go to the heart of the problem and build alongside our users. One size fits none. Generic software fails the most important customers. We build for the specific — the exact industry, workflow, data, and competitive context of the company we’re serving. Why Northslope At Northslope, we’re built different. We take pride in being more like a product startup than a traditional services firm. We value velocity, ingenuity, and grit, and we relentlessly focus on delivering tangible outcomes for our customers. We also have fun. We get to work on big, hard problems, in a fast‑paced environment, alongside sharp yet kind teammates who help us continuously grow and delight in one another’s successes. We offer full benefits and all the perks you’d expect of a modern tech startup, and are a distributed global team with hubs in London, New York, and UAE. We hope you’re excited to join us and look forward to speaking with you soon. Northslope is committed to building a strong, diverse team. We believe teams with a diversity of lived experience, background, and perspectives create better outcomes for our customers and are just more enjoyable to be part of. We are committed to creating and living a culture of diversity, equity, and inclusion throughout our work. We do not discriminate on the basis of race, national origin, religion, disability, pregnancy, age, military status, marital status, genetic characteristics or information, gender, gender identity, gender variance, or sexual orientation. #J-18808-Ljbffr Northslope