Information Security Specialist (CISO)

Your job will be to lead information security for our SaaS product and take full ownership of SOC 2 certification (Type I → Type II) as a business-critical initiative.

This is a hands-on CISO role, not a purely advisory or policy-writing position. We are looking for someone who has already led SOC 2 audits in a real SaaS environment, understands the pitfalls, and knows how to build security controls that actually work in production — not just on paper.

You will work closely with engineering, product, and leadership, embedding security into everyday workflows and confidently representing the company in front of auditors, customers, and partners.

This role is for someone who can own the entire SOC 2 journey end-to-end and deliver results.

🧰 Tech & Compliance Stack

SOC 2 (Type I & Type II)
ISO 27001
GDPR
Compliance platforms: Vanta / Drata / Secureframe (or similar)
Cloud & SaaS infrastructure
CI/CD pipelines, access control, and monitoring systems

✅ Responsibilities

— Lead SOC 2 certification for our SaaS product end-to-end (Type I → Type II)
— Run SOC 2 readiness assessments independently
— Define scope, Trust Service Criteria, and control ownership
— Design, implement, and operate security controls from scratch
— Build sustainable evidence collection and audit processes
— Embed security into engineering workflows (CI/CD, access management, monitoring)
— Work directly with external auditors and compliance platforms
— Translate compliance requirements into practical, scalable security solutions
— Support enterprise customers with security reviews and questionnaires
— Defend security decisions in front of auditors, customers, and leadership

📌 Requirements (Must-Have)

— 7+ years of experience in information security/cybersecurity
— 3+ years in a leadership role (CISO / Head of Security / Security Lead)
— Hands-on experience leading SOC 2 certification for a SaaS product
— Completed SOC 2 Type I audit
— Experience preparing for and/or passing SOC 2 Type II
— Strong working knowledge of GDPR and ISO 27001
— Direct experience working with external auditors
— Hands-on experience with compliance automation platforms (Vanta, Drata, Secureframe, or similar)
— Ability to build security controls in a real product environment — not just policies
— Strong communication skills in English

🌟 Nice to Have

— Successfully passed SOC 2 Type II audit
— Engineering, DevOps, or cloud infrastructure background
— Experience supporting enterprise customers during security reviews
— Experience scaling security processes in a growing SaaS company

😎 Personal Qualities

— Hands-on, pragmatic mindset
— Strong ownership and accountability
— Ability to work independently without “hand-holding.”
— Clear, confident communication with both technical and non-technical stakeholders
— Comfortable making and defending security decisions
— Product-oriented thinking — security as a business enabler, not a blocker

🎁 What We Offer

100% remote work
Flexible schedule — focus on outcomes, not hours
High level of trust and autonomy
Direct impact on a business-critical milestone (SOC 2)
Opportunity to shape the entire security function from the ground up
Long-term collaboration with leadership and engineering

🎯 Expected Impact (First 3–6 Months)

— Clear SOC 2 roadmap with defined scope and ownership
— Security controls implemented and operational
— Audit-ready state achieved
— SOC 2 Type I completed or in final audit phase
— Strong foundation laid for SOC 2 Type II

🚫 Important to Note

This role is not suitable for:
First-time CISOs without completed SOC 2 projects
Pure consultants or advisory-only profiles
Compliance managers without hands-on product & cloud security experience

Hiring Process

— HR interview
— Technical / security deep-dive interview
— Interview with leadership
— Offer preparation

To apply, please share:

— English level
— Notice period
— Salary expectations (USD/hour, gross)
— Current location and remote availability
— Legal setup (B2B / FOP / other)

—
Team Testomat.io 💙