Head of Information Security and Compliance

We are global advocacy platform powering creator communities for the world's leading beauty and personal care brands. Founded in 2019, we help brands like L'Oréal, Estée Lauder, Coty, and Unilever build authentic relationships with millions of creators, driving user-generated content at scale.

What We Do:

• Connect brands with 350M+ creators globally through our proprietary database
• Power advocacy programs across 40+ markets (US, UK, EU, LATAM, Middle East, Asia)
• Process millions of creator interactions, content submissions, and campaign data points monthly
• Handle sensitive personal data (PII), financial transactions, and brand-creator relationships

Our Scale:

• Trusted by Fortune 500 beauty & personal care brands
• Processing 100k+ creator content submissions monthly
• Operating in 40+ countries with localized compliance requirements

Why Join Us:

• High-growth SaaS scale-up at the intersection of social, beauty, and enterprise tech
• Build security & compliance infrastructure from the ground up - you'll own it
• Work directly with Fortune 500 clients (L'Oréal, Unilever, Estée Lauder)
• Remote-first culture with global team
• Meaningful equity stake in a fast-growing company

The Role: Head of Information Security & Compliance

As our first Head of InfoSec & Compliance, you'll be the guardian of trust - ensuring we meet the highest standards of data protection, security, and regulatory compliance as we scale globally. You'll build our compliance framework from the ground up, own enterprise client security reviews, and future-proof our platform for SOC 2, ISO 27001, and global data privacy regulations.

This is a foundational role. You'll have the autonomy to shape our security posture, define policies, and build the systems that enterprise clients demand.

What You'll Do

Compliance & Regulatory (40%)

• Own GDPR, CCPA, LGPD, and emerging data privacy regulations across 40+ markets
• Maintain SOC 2 Type II certification (or lead first certification if not yet achieved)
• Prepare for ISO 27001 certification roadmap
• Manage DPIAs (Data Protection Impact Assessments) for new features/markets
• Be the go-to expert for client compliance questionnaires, security reviews, and audits
• Ensure vendor compliance (AWS, payment processors, third-party APIs)

Client Security & Enterprise Sales Enablement (30%)

• Own enterprise client security reviews (infosec questionnaires, pen test reports, architecture reviews)
• Support sales team with security documentation, certifications, and client security calls
• Build & maintain security collateral (security white papers, data flow diagrams, compliance matrices)
• Act as security liaison for enterprise clients (L'Oréal, Unilever, Estée Lauder)
• Negotiate data processing agreements (DPAs) and BAAs

InfoSec Infrastructure & Risk Management (30%)

• Design and implement security policies, procedures, and controls
• Conduct regular risk assessments and threat modeling
• Manage vulnerability management program (pen tests, bug bounties, security scanning)
• Oversee incident response planning and execution
• Drive security awareness training for engineering and ops teams
• Monitor security tools (SIEM, CASB, endpoint protection) and respond to alerts