[Hiring] Information Security Specialist @Customer.io

Role Description

Hi, I'm Bill, VP of Operations at Customer.io. I'm looking for an Information Security Specialist to join our team.

As our first dedicated InfoSec hire, you'll be the go-to person for securing our organizational systems, data, and operations across a globally distributed, remote-first company. Reporting to the VP of Operations, you'll work closely with IT, Compliance, and Platform Security to protect customer data, maintain our compliance posture, and help the company adopt AI tools thoughtfully and securely. This is an experienced individual contributor role — you'll be hands-on with tooling and policy, not managing a team.

We're a company that embraces AI — we use it in our product and want our team to use it to do their best work. We need someone who sees AI as an opportunity to enable, not just a risk to lock down. You'll help us build practical guardrails that let people move fast with AI while protecting customer data and staying compliant.

What we value

• Pragmatic security — You focus on real risk reduction, not perfection, and avoid slowing the business down unnecessarily.
• Enablement over restriction — You default to “yes, if…” and help teams adopt tools like AI safely and confidently.
• Ownership and autonomy — You take responsibility for your domain and can operate independently in a fast-moving environment.
• Clarity and usability — You create policies and guidance that are simple, practical, and actually followed.
• Cross-functional partnership — You build trust and work effectively across IT, Engineering, Legal, and GTM teams.
• Curiosity and adaptability — You stay current on evolving threats, especially in AI and SaaS environments.
• Calm under pressure — You bring structure and clear thinking during incidents and audits.
• High standards, right-sized — You balance quality with speed and scale appropriately for a growing company.

What you’ll do

• AI Governance & Enablement — Develop and maintain a practical framework for evaluating, approving, and securely deploying AI tools across the organization.
• Vulnerability Management — Own our vulnerability management program — scanning, triaging, coordinating remediation, and tracking resolution across infrastructure, applications, and endpoints.
• Compliance — Support and improve our compliance posture (SOC 2, ISO 27001), including evidence collection, control monitoring, and audit support.
• Incident Response — Lead security incident response — investigate alerts, coordinate containment, document root causes, and drive improvements.
• Security Tooling — Manage and tune security tooling (EDR, SIEM/logging, DLP, email security, identity and access management controls).
• Vendor & Third-Party Risk — Conduct security reviews of third-party vendors, SaaS integrations, and AI services.
• Policy & Standards — Develop and maintain security policies, standards, and runbooks that are practical and right-sized for our environment.
• Application Security Partnership — Partner with Platform Security and Engineering on application security topics.
• Security Awareness — Drive security awareness initiatives — phishing simulations, training programs, AI literacy education, and ongoing guidance for the team.
• Threat Intelligence — Monitor and assess emerging threats, and translate them into actionable recommendations for leadership.

Qualifications

• 4+ years of experience in information security, cybersecurity, or a related technical discipline.
• A pragmatic, enabling mindset toward AI — you understand the risks but you're not reflexively restrictive.
• Hands-on experience with compliance frameworks (SOC 2, ISO 27001).
• Strong knowledge of cloud security fundamentals (AWS, GCP, or similar), endpoint protection, and identity/access management.
• Experience with security tooling — EDR, SIEM, vulnerability scanners, DLP, and email security platforms.
• Solid understanding of incident response processes and the ability to stay calm under pressure.
• Familiarity with SaaS environments, remote-first operations, and the security challenges that come with them.
• Strong written communication skills.
• Self-starter mentality — you're comfortable working autonomously and prioritizing across competing demands.
• Experience evaluating AI/ML tools for data privacy and security risks is a strong plus.
• Experience in vendor risk assessment and third-party security reviews.
• Security certifications (CISSP, CISM, CompTIA Security+, or similar) are a plus but not required.

Compensation & Benefits

• Starting salary for this role is $151,000 to $170,000 (or equivalent in local currency) depending on experience and subject to market rate adjustment.
• 100% coverage of medical, dental, vision, mental health, and supplemental insurance premiums for you and your family.
• 16 weeks paid parental leave, unlimited PTO.
• Stipends for remote work and wellness, a professional development budget, and more.

Our Process

• 30-minute call with Recruiter.
• 45-minute video call with Hiring Manager.
• 3 x 30-minute video calls with Cross-Functional Partners (IT, Compliance, Platform Security).
• 45-minute Case & Case Review Call with Team.
• All final candidates will be asked to complete a background check and employment verifications as part of our pre-employment process.

Join us!

Check out our careers page for more information about why you should come work with us! We believe in empathy, transparency, responsibility, and, yes, a little awkwardness. If you’re excited by what you read — apply now.