Jobs · himalayas

R

InfoSec & IT Lead

Halcyon Labs · United States · Posted 18d ago

remotesenior🇺🇸 United States
Apply on himalayas

About the role

Design and operate a security and compliance program for data protection and vendor integrations.

About Halcyon Labs : Halcyon Labs is building the future of privacy-conscious identity resolution for advertising. Instead of relying on outdated identifiers like cookies, IP addresses, or device IDs, we resolve identity using deterministic, people-based signals to help advertisers reach real audiences with greater precision and confidence. Our solutions power smarter audience targeting, cross-device attribution, and curated private marketplaces—helping brands and agencies make their data work harder. The role: We are hiring a hands-on InfoSec & IT Lead to design, operate, and mature a security, privacy and compliance program that protects our data, enables secure vendor & partner integrations, and keeps Halcyon Labs audit-ready for SOC 2 and other certifications. You will help design and build a secure cloud architecture, lead SOC 2 and ISO 27001:2022 readiness, drive Zero Trust adoption, own security operations and incident response, and be accountable for privacy compliance across US state laws and GDPR. The role also includes hands-on IT operations for a small company ( What you'll do: Security strategy & architecture Define and execute the company security strategy and roadmap across cloud, data, application, and infrastructure security. Lead the design and pragmatic implementation of Zero Trust architecture principles (identity-centric controls, least-privilege access, micro-segmentation, device posture and conditional access). Design and enforce secure cloud architecture patterns (AWS best practices for S3, IAM, KMS, VPCs, cross-account roles and clean-room integrations). Implement secure key management, encryption at rest / in transit, and data classification & retention standards appropriate for sensitive data. Compliance, GRC & Privacy (SOC 2, ISO 27001 & Data Privacy) Own SOC 2 readiness, audit lifecycles and evidence automation. Lead ISO 27001:2022 readiness and the ISMS lifecycle when appropriate (scoping, risk assessment & treatment, SoA, internal/external audits). Own data privacy compliance frameworks across relevant regimes: US state privacy laws (e.g., CPRA/CCPA and other state statutes) and EU GDPR. Responsibilities include: Maintain a comprehensive data map / Record of Processing Activities (RoPA) covering personal data flows, storage locations, retention and processors. Run Data Protection Impact Assessments (DPIAs) for high-risk processing and partner integrations. Operate a DSAR / DSR process (data subject access/deletion/portability requests) and ensure timely responses that meet legal deadlines. Manage Data Processing Agreements (DPAs) and contractual privacy controls with vendors and partners. Implement and enforce privacy-by-design/default controls and data minimization across technical and product solutions. Ensure lawful cross-border data transfer mechanisms (e.g., SCCs, adequacy assessments, and technical safeguards) and document them appropriately. Operate and maintain compliance automation tooling (e.g., Vanta) and privacy management tooling; track remediation and evidence collection. Security operations & engineering Build and operate detection & monitoring (centralized logging, alerting and lightweight SIEM). Manage vulnerability scanning, third-party pen testing, remediation workflows and risk treatment. Partner & cloud integrations Secure onboarding and hardening of partner integrations (S3 buckets, IAM roles, cross-account access, clean-room patterns). Assess and govern third-party security and privacy posture with technical and contractual controls. IT operations & employee support Manage day-to-day IT for a company Own vendor relationships for IT/security/privacy services and provide escalated IT support. Team, communication & culture Evangelize security and privacy across the company: training, phishing simulations, privacy awareness. Report security and privacy KPIs to executives (SOC 2/ISO coverage, Zero Trust adoption, DSAR SLAs, MTTR). Required Qualifications: 6+ years of professional experience in information security, with at least 3 years in a leadership/managerial role. Hands-on cloud security experience in AWS (S3, IAM, KMS, CloudTrail, CloudWatch, VPCs, cross-account roles). Proven experience leading SOC 2 readiness and audit programs and operating compliance automation tools. Practical experience implementing Zero Trust principles in cloud environments. Practical experience with GDPR and with US state privacy laws (CCPA/CPRA and/or other modern state privacy statutes), including DSAR/DSR handling, DPIAs, RoPA, DPAs and breach notification processes. Strong operational security capabilities (vulnerability management, IR, logging/monitoring, IAM, encryption). Practical IT operations experience for small companies (MDM, SSO/MFA, onboarding/offboarding). Excellent written and verbal communication skills. Formal security certification preferred (CISSP, CISM). Preferred / nice-to-have Experience directly driving or supporting ISO 27001:2022 certification and managing a

Read the full posting on himalayas

FAQ

Is the InfoSec & IT Lead role at Halcyon Labs remote?+

This InfoSec & IT Lead position is listed as remote (United States).

What seniority level is this InfoSec & IT Lead role?+

This is a senior level position.

How do I apply for the InfoSec & IT Lead role at Halcyon Labs?+

Use the "Apply on himalayas" button to open the original posting on himalayas, where you can submit your application directly to Halcyon Labs.