Senior Account Manager – MSSP Partnerships, API Security
Wallarm. API & App Security Integrated
Cyber Security
Head of Information Security
Red Oak ISD
full-time
Posted on:
Location: 🇺🇸 United States
Visit company websiteJob Level
Lead
Tech Stack
AWSCloudCyber SecurityTerraform
About the role
- Own Red Oak’s SOC 2 Type II audit program, including control definition, gap assessments, evidence gathering, and renewals.
- Respond to customer RFPs, security questionnaires, and vendor risk reviews.
- Guide implementation and alignment with frameworks like NIST CSF, ISO 27001, and GDPR/CCPA.
- Maintain and evolve security policies, training programs, and internal documentation.
- Partner with Legal, Sales, and Engineering to ensure contractual and regulatory security obligations are met.
- Lead vulnerability management, penetration testing coordination, and threat modeling efforts.
- Monitor security risks across infrastructure, application, and third-party services.
- Build or integrate a lightweight Security Operations Center (SOC) model, including incident response playbooks and post-incident analysis.
- Drive adoption of security automation, alerting, and monitoring tools.
- Partner with Engineering on secure development practices, including code reviews, dependency scanning, and CI/CD hardening.
- Participate in architecture reviews to ensure secure-by-default system design.
- Help enforce PII handling standards, encryption policies, and access controls in line with privacy regulations.
- Define and evolve Red Oak’s security roadmap, including tool selection, team growth, and control maturity.
- Track and report on key security KPIs and represent security posture to customers, partners, and executives.
- Build and lead a security team over time as business needs grow.
Requirements
- 7+ years of experience in information security roles, with at least 2+ years in a leadership or principal-level position.
- Proven experience managing SOC 2 Type II or equivalent audit processes from end to end.
- Strong understanding of cloud-native security principles (especially AWS), infrastructure-as-code, and web application security.
- Familiarity with frameworks like NIST CSF, ISO 27001, and GDPR/CCPA.
- Experience coordinating penetration testing, vulnerability scanning, threat modeling, and secure CI/CD workflows.
- Excellent communication skills with both technical teams and external stakeholders.
- Certifications such as CISSP, CISM, or OSCP are highly preferred.
- Preference experience with security tools like AWS Security Hub, Snyk, Burp Suite, Terraform Sentinel, or Open Policy Agent (OPA).
- Familiarity with PCI-DSS, especially in the context of integrating with third-party payment providers is highly preferred.
- Previous experience building or scaling a security program in a B2B SaaS product company is ideal.
