Red Oak ISD

Head of Information Security

Red Oak ISD

full-time

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Manual Apply

Job Level

Lead

Tech Stack

AWSCloudCyber SecurityTerraform

About the role

  • Own Red Oak’s SOC 2 Type II audit program, including control definition, gap assessments, evidence gathering, and renewals.
  • Respond to customer RFPs, security questionnaires, and vendor risk reviews.
  • Guide implementation and alignment with frameworks like NIST CSF, ISO 27001, and GDPR/CCPA.
  • Maintain and evolve security policies, training programs, and internal documentation.
  • Partner with Legal, Sales, and Engineering to ensure contractual and regulatory security obligations are met.
  • Lead vulnerability management, penetration testing coordination, and threat modeling efforts.
  • Monitor security risks across infrastructure, application, and third-party services.
  • Build or integrate a lightweight Security Operations Center (SOC) model, including incident response playbooks and post-incident analysis.
  • Drive adoption of security automation, alerting, and monitoring tools.
  • Partner with Engineering on secure development practices, including code reviews, dependency scanning, and CI/CD hardening.
  • Participate in architecture reviews to ensure secure-by-default system design.
  • Help enforce PII handling standards, encryption policies, and access controls in line with privacy regulations.
  • Define and evolve Red Oak’s security roadmap, including tool selection, team growth, and control maturity.
  • Track and report on key security KPIs and represent security posture to customers, partners, and executives.
  • Build and lead a security team over time as business needs grow.

Requirements

  • 7+ years of experience in information security roles, with at least 2+ years in a leadership or principal-level position.
  • Proven experience managing SOC 2 Type II or equivalent audit processes from end to end.
  • Strong understanding of cloud-native security principles (especially AWS), infrastructure-as-code, and web application security.
  • Familiarity with frameworks like NIST CSF, ISO 27001, and GDPR/CCPA.
  • Experience coordinating penetration testing, vulnerability scanning, threat modeling, and secure CI/CD workflows.
  • Excellent communication skills with both technical teams and external stakeholders.
  • Certifications such as CISSP, CISM, or OSCP are highly preferred.
  • Preference experience with security tools like AWS Security Hub, Snyk, Burp Suite, Terraform Sentinel, or Open Policy Agent (OPA).
  • Familiarity with PCI-DSS, especially in the context of integrating with third-party payment providers is highly preferred.
  • Previous experience building or scaling a security program in a B2B SaaS product company is ideal.