Information Security Specialist at Customer.io

About Customer.io

Over 8,000 companies, ranging from innovative startups to global brands, leverage our platform to deploy billions of emails, push notifications, in-app messages, and SMS daily. Customer.io empowers automated communication that is truly desired by recipients. We assist teams in sending smarter, more relevant messages by utilizing real-time behavioral data.

About the Role

Bill, VP of Operations at Customer.io, is seeking an Information Security Specialist to join our team. As our inaugural dedicated InfoSec hire, you will serve as the primary expert for securing our organizational systems, data, and operations within a globally distributed, remote-first company. Reporting directly to the VP of Operations, you will collaborate closely with IT, Compliance, and Platform Security teams to safeguard customer data, maintain our compliance posture, and facilitate the thoughtful and secure adoption of AI tools across the company. This is an experienced individual contributor role, meaning you will be hands-on with tooling and policy, rather than managing a team. We are a company that embraces AI, utilizing it in our product and encouraging its use by our team to maximize productivity. We seek an individual who views AI as an opportunity for enablement, not solely as a risk to restrict. You will be instrumental in establishing practical guardrails that allow teams to move quickly with AI while ensuring customer data protection and compliance. If your inclination is to prohibit first and inquire later, this role may not be suitable. If you are excited by the challenge of determining how to say, "yes, and here is how we can do it safely," then we encourage you to continue reading.

What We Value

• Pragmatic Security: Focus on tangible risk reduction over absolute perfection, avoiding unnecessary business slowdowns.
• Enablement Over Restriction: Default to a "yes, if..." approach, helping teams adopt tools like AI safely and confidently.
• Ownership and Autonomy: Take full responsibility for your domain and operate independently in a fast-paced environment.
• Clarity and Usability: Develop policies and guidance that are straightforward, practical, and effectively followed by the team.
• Cross-Functional Partnership: Build trust and collaborate effectively across IT, Engineering, Legal, and Go-To-Market (GTM) teams.
• Curiosity and Adaptability: Remain current on evolving threats, particularly those emerging in AI and SaaS environments.
• Calm Under Pressure: Provide structure and clear thinking during security incidents and audits.
• High Standards, Right-Sized: Balance quality with speed and scale solutions appropriately for a growing company.

What You'll Do

• AI Governance & Enablement: Develop and maintain a practical framework for evaluating, approving, and securely deploying AI tools throughout the organization. Assess data exposure risks, establish clear acceptable use guidelines, and empower teams to adopt AI confidently.
• Vulnerability Management: Own the vulnerability management program, including scanning, triaging, coordinating remediation efforts, and tracking resolution across infrastructure, applications, and endpoints.
• Compliance: Support and enhance our compliance posture (SOC 2, ISO 27001), which involves evidence collection, control monitoring, and audit support. Ensure AI usage aligns with regulatory and contractual obligations.
• Incident Response: Lead security incident response activities, investigating alerts, coordinating containment, documenting root causes, and driving continuous improvements.
• Security Tooling: Manage and fine-tune security tooling such as EDR, SIEM/logging, DLP, email security, and identity and access management controls.
• Vendor & Third-Party Risk: Conduct comprehensive security reviews of third-party vendors, SaaS integrations, and AI services, evaluating data handling practices, model training policies, and privacy commitments.
• Policy & Standards: Develop and maintain security policies, standards, and runbooks that are practical and appropriately scaled for our environment, including clear, usable AI usage policies that are genuinely followed.
• Application Security Partnership: Collaborate with Platform Security and Engineering teams on application security topics, providing advice on secure architecture, reviewing configurations, and supporting penetration testing efforts.
• Security Awareness: Drive security awareness initiatives, including phishing simulations, training programs, AI literacy education, and ongoing guidance for the team.
• Threat Intelligence: Monitor and assess emerging threats, including AI-driven attack vectors, and translate them into actionable recommendations for leadership.

What We're Looking For

• 7+ years of experience in information security, cybersecurity, or a related technical discipline.
• A pragmatic, enabling mindset toward AI: you understand the risks but avoid reflexive restrictions. You have critically considered how organizations can responsibly utilize AI tools such as LLMs, coding assistants, and automation.
• Hands-on experience with compliance frameworks (SOC 2, ISO 27001), including experience successfully navigating audits and maintaining healthy controls.
• Strong foundational knowledge of cloud security (AWS, GCP, or similar), endpoint protection, and identity/access management principles.
• Experience with various security tooling, including EDR, SIEM, vulnerability scanners, DLP, and email security platforms.
• A solid understanding of incident response processes and the ability to maintain composure under pressure.
• Familiarity with SaaS environments, remote-first operations, and their associated security challenges.
• Strong written communication skills, capable of crafting clear policies, concise incident reports, and engaging internal communications.
• A self-starter mentality, comfortable working autonomously and effectively prioritizing competing demands.
• Experience evaluating AI/ML tools for data privacy and security risks is a significant advantage.
• Experience in vendor risk assessment and conducting third-party security reviews.
• Security certifications (e.g., CISSP, CISM, CompTIA Security+) are a plus but not mandatory.

Compensation & Benefits

We champion transparency. The starting salary for this role ranges from $151,000 to $170,000 USD (or equivalent in local currency), depending on experience and subject to market rate adjustments. We believe our people are our greatest asset, and we are committed to providing exceptional care. Our inclusive benefits package supports your well-being and growth, offering 100% coverage for medical, dental, vision, mental health, and supplemental insurance premiums for you and your family. We also provide 16 weeks of paid parental leave, unlimited PTO, stipends for remote work and wellness, a dedicated professional development budget, and more. For a comprehensive overview of our benefits, please refer to our full benefits page.

Our Process

Our hiring process is transparent and human-centered, designed to facilitate an informed decision for both parties. It typically includes:

• A 30-minute introductory call with a Recruiter.
• A 45-minute video call with the Hiring Manager.
• Three 30-minute video calls with Cross-Functional Partners (e.g., IT, Compliance, Platform Security).
• A 45-minute Case Study and Review Call with the Team.

All final candidates will be required to complete a background check and employment verifications as part of our pre-employment process. Customer.io acknowledges the profound impact of systemic injustice on diverse communities. We are committed to leveraging our influence to enhance inclusion and equity within the tech industry. We strive to cultivate an inclusive team culture, implement bias-free hiring practices, and develop community partnerships to expand our global impact. Please note that Zoom is our exclusive video conferencing platform for virtual interviews (conducted via video, not chat), and all offers will be extended in writing on official Customer.io letterhead. Please exercise vigilance in all job search activities and contact [email protected] with any questions.

Join Us!

Visit our careers page for more insights into why you should join our team! We believe in empathy, transparency, responsibility, and a touch of uniqueness. If what you have read resonates with you, apply now. You can also create a job alert to receive future opportunities from Customer.io directly to your email.