← Back to list
Job

Security & Trust Lead (USA Only - 100% Remote)

Security Engineer • Remote • Full-time • 📍 USA - Remote
AWS
About Us Since 2013, we’ve been building a CRM that gets out of your way and helps your team sell more, faster. Now we’re building AI into every part of it, so Close does the busywork and your team does the selling. No manual data entry, no 10-click workflows. Just communication-first, AI-powered sales software designed to help you succeed and scale. We're bootstrapped and profitable, which means we answer to our customers and play by our own rules. We're proud of our 120-person, 100% remote team, focused on building Close so that no small, scaling business fails because it can't figure out sales. About the Role We have 11k+ customers, which means we have a lot of data in our care. Earning and keeping their trust — rigorous security and privacy practices, plus the compliance and audit work that verifies it to customers — has so far been spread across engineering leadership, our founders, and our ops team. It's high time this had a real owner. You'll be the first person at Close whose full-time job is protecting our customers' data and our company: GRC (security governance, risk, and compliance), internal security (identity, devices, access, vendors), incidents, and the customer-facing resources that prove we do this well. Your mandate is to build this like an engineer — automate the evidence, codify the processes, use AI aggressively. We recommend giving grc.engineering a read; this is the mentality we're hiring for. You are A hands-on operator, with 5+ years of building Security & Trust programs. You've personally run security and compliance programs, ideally at a 50–300 person company. You’ve been the one configuring SSO, running access reviews, answering the SOC 2 auditor's questions. Technical enough to know how our systems work. You can reason about SSO/IAM configuration details, trace how customer data flows through third-party tools, and dig through logs (e.g., in Loki) to run down an incident yourself. Automation and efficiency minded. You'll happily grind through manual work when it's needed - screenshotting evidence, searching logs - but you refuse to still be doing it by hand a year later, so you automate it away with scripts, APIs, and AI. AI-positive. You see AI as something to help us adopt faster, not just a risk to manage. Your instinct is to find the safe path to yes and you can tell the difference between exposure and vibes. You will Run our GRC program — then automate it. Vanta day to day (controls, policies, alerts, evidence, vendor reviews), leading our SOC 2 Type 2 audits, annual risk assessments, and evaluating additional frameworks (ISO 27001, HIPAA). Wherever a recurring check, evidence pull, or list (like our GDPR subprocessors) can come from code or an API instead of by hand, make it so. Own how customer data moves through our stack. Audit what flows to third-party tools (and stop what shouldn't), and build a real process for deletion requests across our analytics stack. Be the security gate for new tools and vendors. Confirm SOC 2 status, get the DPA signed, add them in Vanta, update the subprocessor list — with a process that lets the team adopt new tools (AI especially) quickly and safely. Procurement and spend stay with finance/ops; the security and privacy review is yours. Make Close best-in-class at communicating trustworthiness. Own trust.close.com and our security/privacy/GDPR pages, and turn them into the place where customers' security questions can answer themselves. Coordinate product security audits. Run pen tests and audits of our product jointly with Engineering — vendor selection, scoping, and the artifacts we need for customers and partners (e.g., Google OAuth restricted scopes). Engineering fixes what's found; you make sure the audits happen and produce what we need. Investigate and clean up security incidents. When something looks off, you're the one who digs in to run it down and contain it — work that currently falls to Engineering by default. Own our identity and device security. SSO/IAM strategy and configuration, MDM across the fleet, the security side of onboarding/offboarding, and regular access reviews so no one keeps a key they shouldn't. You make the call on where we require SSO and what we'll pay for it. Run our employee security program. Training people actually remember, phishing simulations to keep us honest, and ongoing monitoring (e.g., 1Password Watchtower) with follow-through. What this role is not Product or application security engineering. You'll coordinate audits of our product and drive incident investigations, but you won't ship code to our product, own its architecture, or be responsible for implementing fixes — that belongs to our engineering org. Infrastructure. Our AWS and production infrastructure belong to our DevOps/SRE team. Where your work touches production, you drive the investigation; engineering implements what needs production access. Legal. Privacy policy, DPAs, and legal interpretation of GDPR/CCPA will sit with our legal function. You own the operational side and partner closely with them. Only IT support. You'll help with the occasional IT request — it comes with owning devices, identity, and tooling — but it's a small slice of the job, and you'll automate the routine parts. If helpdesk work is the whole of your background, this isn't the fit. Benefits Compensation: Competitive pay plus an organization-wide goal-based bonus Paid Time Off: ~5 weeks of PTO to start. Plus a 1-week all-company Winter Holiday Break and paid US holidays. You'll earn 2 extra days for every year you're with Close. 80% Work Option: Work with your manager to choose between a standard 5-day week or a 4-day week at 80% pay Parental Leave: Paid leave for primary and secondary caregivers Sabbatical: A 1-month paid sabbatical every 5 years with the team Healthcare (US residents): Two medical plans with Close covering 99% of your premium, plus Dental, Vision, HSA, FSA, and company-paid Long-Term Disability 401k (US residents): We match your contributions up to 6%, vested immediately Our Values Build a house you want to live in - Examine long-term thinking and action No BS - Practice transparency and honesty, especially when it’s hard Invest in each other - Build successful relationships with your coworkers and customers Discipline equals freedom - Keep your word to yourself and others Strive for greatness - Constantly challenge yourself and others Learn More Listen to our CEO and Founder, Steli Efti, tell the story of Close’s journey in the $0-30m Blueprint . Watch our culture video from our 2023 team retreat in Milan. Every year our entire team gathers in person to build connection, foster cross-functional collaboration, and have fun. In 2027, we're headed to Dusseldorf, Germany! Explore our product. Check out a demo ! Our Hiring Process We ask a few role-specific questions as part of our application process. These questions are designed to help us learn more about you from the start, so please answer each one thoughtfully. We see this as an opportunity to get to know you beyond your resume. We use AI tools daily at Close and expect candidates to do the same. In evaluating your application, we aim to get a sense for you - the way you think, how you communicate, the work you've done. Applications that read as fully AI-generated will not be considered. Regardless of fit, you can expect to hear back from our team with an update on the status of your candidacy. If you progress to the interview process, you'll receive a full outline of the role-specific steps in your first touchpoint with us. We do our best to make the hiring process clear and human.

Similar jobs