Head of Information Security

### Who you are
- We're not looking for someone who manages security from a distance. We're looking for a practitioner who rolls up their sleeves, builds programs that work well, and earns trust across the engineering org by being someone people want to work with
- You've built and run security programs at a B2B SaaS or cloud company—not just inherited them
- You can walk an engineer through a threat model and walk a CFO through a risk summary—without losing either of them
- You are well versed in compliance frameworks (ISO 27001, SOC 2, HIPAA, GDPR)
- You've managed or mentored a global security team and taken genuine pride in developing the people around you
- You are organized and methodical with strong attention to detail and an ability to analyze and interpret information
- You thrive in ambiguity and build structure where none existed
- Your instinct when something goes wrong is to fix, document, and improve—not assign blame
- You treat security as a conversation with the business, not a monologue at it
- You've started using AI tools to work faster—and you're curious about what that means for the security programs you're building
- 10+ years of combined experience across security management, IT operations, compliance, or consulting
- 3+ years leading or managing a team including information security planning, scheduling, assignment, and monitoring of staff resources in an IT function
- Hands-on experience with audit frameworks: ISO 27001, SOC 2, and/or HIPAA/GDPR
- Background in global B2B technology, SaaS, or cloud-based businesses
- Proven track record managing security incidents end-to-end
- Strong understanding of security and compliance challenges unique to AI/LLMs
- Bachelor's degree in Information Security, Computer Science, MIS, or related field
- There is no such thing as a perfect candidate and the best employees come from a wide range of backgrounds, experiences, and skill sets. Sendbird is a place where everyone can learn and grow. We respect, promote, and encourage diversity for equal employment opportunities and encourage you to apply if this role excites you

### What the job involves
- This reports to the CFO
- You'll lead a high-functioning, mature, and global team located in the United States and South Korea, with end-to-end accountability for Security, IT, and Compliance, ensuring these functions work in harmony to support our global scale
- You'll inherit a world-class program that's already SOC 2, HIPAA, ISO 27001, and ISO 42001 compliant
- Your job is to take it further
- You'll own Sendbird's comprehensive information security programs, manage and evolve our compliance frameworks, partner with engineering, and continuously build a security culture that's embedded in how we work — not bolted on as an afterthought
- You'll champion defense-in-depth philosophy, ensuring a multi-layered approach to security that protects our customers, our data, and our reputation
- You'll also own global IT Operations — managing our IT infrastructure, networks, servers, and data, while supporting our expanding use of AI technology across internal systems and how we work
- As the primary executive responsible for safeguarding our AI-first innovation, you'll scale our global internal business systems and maintain our position as the most trusted platform for the world's most demanding enterprises
- You'll lead the team, own how we secure our infrastructure, respond to incidents, and hold our position against an increasingly complex threat landscape
- This is a hands-on builder role — not a talking-head role
- Own the program:
- Maintain and continuously improve Sendbird's information security program—policies, processes, and controls that hold up under scrutiny
- Drive continuous control monitoring to ensure we stay aligned with our chosen audit frameworks
- Translate complex compliance requirements (HIPAA, GDPR, CCPA) into practical, actionable programs
- Evaluate and adopt AI-powered security tooling to stay ahead of a threat landscape that's evolving faster than traditional defenses
- Partner with the business:
- Work directly with the CTO and engineering teams to embed security into the product development lifecycle, not just review it at the end
- Raise risk awareness across business stakeholders without crying wolf or creating friction
- Be the person other teams want to work with—because you solve problems, not just flag them
- Work with senior leaders to ensure our data privacy protocols are appropriate with our use of AI tools
- Lead the team:
- Manage and develop a global lean security team, making sure each hire reflects and advances the goals of the program
- Be a player-coach—this isn't a delegator role. You're in the work
- Respond and improve:
- Establish and maintain incident response protocols that are fast, clear, and practiced—not just documented
- Continuously strengthen the security posture of a platform that never sleeps
- Turn every incident into a lesson. Turn every lesson into a control
- Added Value:
- Security certifications: CISM, CISA, CISSP, or equivalent
- Experience at a global company operating across multiple time zones and regulatory environments
- We're a team of builders and thinkers that refuse to optimize for comfort. We're building the AI agent platform for customer experience—and we intend to own the category

### Benefits
- Be Your Best Self: A generous all-in-one wellness benefit. Use it on anything from workout equipment to hobby gear to gadgets to gaming consoles.
- AI Citizenship: As an AI-first company, we are sponsoring all members with real budget to adopt various AI software to 100x productivity and creativity.
- Generous PTO: In addition to paid holidays, accrued vacation and sick leave, employees get paid volunteer time off, and a good amount of family or paternal leave.
- Rest & Rejuvenate: Take a non PTO day off to enjoy your birthday or just to relax and refresh yourself.