Head of Security and Compliance

Global+

Full Time Executive-level / Director USD 158K - 294K * ^est.

Magic

Magic is an AI company that is working toward building safe AGI to accelerate humanity’s progress on the world’s most important problems.

View all jobs at Magic

Apply now Apply later

Posted 1 day ago

Head of Security and Compliance

Department: Engineering

Employment Type: Full Time

Location: Global+

Description

We are committed to maintaining the highest security standards to protect our data, assets, and personnel. We are seeking a highly skilled and experienced Head of Security and Compliance to develop, implement, and oversee comprehensive security strategies that align with our business goals.

Job Overview:

The Head of Security and Compliance is responsible for designing, implementing, and managing the company’s security plans, covering both physical and cybersecurity measures. This role encompasses cybersecurity, IT infrastructure, compliance, and physical security. They are responsible for setting strategic direction and implementation of a security and IT roadmap spanning both in-house development (software engineering) and operations (including remote or contractor work). This role involves overseeing security for a large number of employees across multiple departments and external team members.

Key Responsibilities

Develop and implement comprehensive security strategies, policies, and procedures for IT and physical security.
Oversee and manage all aspects of IT security, including network security, cybersecurity threats, and data protection.
Establish robust protocols for employees and contractors in a remote-work environment, ensuring compliance with data protection standards.
Assess security risks and implement mitigation strategies to protect company assets and personnel.
Ensure compliance with industry regulations, data protection laws, and company policies.
Lead the security incident response process, including investigation, reporting, resolution, business continuity and disaster recovery planning
Monitor and evaluate the effectiveness of security measures and update policies as needed.
Conduct regular security audits, penetration testing, tabletop exercises, and vulnerability assessments.
Collaborate with other departments to provide security awareness training for employees.
Develop and deliver security awareness programs that educate and empower employees at all levels.
Manage security budgets, resources, and vendor relationships to enhance security infrastructure.
Stay up to date with emerging security trends, threats, and technologies.

Skills, Knowledge and Expertise

Bachelor’s or Master’s degree in Cybersecurity, Information Technology, or a related field.
Minimum of 7-10 years of experience in IT security, risk management, or a related role.
Strong knowledge of security frameworks (ISO 27001, NIST, CIS, etc.) and compliance standards (GDPR, HIPAA, SOC 2, etc.).
Experience with network security, VPNs, firewalls, encryption, SIEM tools, and incident response.
Strong background in endpoint management, MDM (Mobile Device Management), and zero-trust network access
Proven leadership experience with the ability to manage cross-functional teams.
Excellent problem-solving, communication, and decision-making skills.
Relevant certifications such as CISSP, CISM, CISA, or CEH are preferred.