Director of Information Security

We're growing fast and scaling globally, and we’re looking for a hands-on Director of Information Security to lead the initiatives on security, privacy, and compliance. 

This role is perfect for someone who thrives in a high-impact environment — you'll be rolling up your sleeves to build and run security controls, steer our compliance roadmap (think SOC 2, ISO27001, GDPR, HIPAA), and jump in with sales and legal to tackle tough questions around risk and liability. It’s a mix of strategy and deep tech execution, right at the heart of how we ship and scale safely.

What will you work on

Security Strategy & Leadership: 

• You’ll own and drive our security strategy aligned with Stream's business objectives and product roadmap. 

• Advise executive leadership on security risks, investments, ensuring informed decision-making. 

• Champion a security-first mindset across the team by educating, empowering, and collaborating at every level.

Compliance, Risk & Governance:

• Oversee Stream's Information Security Management System (ISMS), maintaining certifications such as ISO 27001, SOC 2 Type II, and Data Privacy Framework (DPF).

• Ensure compliance with global privacy regulations, including GDPR, HIPAA, and the upcoming AI Act.

Engineering & Architecture Collaboration:

• Partner with Engineering, DevOps, and Product teams to embed security into system design and cloud architecture (primarily AWS).

• Provide guidance on threat modeling, vulnerability management, and secure software development lifecycle (SSDLC) processes.

• You’ll lead incident response planning and execution, ensuring swift and effective handling of security events.

Customer Trust & Commercial Support:

• Be our go-to expert when customers have security questions or audit requests. 

• Work closely with Legal and Sales, you’ll help shape contracts, handle security reviews, and build trust with prospects.

• You’ll also make sure we’re meeting all our contractual security and privacy obligations.

Vendor & Third-Party Oversight:

• You’ll keep an eye on the ecosystem around us—owning the process for vetting and monitoring third-party tools and partners. From onboarding to regular assessments, you’ll make sure everyone we rely on meets the bar for security.

About You

• 10+ years in information security, with 5+ years in a leadership role within B2B SaaS or API-centric companies.

• Proven experience building and scaling security programs in fast-paced, high-growth environments.

• Deep understanding of security frameworks (ISO 27001, SOC 2, NIST) and privacy laws (GDPR, HIPAA).

• Familiarity with cloud-native environments, especially AWS, and modern DevOps practices.

• Excellent communication skills, capable of translating complex security concepts for diverse audiences.

• Track record of successful audit preparations, governance, risk management, and compliance operations.

Bonus points

• Startup experience

• Experience with compliance automation platforms like Drata, Sprinto, or Vanta.

• Background in developer-focused or API companies.

• Knowledge of product privacy design and integration into development lifecycles.

• Experience leading incident response in real-world scenarios.

What makes this role exciting?

• You'll guard the data of 1.5 billion users.

• This role spaces across strategic, technical, architectural, product, governance and compliance aspects, with the service being offered in multiple locations worldwide.

Why join Stream?

• History of success. From Amsterdam to Boulder and Techstars in-between, Stream has raised over $58.25M to build the best Chat Messaging & Activity Feed infrastructure available, with best-in-class support.

• Freedom and endless growth opportunities. As a rapidly growing startup (since 2020 we have gone from 30 to 150 employees), Stream gives you unique personal and professional growth opportunities. The opportunity of true ownership and accountability has a massive impact on your career. These are the things you can rarely experience in huge corporations.

• Be on the front line of progress and innovation. While working with cutting-edge technology, we are passionate about tackling difficult tech problems at scale and creating reusable components for them, empowering engineering teams to ship apps faster, more securely, and with a better user experience.

• They believe in us: Stream is backed by leading VC companies (Felicis Ventures, GGV Capital, 01.Advisors, Techstars, Arthur Ventures), including backers like Dick Costolo (01 Advisors, ex-CEO of Twitter), Olivier Pomel (CEO of Datadog), Tom Preston-Werner (Co-Founder of GitHub), Nicolas Dessaigne (Co-Founder of Algolia), Johnny Boufarhat (Founder and CEO of Hopin).

What we have to offer you

Stream employees enjoy some of the best job benefits in the industry:

• A team of exceptional engineers

• The chance to work on OSS projects

• 28 days paid time off plus paid Dutch holidays

• Company equity

• A pension scheme

• Hybrid work flexibility (3 days in-office)

• A Learning and Development budget

• Commute coverage: NS business card or a company bike

• Fitness stipend

• Bi-weekly in-office chair massages by a professional

• MacBook Pro and peripherals provided

• Healthy catered team lunches and plenty of snacks

• A generous relocation package, visa sponsorship and 30% ruling support

• An office in the heart of Amsterdam

• The opportunity to attend or present at global conferences and meetups

• The possibility to visit our office in Boulder, CO

Note: this list of job benefits applies to Netherlands-based employees and is adjusted per your location of residence.

Our culture

Stream has a casual social culture, our team is diverse and we all have different backgrounds. Now, Stream is a team of over 130+ peers from over 35 countries across the globe.

We value transparency, aim for excellence, and support each other on our way to new victories.

Our team consists of the strongest talents worldwide, making Stream a great place to learn and improve your skills.

When it comes to software engineering jobs, our culture is oriented towards ownership and quality: our goal is to deliver stable software.

If you are interested in becoming a part of what we do, apply for this vacancy now!

Hybrid office policy: applicants based (or relocating to) one of our office locations are expected to work according to the applicable local office attendance policy.

Equal opportunity employer statement: Stream provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Note for external recruiters: We currently have this role covered and do not accept unsolicited agency resumes. We are not responsible for any fees related to unsolicited resumes.