Information Security Officer

Who We're Looking For - Information Security Officer

As the Information Security Officer (ISO) at Clearlink, you will be responsible for establishing, maintaining, and continuously improving our organization's information security program. You will ensure that our systems, networks, and data are protected from internal and external threats by designing and implementing security strategies and protocols. The ISO will work closely with leadership and cross-functional teams to align security initiatives with business goals while ensuring compliance with industry regulations and best practices.

The Impact You Will Make

• Lead the company’s compliance efforts for SOC 2, ISO 27001, and PCI frameworks
• Apply deep knowledge of security compliance standards to guide implementation and governance
• Work cross-functionally to ensure appropriate security controls are in place and properly documented
• Manage brand security requirements to support onboarding of new partners and maintain existing partnerships
• Respond to security-related due diligence requests, contractual obligations, and regulatory expectations
• Gather and organize technical evidence needed for compliance and audits
• Oversee documentation of policies, processes, and controls
• Lead audit readiness activities and ensure timely execution across departments
• Develop and Implement Security Strategies
  Lead the development and implementation of a company-wide information security strategy, aligning it with business objectives.
• Identify, evaluate, and manage security risks across the organization, and implement measures to mitigate potential threats.
• Ensure compliance with relevant legal, regulatory, and contractual requirements (e.g., GDPR, ISO 27001, SOC 2, HIPAA). Develop and maintain security policies, standards, and procedures.
• Design and deliver security awareness programs to educate employees on security risks, policies, and practices.
• Develop and manage the company’s incident response plan, including detection, containment, mitigation, and post-incident analysis. Lead the investigation of security breaches.
• Conduct regular security audits, vulnerability assessments, and penetration tests. Work with external auditors to ensure that the company's security program meets required standards.
• Collaborate with DevOps, IT, and software development teams to integrate security into the development lifecycle (DevSecOps). Ensure security best practices are embedded in infrastructure and application design.
• Evaluate, deploy, and manage security technologies such as firewalls, intrusion detection/prevention systems (IDS/IPS), encryption solutions, and endpoint protection systems.
• Assess and monitor third-party vendors for security risks and ensure that data security requirements are incorporated into contracts and service level agreements (SLAs).
• Develop and manage the information security budget, allocating resources efficiently to achieve security objectives.

What You Bring 

•  5+ years of experience in information security, compliance, or risk management roles
• Proven experience leading organizations through SOC 2, ISO 27001, and PCI compliance efforts
• Strong working knowledge of information security frameworks (SOC 2, ISO 27001, PCI-DSS, NIST, etc.) and control implementation
• Hands-on experience with security audits, evidence collection, and documentation management
• Familiarity with security tools, cloud environments (e.g., AWS, Azure), and technical controls (e.g., access management, logging, encryption)
• Extensive experience gathering and managing technical evidence for audits, including working with logs, configurations, and policy documentation, as well as leveraging audit management software and automation tools to streamline evidence collection and compliance tracking
• Demonstrated ability to collaborate cross-functionally with engineering, 
• Experience managing external client/partner security requirements, including due diligence processes, security reviews, and contractual obligations
• Excellent written and verbal communication skills, with the ability to clearly explain security concepts to non-technical stakeholders
• Strong organizational and project management skills; able to manage multiple initiatives simultaneously
• Must be proactive, with the initiative and drive to lead security and compliance efforts from the ground up, including identifying needs, setting direction, and executing with minimal oversight
• Relevant certifications preferred: CISSP, CISM, CISA, ISO 27001 Lead Implementer/Auditor, or similar

Perks That Set Us Apart

• 🩺Healthcare: We offer low-cost, competitive health coverage (domestic partners included!) with employer-paid counseling services.
• 💰Invest in the Future: Enjoy 401(k) matching after just two months of employment, with employer matching starting at ~3%.
• 🧘‍♀️Lifestyle Spending Stipends: Access an employer-paid spending account for physical, financial, and emotional wellbeing expenses.
• 🏝️Flexible Time Off: We offer competitive time-off balances that accrue weekly, just like your paycheck. (Yes, we’re paid weekly too!)
• 👶🏻Parental Leave: We provide 2 weeks of paid parental leave during the first year and up to 6 weeks after one year of employment.
• ✈️Generous Paid Holidays: Celebrate cultural diversity with additional flex holidays in addition to our company paid holidays.
• 🏠Hybrid Work Options: Embrace the flexibility and collaboration of hybrid working. This position will be expected to work in the office 4 days and remotely 1 day a week.
• 🌎World Class Facility: With onsite restaurants, a 7,000 sqft gym, pickleball & basketball courts, spin class/pilates room, bikes, massages, and so much more.
• 🛟Comprehensive Life Insurance: Ensure peace of mind with coverage that extends beyond the workplace with employer paid life insurance (including coverage for dependents and spouses).

🤝Employee Resource Groups (ERGs): Join us in fostering connections, celebrating diversity, and providing a supportive community for all.

At Clearlink, we go beyond the basics, ensuring your experience with us is not just professionally fulfilling but personally enriching too.

Interviewing at Clearlink

We know interviews can be stressful. Here are some stages you can expect from a typical interview with Clearlink. 

• Once your application is submitted, we will review it and be in touch
• 30-min phone call with the Recruiting Team
• 30-min - 1 hour interview with the Hiring Manager
• 30-min - 1 hour interview with a Clearlink Panel

Some interview processes can vary, depending on the role. Your recruiter will give you a role-specific interview process during your first phone call.

#LI-REMOTE

Why Work For Us

Since 2001, Clearlink has been dedicated to fostering growth and embracing opportunities. Our mission is to strengthen our workforce to build brands that guide users and customers toward decisions that enhance their lives. We encourage our employees to “Act as an Owner” – to voice their thoughts, share innovative ideas, and authentically bring their whole selves to work. Join us in our forward-thinking and inclusive community, where your expertise, background, and unique perspective are always valued.

Clearlink Partners & Awards: 

• Partnered with The Period Project for easy access to menstrual hygiene products.
• Awarded the 2022 Shatter List for breaking glass ceilings in technology.
• Received the 2023 Women’s Leadership Institute Award, pledging to elevate women’s leadership.

Clearlink Values (CLEAR):

• Create Community
• Learn & Grow
• Embrace Opportunity
• Act Like An Owner 
• Respect Every Person

Committed to accessibility, we encourage you to share any accommodation needs during the application or employment process. Your unique strengths matter, and we are dedicated to providing the necessary support for your success at Clearlink.