Who We Are:
Nacelle was built for technology-forward merchants drawn to the benefits of a headless architecture but dissatisfied with the costs and complexity associated with adoption. Leaders at FTD.com, Boll & Branch, and Thinx use Nacelle to eliminate the typical maintenance costs and infrastructure complexities related to going headless while accelerating their time-to-market. Unlike traditional commerce solutions, our product is built on event-driven and elastic core technology optimized for flexibility, performance, and customization.
Nacelle is an early stage, venture-backed, fully remote company. Recently closing our Series B round for $50m, our institutional investors include Tiger Global, Index Ventures, Inovia and more. We also have raised from notable industry angels including leaders from Shopify Plus, Attentive, and Klaviyo.
The Role & Team:
We are seeking a seasoned Director of IT Security & Compliance. As Nacelle’s first security team member, you will lead us in building out our data protection, risk management, and compliance testing best practices. In this role you will be hands-on in taking our organization through various compliance initiatives and risk assessments, including SOC 2 and ISO 27001. This person must be a self-starter and used to a fast-paced, energetic environment. They are comfortable dealing with ambiguity.
This role will report directly to the VP of Operations and work closely with technical groups to ensure all infrastructure needs are met and fully implemented as necessary.
- Develop KPIs and providing regular reporting on security and risk health
- Collaborate with engineering and operations teams to ensure system design and architecture meets standards for the latest information and privacy regulations
- Write policies, procedures, and controls
- Create and manage information security and privacy awareness training programs
- Coordinate tasks to complete third party assessments
- Manage annual audit processes
- Respond to security questionnaires from prospect customers and current customers
- Oversee internal IT including MDM, account provisioning, etc.
Skills & Qualifications:
- 5-7 years of IT experience in risk management, information security and information technology
- 3+ years as a people manager
- At least 1 year of experience overseeing compliance at a fast-growing SaaS company
- Significant knowledge of common information security management frameworks and past participation in both initial certification and renewal of one or more of the following: ISO/IEC 27001, SOC 2/SSAE 16, PCI DSS, GDPR, etc.
- Knowledge of cyber threats and vulnerabilities
- Proven track record in developing information security policies and procedures
- Proven track record and experience working with stakeholders to develop, monitor, prevent and/or detect deviations from security policies
- Ability to assess security areas, identify risks, and propose and implement initiatives to address them
Nice to Have:
- Remote work experience
- Venture-backed startup experience
Benefits & Perks:
- Robust health benefits packages
- Full support for remote work, including a stipend for getting your home work space setup
- Home internet plan paid for monthly
- Unlimited PTO
- Learning and development fund
- An extremely enthusiastic team that appreciates collaboration