IT & Infrastructure Sr. Security Officer

About Simplifa

We are on a mission to advance financial literacy, transparency, and security for businesses and financial institutions through innovative artificial intelligence, driving sustainable economic growth, informed decision-making, and compliance.

What You'll Do

• Conduct and manage end-to-end IT security operations, including device/endpoint security and identity & access management.
• Perform regular endpoint compliance checks and hardening (disk encryption, OS patching, screen lock, AV/EDR) and enforce remediation.
• Implement and review access controls across GCP IAM, GitHub, databases, and internal tools.
• Own and implement cloud infrastructure security assurance by verifying security baselines (MFA, logging, backups, network exposure) and tracking gaps to closure.
• Maintain audit-ready security evidence for ISO 27001 and enterprise customer requests.
• Lead and coordinate vendor-led penetration tests, including scoping, execution oversight, and remediation tracking.
• Provide high-level oversight of web application security in collaboration with software engineers.
• Manage technical system access during employee onboarding, role changes, and offboarding.
• Make and conduct security design decisions with cost, performance, and operational impact in mind, and influence related teams to adopt it.
• Act as the single security contact for auditors, partners, and banks, escalating risks to the CTO when required.

The Must Have

• Hands-on experience in IT security operations, hardening, endpoint security, or cloud infrastructure security.
• Practical knowledge and implementation of cloud security fundamentals and infrastructure (Google Cloud Platform and Google Workspace preferred). Including but not limited to: IAM, network, firewall, logging, monitoring, container, OS, etc.
• Strong understanding of network security fundamentals (TCP/IP, DNS, routing, firewalls, segmentation).
• Experience managing identity and access controls (IAM, GitHub, Databases, third parties system).
• Ability to organize, maintain, and explain audit-ready security evidence documentation.
• Experience leading, coordinating, or supporting vendor-led penetration tests.
• Comfortable working independently as the sole security owner, with strong follow-through with related parties.
• Clear communication skills for technical and non-technical stakeholders.
• Experience supporting security audits or compliance (ISO 27001 preferred).