Customer.io
Information Security Specialist
Customer.io
$151k - $170k
Worldwide (Remote)
Apply Now ->
Cybersecurity

Information Security Specialist

Overview

Customer.io powers automated communication that people actually want to receive. We help teams send smarter, more relevant messages using real-time behavioral data.

Job Description

As our first dedicated InfoSec hire, you'll be the go-to person for securing our organizational systems, data, and operations across a globally distributed, remote-first company.

Responsibilities

  • - Develop and maintain a practical framework for evaluating, approving, and securely deploying AI tools across the organization.
  • - Own our vulnerability management program β€” scanning, triaging, coordinating remediation, and tracking resolution across infrastructure, applications, and endpoints.
  • - Support and improve our compliance posture (SOC 2, ISO 27001), including evidence collection, control monitoring, and audit support.
  • - Lead security incident response β€” investigate alerts, coordinate containment, document root causes, and drive improvements.
  • - Manage and tune security tooling (EDR, SIEM/logging, DLP, email security, identity and access management controls).
  • - Conduct security reviews of third-party vendors, SaaS integrations, and AI services β€” evaluating data handling, model training policies, and privacy commitments.
  • - Develop and maintain security policies, standards, and runbooks that are practical and right-sized for our environment.
  • - Partner with Platform Security and Engineering on application security topics β€” advising on secure architecture, reviewing configurations, and supporting penetration testing efforts.
  • - Drive security awareness initiatives β€” phishing simulations, training programs, AI literacy education, and ongoing guidance for the team.
  • - Monitor and assess emerging threats (including AI-driven attack vectors), and translate them into actionable recommendations for leadership.

Required Skills

  • - 4+ years of experience in information security, cybersecurity, or a related technical discipline.
  • - A pragmatic, enabling mindset toward AI β€” you understand the risks but you're not reflexively restrictive.
  • - Hands-on experience with compliance frameworks (SOC 2, ISO 27001) β€” you've been through audits and know how to keep controls healthy.
  • - Strong knowledge of cloud security fundamentals (AWS, GCP, or similar), endpoint protection, and identity/access management.
  • - Experience with security tooling β€” EDR, SIEM, vulnerability scanners, DLP, and email security platforms.
  • - Solid understanding of incident response processes and the ability to stay calm under pressure.
  • - Familiarity with SaaS environments, remote-first operations, and the security challenges that come with them.
  • - Strong written communication skills β€” you can write a clear policy, a concise incident report, and a Slack message that people actually read.
  • - Self-starter mentality β€” you're comfortable working autonomously and prioritizing across competing demands.
  • - Experience evaluating AI/ML tools for data privacy and security risks is a strong plus.
  • - Experience in vendor risk assessment and third-party security reviews.
  • - Security certifications (CISSP, CISM, CompTIA Security+, or similar) are a plus but not required.

Benefits

  • - 100% coverage of medical, dental, vision, mental health, and supplemental insurance premiums for you and your family.
  • - 16 weeks paid parental leave.
  • - Unlimited PTO.
  • - Stipends for remote work and wellness.
  • - A professional development budget.
Apply Now ->

About the company

Customer.io

Fueled by first-party data, create personalized journeys across all channels with our customer engagement platform.


All Job Openings at Customer.io