• Analyze current security systems and practices against NIST CSF requirements. • Develop gap analysis documentation • Prioritize updates to security policies and procedures to align with NIST CSF. • Assist with the implementation of security controls using Mosyle, Microsoft Intune, AWS and GCP based on framework requirements. • Assist in developing monitoring and alerting in Datadog • Develop automation for implemented security controls. • Create compliance tracking documentation. • Prepare executive summary reports on improvements and future roadmap.

Role Description As Bloomreach pioneers the future of AI-driven e-commerce, driving safe, efficient, and rapid AI adoption across our entire global enterprise is paramount. We are seeking a Director, AI Enablement & Security to join our Global Information Security and Technology (GIST) leadership team. This is a high-visibility leadership role demanding a rare blend of strategic business acumen and deep engineering leadership. Your primary mandate is to maximize Bloomreach's organizational velocity through AI adoption, while ensuring the necessary security controls, financial oversight, and compliance guardrails remain firmly in place. You will directly manage and scale high-performing teams of AI, IT, and Security engineers who build the core infrastructure, making enterprise AI adoption possible. Serving as the central operational bridge across all departments - from Go-To-Market (GTM) and Product/R&D to HR, Finance, and Legal - you will work hand-in-hand with our GRC team, Legal, and the Data Protection Officer (DPO) to deliver frictionless, secure technical enablement. Key Responsibilities - Cross-Departmental AI Strategy & Enablement - Partner with leadership across all business units (Marketing, Sales, Customer Success, HR, Product) to identify, prioritize, and safely accelerate AI use cases that drive productivity and operational velocity. - Chair or co-lead a cross-functional AI Governance Committee to align product, corporate, legal, and financial stakeholders on global AI initiatives. - Design and champion a company-wide AI readiness and safety education strategy to raise the technical and risk-awareness baseline across Bloomreach. - Leadership & People Management - Lead, mentor, and resource teams across three distinct technical domains: Information Security, IT, and AI enablement. - Translate broad, cross-departmental business needs into concrete technical roadmaps for your teams, ensuring corporate infrastructure and production safety scale alongside company growth. - AI Governance, Risk & FinOps - Partner closely with the GRC team, Legal, and the DPO to integrate AI-specific vulnerabilities and compliance requirements (e.g., EU AI Act, NIST AI RMF) into the overarching Enterprise Risk Management framework without stalling business velocity. - Architect and own the enterprise AI FinOps framework alongside Finance. Direct your teams to build the technical tracking required to monitor, forecast, and optimize enterprise-wide AI spend, vendor costs, and LLM API consumption across all departments. - Oversee the technical evaluation and continuous risk profiling for all third-party AI platforms and integrated business tools used across the company. - AI Security & Infrastructure - Establish the technical security standards and risk-appetite frameworks for both internal corporate AI usage and production-grade AI features (e.g., Loomi AI). - Guide IT and Security engineers in deploying automated technical controls to prevent corporate data leakage and mitigate risks. Qualifications - 10+ years of experience in Information Security, IT, or Infrastructure Engineering, with 5+ years of experience managing and scaling multiple teams (IT, Security, and/or AI/Software Engineering). - A proven track record of driving rapid technology adoption and change management across diverse business units while successfully maintaining rigorous corporate guardrails. - Exceptional ability to build relationships and work seamlessly across all enterprise departments - from Go-To-Market and Product/R&D to Finance, GRC, Legal, and the DPO. - Deep conceptual and architectural understanding of modern AI systems (LLMs, MLOps, RAG, vector databases) and enterprise IT/Security infrastructure. - Elite communication skills - the ability to translate highly technical engineering concepts into business-impact narratives and clear, data-driven presentations for C-suite executives. Preferred Qualifications - Experience leading security or engineering initiatives in a global SaaS, B2B, or e-commerce personalization company. - Advanced credentials such as IAPP Certified Artificial Intelligence Governance Professional (AIGP), CISM, or similar executive-level certifications. Benefits - Health care including medical, dental, and vision insurance. - 401k Plan with employer contribution. - Restricted Stock Units or Stock Options depending on role, seniority, and location. - Participation in the company's success through the company performance bonus. - Employee referral bonus of up to $3,000 paid out immediately after the new hire starts. - Extended parental leave up to 26 calendar weeks for Primary Caregivers. - 5 paid days off to volunteer. - Access to the Employee Assistance Program with counselors for non-work-related challenges. - Subscription to Calm - sleep and meditation app. - ‘DisConnect’ days where Bloomreachers globally enjoy one additional day off each quarter. - Professional education budget of $1,500 annually for education products (books, courses, certifications, etc.).

Software Engineer, Security Location San Francisco, California Employment Type Full time Location Type Hybrid Department Engineering Overview Who We Are Notion is the collaborative AI workspace where teams and agents think together. We're building one place where your knowledge, projects, meetings, and AI tools live side by side, so work is faster, clearer, and less fragmented. Millions of individuals, small teams, and large companies run their work on Notion. Notinos (our employees) are customer zero in bringing this future of work to life. We care about craft, building things that last, and the belief that great work is still fundamentally human. Our goal isn’t to ship the next feature. Each and every team of Notinos is working to set the standard for how humans work together in the AI era. From building a business’s system of record to making and managing AI agents to automating away the busy work, we care deeply about giving our customers more time for their life’s work. About Us: Notion helps you build beautiful tools for your life’s work. In today's world of endless apps and tabs, Notion provides one place for teams to get everything done, seamlessly connecting docs, notes, projects, calendar, and email—with AI built in to find answers and automate work. Millions of users, from individuals to large organizations like Toyota, Figma, and OpenAI, love Notion for its flexibility and choose it because it helps them save time and money. In-person collaboration is essential to Notion's culture. We require all team members to work from our offices on Mondays, Tuesdays, and Thursdays, our designated Anchor Days. Certain teams or positions may require additional in-office workdays. About the Role: We are hiring an experienced security engineer with 10+ years of experience to own cross-cutting programs at the intersection of product, infrastructure, and AI. You will be hands-on with core security primitives while coordinating across 5–10+ engineering teams to land multi-quarter changes safely—often in customer-facing, enterprise-critical surfaces (identity, authz, domain posture, and AI agent safety). In this role, you will be the primary owner for key authentication migrations, AI guardrail infrastructure, and authorization platform direction—work that directly unblocks enterprise security commitments, AI-agent launches, and the next milestone in our authz architecture. What You'll Achieve: - Modernize and migrate authentication across Notion’s product surfaces (SAML/OIDC, OAuth flows, session semantics, passkeys, CSP, redirect handling), landing multi-quarter changes with clear rollout plans and minimal customer disruption. - Build and operate Notion’s AI safety guardrail stack, including prompt-injection protections (vendor evaluation, deployment model decisions, integration with agents) and an external-source provenance system for AI-generated content across Mail, Calendar, and MCP. - Advance our authorization platform direction by driving crisp architectural trade-offs (e.g., SpiceDB vs. Macaroons) and shipping reusable primitives that product teams can adopt without bespoke security work. - By day 90: own one P0 security program end-to-end—RFC, rollout plan, partner alignment, execution, and measurable risk reduction—plus ship one piece of AI leverage (e.g., an internal security agent for triage/verification/continuous checks) that improves correctness and reduces time-to-resolution. - By end of year 1: raise the bar on security engineering craft by setting clearer standards for secure primitives (auth/authz, provenance, domain posture), improving adoption paths for partner teams, and reducing recurring classes of vulnerabilities through better systems—not heroics. Skills You'll Need to Bring: - Demonstrated ability to ship security-critical infrastructure in production systems (identity/authentication, authorization, platform primitives), including migrations that affect customers and require careful rollout and backwards compatibility. - Strong judgment navigating ambiguous trade-offs (security vs. product velocity, correctness vs. ergonomics, centralized platforms vs. local autonomy), with a track record of writing clear RFCs and aligning cross-functional stakeholders. - Experience building or operating AI/LLM security protections (e.g., prompt injection, tool/data provenance, policy enforcement) or a clear ability to ramp quickly and lead in an emerging domain. - High agency and systems mindset: you proactively find the real constraint, unblock partner teams, and build primitives that compound across the org (not one-off fixes). - Comfort mentoring and multiplying others—through intern/project ownership, enablement sessions, and pragmatic security guidance that engineers actually adopt. We hire talented and passionate people from a variety of backgrounds because we want our global employee base to represent the wide diversity of our customers. If you’re excited about a role but your past experience doesn’t align perfectly with every bullet point listed in the job description, we still encourage you to apply. If you’re a builder at heart, share our company values, and enthusiastic about making software toolmaking ubiquitous, we want to hear from you. Notion is proud to be an equal opportunity employer. We do not discriminate in hiring or any employment decision based on race, color, religion, national origin, age, sex (including pregnancy, childbirth, or related medical conditions), marital status, ancestry, physical or mental disability, genetic information, veteran status, gender identity or expression, sexual orientation, or other applicable legally protected characteristic. Notion considers qualified applicants with criminal histories, consistent with applicable federal, state and local law. Notion is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, please let your recruiter know. Notion is committed to providing highly competitive cash compensation, equity, and benefits. The compensation offered for this role will be based on multiple factors such as location, the role’s scope and complexity, and the candidate’s experience and expertise, and may vary from the range provided below. For roles based in San Francisco, the estimated base salary range for this role is $290,000 - $350,000 per year. By clicking “Submit Application”, I understand and agree that Notion and its affiliates and subsidiaries will collect and process my information in accordance with Notion’s Global Recruiting Privacy Policy. A Note on AI You don’t need deep AI expertise for every role, but we do expect every Notino to be intellectually curious, drawn to tinkering and discovery, and excited to use AI as a real collaborator in their work. For some roles, AI fluency is a core requirement — when that’s the case, we'll say so explicitly in the qualifications. People who thrive here don’t treat AI as a novelty. They use it to think better, and make their work easier for others to build on. Equal Opportunity & Accommodations We hire talented people from a wide range of backgrounds. If you’re excited about this role but don’t meet every bullet, we still encourage you to apply. Notion is an equal opportunity employer and does not discriminate on the basis of any legally protected characteristic. Consistent with applicable law, we will consider for employment qualified applicants with arrest and conviction records. Notion provides reasonable accommodations during the application process; if you need one, please let your recruiter know. Notion is proud to be an equal opportunity employer. We do not discriminate in hiring or any employment decision based on race, color, religion, national origin, age, sex (including pregnancy, childbirth, or related medical conditions), marital status, ancestry, physical or mental disability, genetic information, veteran status, gender identity or expression, sexual orientation, or other applicable legally protected characteristic. Notion considers qualified applicants with criminal histories, consistent with applicable federal, state and local law. Notion is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, please let your recruiter know.

• As part of our consulting team, you advise companies on effectively implementing their IT security strategy using Microsoft technologies — not just on paper, but in practice. • You are involved from the initial requirements analysis through to live operations. • You are more than a consultant: you become part of the projects you support and deliver real, measurable value. • You analyze business and technical requirements and work with our clients to develop their IT security strategy — from design to implementation. • You take projects from A to Z: requirements gathering, implementation, documentation. • You work independently and have real scope to shape solutions. • You lead workshops for requirements analysis and provide architecture and strategy consulting — acting as the primary contact for clients and sales. • You further develop managed services and workshop formats — internally and externally — and actively share your knowledge, optionally including public speaking. • You track trends in the security landscape and contribute new ideas for the strategic development of our consulting practice.