Code and Theory is a digital-first creative agency that sits at the center of creativity and technology.
Associate Director, Security & Compliance
Location
United States
Posted
73 days ago
Salary
$140K - $175K / year
Seniority
Lead
Job Description
Associate Director, Security & Compliance
Code and Theory
Role Description We are seeking an Associate Director, Security & Compliance to lead security, privacy, and compliance for our SaaS products and the client projects we deliver as an agency. You will own this capability end to end, from new business through implementation, certification, and ongoing monitoring. This role is central to how we win and deliver projects, protect client and company data, and earn trust through clear, high quality security and privacy practices. You will be responsible for audit readiness, ensuring applicable privacy requirements are met, and establishing the standards, processes, and tooling needed to run an effective security and privacy program. The Machine is Stagwell’s AI orchestration platform powering creative and strategic work across the Stagwell network. It unites data, AI, and human insight to help marketers collaborate better, produce more effective work, and act faster. The Machine team operates at the intersection of product, engineering, design, and strategy, building tools that make agencies and brands smarter. Qualifications - 8+ years of progressive experience in information security, including leadership in SaaS and/or professional services environments - Strong understanding of modern application and cloud security fundamentals (identity and access, encryption and key management, logging and monitoring, vulnerability management) - Demonstrated ownership of SOC 2 Type II and ISO 27001 programs from readiness through steady state operations - Strong working knowledge of privacy requirements and practices, including HIPAA, GDPR, and CCPA/CPRA, and experience operationalizing privacy controls in product and client delivery contexts - Experience building security and privacy processes that work in real delivery environments - Clear communication skills, able to represent security and privacy with internal teams, auditors, and client stakeholders with differing levels of technical fluency - Comfort operating across a geographically dispersed organization and coordinating work across time zones Requirements - Lead our security program across SaaS products and client projects, setting strategy, priorities, and measurable outcomes - Lead SOC 2 Type II, ISO 27001, and ISO 42001 readiness and ongoing compliance, including control design, evidence processes, and auditor coordination. Own ISMS and AI governance documentation and oversight - Lead privacy governance and operational practices, ensuring compliance with applicable requirements including HIPAA, GDPR, and CCPA/CPRA, and addressing data handling, contractual privacy terms, and privacy by design expectations - Partner with delivery teams to embed security and privacy into how we build, with clear expectations, practical review gates, and patterns for common risks (identity, access, data handling, multi-tenancy, logging, and auditability) - Establish a repeatable client engagement security plan for client work (environment segregation, access provisioning and deprovisioning, client data handling, incident coordination, and delivery requirements) - Lead vendor security reviews, including due diligence for critical providers, remediation tracking, and ongoing monitoring - Support customer assurance efforts including security questionnaires, RFPs, client security reviews, and maintaining trust artifacts and standard responses - Maintain an incident response program (playbooks, escalation, exercises) and drive post incident improvements - Build a security and privacy culture through clear guidance, lightweight training, and day to day partnership with teams Benefits - The target range of base compensation for this role is $140,000 - $175,000. Actual compensation is influenced by a wide array of factors including but not limited to skill set, level of experience, and location.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Senior Software Engineer – Application Security
BackblazeBackblaze is the cloud storage innovator delivering a modern alternative to traditional cloud providers.
• Improve application security across software used to enable Backblaze B2 Cloud Storage and Computer Backup • Build security into how the product is used, how data is stored and how customers can use it • Leverage AI tools and software for building new and maintaining existing software security features • Perform security assessments and code reviews on internal and external customer-facing applications • Work closely with engineers to remediate security vulnerabilities using AI tools • Develop security automation and tooling to improve security • Support bug bounty program and vulnerability handling
Senior Product Security Engineer
MongoDBMongoDB, originally called 10gen, is a software development company. Since 2007, MongoDB has created an open-source, document-oriented database to help clients
Role Description Want to secure the future of data management and AI/ML? At MongoDB we are transforming industries and empowering developers to build amazing AI/ML-powered apps that people and enterprises use every day. We are the leading modern data platform and the first database provider to IPO in over 20 years. Overall, the worldwide data management software market is massive (IDC forecasts it to be $138 billion by 2026!). Join our team and be at the forefront of innovation and creativity. With a strong security engineering background, you’re looking for a role that gives you the freedom to increase MongoDB’s resonance with customers by strengthening our core database products. You’re passionate about solving hard security engineering problems while putting a strong emphasis on customer experience, leveraging your own significant experience. You enjoy collaborating with different teams to innovate and implement pragmatic solutions. Responsibilities - Take ownership, define strategy, and drive improvement for parts of our program such as fuzzing, threat modeling, secrets management, or container security. - Advocate for and lead complex security projects from inception through completion. - Drive architecture, patterns, and processes across Server Engineering that make security the easiest path. - Partner closely with engineering teams to design and implement security controls across our software and systems. - Research and POC new attacks against our systems. Plan and perform product security assessments including architecture review, threat modeling, code review, pen testing, and general security consulting to proactively build security controls. - Serve as a security subject matter expert for software security and architecture. - Educate the engineering org on security through CTFs, lunch-and-learns, and one-on-one mentorship. Qualifications - 7+ years of experience in application security, software security, or product security. - Proven experience in C++ programming, performing security assessments on low-level codebases, and implementing remediation strategies for memory-related security flaws such as buffer overflows and memory leaks. - Programming experience and ability to contribute code back to our environments. - A strong track record of partnering with software engineers: leading threat models, performing security design reviews, and developing an understanding of their product space to form pragmatic security recommendations and influence their prioritization. - Comfortable communicating complex technical issues in a simple manner that builds trust with a variety of audiences. - Demonstrated ownership of security initiatives, with the ability to deliver results autonomously or collaboratively. - Can work flexible hours occasionally to collaborate with US-based colleagues. Nice to Haves - Subject matter expertise in database security, or data security. - Knowledge of database engines, database internals, or applied cryptography. - Experience contributing or partnering with security researchers to identify vulnerabilities that eventually are published CVEs or administrative responsibilities of a CNA. Success in this role means - Seeing projects through from conception to completion in order to deliver new services or capabilities for the team. - Establishing yourself as a go-to person for discussing security topics. Company Description MongoDB is built for change, empowering our customers and our people to innovate at the speed of the market. We have redefined the database for the AI era, enabling innovators to create, transform, and disrupt industries with software. MongoDB’s unified database platform—the most widely available, globally distributed database on the market—helps organizations modernize legacy workloads, embrace innovation, and unleash AI. - Our cloud-native platform, MongoDB Atlas, is the only globally distributed, multi-cloud database and is available across AWS, Google Cloud, and Microsoft Azure. - With offices worldwide and nearly 60,000 customers—including 75% of the Fortune 100 and AI-native startups—relying on MongoDB for their most important applications, we’re powering the next era of software. - Our compass at MongoDB is our Leadership Commitment, guiding how and why we make decisions, show up for each other, and win. - To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. - From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys.
Junior Security Questionnaire, Compliance Analyst
OpsArmyScreen top international talent, onboard, run payroll, and manage performance.
• Review and complete customer security questionnaires (e.g., SIG, CAIQ, VSA, and custom formats) with high accuracy • Assist with security-related sections of RFPs and RFIs, ensuring responses are clear, consistent, and submitted on time • Partner with Sales, Legal, Engineering, Product, and Security to gather and confirm required information • Maintain a centralized, up-to-date repository of security documentation, FAQs, and standard responses • Learn and document security controls, processes, and certifications (e.g., SOC 2, ISO 27001) • Support follow-up security reviews by tracking questions, clarifications, and approvals • Help build templates, checklists, and lightweight processes to improve future response efficiency
• Design, implement, and maintain AWS-focused cloud security architecture aligned with HIPAA, NIST, and HITRUST. • Secure AWS environments using IAM, Organizations, CloudTrail, Config, GuardDuty, Security Hub, KMS, and network security controls. • Build, review, and maintain Infrastructure-as-Code using Terraform, ensuring security controls are versioned, auditable, and enforced by default. • Develop secure Terraform modules, guardrails, and policy-as-code to prevent misconfiguration and drift. • Partner with Development and CloudOps teams to implement DevSecOps practices, including CI/CD pipeline security and IaC scanning. • Establish and manage identity and access standards across AWS and Microsoft Entra. • Support SOC 2 Type II, HITRUST, HIPAA, and PCI audits with a focus on cloud control evidence. • Monitor cloud environments, triage security events, and respond to incidents in partnership with the MSP. • Maintain documentation related to cloud security architecture, IaC standards, and incident response. • Provide security mentorship and cloud security expertise across the organization.




