Director of Security & IT

📋 Description

• • NetBox Labs Inc. is seeking a visionary and hands-on Director of Security & IT to spearhead the evolution and scaling of security across our innovative product suite, robust platform, cutting-edge AI initiatives, and essential corporate environment. This pivotal leadership role, reporting directly to the Chief Technology Officer (CTO), is designed for an individual who thrives at the intersection of technical depth and strategic vision. You will be instrumental in shaping how we architect, build, and operate secure software, manage secure infrastructure, embrace artificial intelligence responsibly, and maintain a sophisticated internal IT and compliance framework.
• • This position transcends a traditional governance-focused CISO role. Instead, it is a deeply embedded leadership opportunity, working in close collaboration with our engineering teams to define and drive the long-term security trajectory of NetBox Labs. Your mandate will encompass DevSecOps, Product Security, AI Security & Risk Management, and the comprehensive oversight of Corporate IT and Governance, Risk, and Compliance (GRC).
• • **Security Architecture & Platform Strategy:** You will be responsible for defining, implementing, and continuously refining the security architecture that underpins our multi-tenant SaaS platform, our on-premise product offerings, and our distributed agent systems. This includes establishing foundational security design principles for critical areas such as multi-tenant isolation, robust Identity and Access Management (IAM), secure secrets management, and the definition of secure cloud boundaries. A key aspect of this role involves embedding security seamlessly into the daily workflows of our engineering teams through strong, collaborative partnerships with Engineering Directors and Principal Engineers. Furthermore, you will own the overarching governance, risk, and compliance strategy, driving our SOC 2 maturity and ensuring audit readiness.
• • **AI Security & Risk Ownership:** Recognizing the transformative potential and inherent risks of Artificial Intelligence, you will treat AI security as a paramount security domain. You will partner closely with our AI leadership to shape secure AI product strategies from the earliest stages of conception. This involves defining clear guardrails for internal AI usage, establishing data access boundaries, managing vendor risk associated with AI tools, implementing model retention policies, and mitigating prompt leakage risks. A critical focus will be anticipating the evolving impact of AI on privilege models, data routing mechanisms, and the overall attack surface. Your goal will be to ensure that AI adoption enhances our capabilities and leverage without introducing uncontrolled data exposure or security vulnerabilities.
• • **DevSecOps & Security Engineering Leadership:** You will define and champion the integration of security into our core engineering processes. This includes guiding the implementation of security within CI/CD pipelines, infrastructure-as-code practices, identity management systems, secrets management solutions, and software supply chain workflows, all in close partnership with our platform and product engineering teams. You will also guide the design and enhancement of our logging, detection, and response capabilities across both cloud and developer environments. Overseeing penetration testing programs and ensuring that findings lead to durable, impactful engineering improvements will be a key responsibility. As the team grows, you will build and nurture the DevSecOps capability, including the strategic hiring of dedicated engineers focused on security tooling and automation.
• • **Corporate IT & GRC Leadership:** You will directly manage and mentor the IT/InfoSec Manager, fostering the maturation of our corporate IT, governance, risk, and compliance functions. This includes ensuring that endpoint security, vendor access protocols, employee onboarding/offboarding processes, and all internal systems adhere to stringent security standards. A crucial element will be aligning IT operations and compliance processes with the security architecture established for our engineering-driven products.
• • **Cultural Contribution:** At NetBox Labs, we foster a culture of ownership, meticulous attention to detail, and community. We believe in solving problems collaboratively, prioritizing simplicity, and communicating with clarity to ensure team alignment. Your leadership will embody these values, contributing to an environment where innovation and security advance hand-in-hand.