Information Security Officer

Ona Systems, Inc.

Job Overview

Location

UK or Germany

Job Type

Full-time

Full Job Description

📋 Description

• As an Information Security Officer at Ona Systems, Inc., you will be instrumental in shaping and safeguarding our company's security and compliance landscape. Reporting directly to the Head of Finance & Operations, you will take ownership of our entire security and compliance program. This pivotal role involves building the foundational architecture, implementing robust automations, and establishing the trust infrastructure necessary to facilitate complex partnerships with some of the world's largest and most discerning enterprises.
• You will be a key player in future-proofing Ona's SOC 2 compliance posture, specifically adapting it for the evolving AI era. This includes establishing continuous control monitoring, ensuring audit readiness, architecting our policy framework, and proactively evolving the program as our product offerings and threat models change. Your work will ensure Ona maintains the highest standards of security and operational integrity.
• A significant aspect of your role will be to elevate Ona’s Trust Center, transforming it into a primarily self-serve resource. The goal is to empower our customers by providing them with on-demand answers, thereby accelerating prospect conversion rates and freeing up valuable team cycles that would otherwise be spent addressing frequently asked questions already covered by documentation.
• You will steward GDPR and CCPA compliance across the entire data lifecycle. This involves staying ahead of the dynamic compliance landscape, ensuring Ona's privacy posture not only meets but anticipates regulatory requirements, positioning us as a leader in data protection.
• Driving Identity and Access Management (IAM) towards a zero-touch model is a critical responsibility. You will be expected to manage every incident from initial infrastructure alert through to engineering diagnosis, ensuring swift and effective resolution.
• Furthermore, you will forge a queryable layer across Ona's complete compliance posture. This will enable every internal team to access compliance information without needing to route requests through you, fostering greater autonomy and efficiency across the organization.
• Within your first 30 days, you will have assumed ownership of the SOC 2 program, publishing your strategic plan of attack. This includes detailed control design documentation and sample selection materials, all on track for timely completion. You will also deliver a written assessment detailing how Ona's upcoming product and infrastructure changes will impact the SOC 2 control environment, specifically identifying controls and flagging associated risks.
• You will produce an independent written compliance opinion on a live technical artifact without external support, demonstrating your technical acumen and judgment. Additionally, you will transform external-facing security documentation into a resource that proactively addresses prospect questions before they are even asked. A key deliverable will be the automation of at least one high-leverage compliance process, or the delivery of a sequenced build plan for it, with IAM being a primary candidate for this initiative.
• This role requires a proactive and strategic mindset, treating compliance not as a burden but as a revenue asset. You will leverage your experience to anticipate the needs of highly regulated prospects, ensuring our security posture accelerates rather than hinders complex enterprise deals. Your documentation will be both simple and comprehensive, and you will excel at automating processes to enhance efficiency for everyone.
• You will embrace AI and automation as default tools, viewing manual work as the exception. This includes configuring workflows, writing policies as machine-readable data, and using AI as a thought partner. Your success will be measured by the systems you build and enable, rather than just your calendar. You will be passionate about empowering the wider team to adopt these advanced practices, recognizing automation as the future of work and building compliance frameworks around this vision.
• Technical fluency is paramount. Your background, ideally as a senior software engineer, will allow you to read technical artifacts, form independent judgments, and maintain a strong mental model to understand architectural and product changes and their implications for the threat model without needing constant translation. Your curiosity and ability to find answers will bridge the gap between a security officer and a security engineer.

🎯 Requirements

• Proven experience owning and managing a SOC 2 Type II program end-to-end, including controls, evidence collection, auditor management, and roadmap development.
• Hands-on experience with AWS security, including incident triage and escalation procedures.
• Demonstrated ability to manage identity and access management (IAM) at organizational scale with a strong bias towards automation.
• Experience working with compliance automation tooling such as Vanta, Drata, or equivalent platforms.
• Technical fluency, with the ability to read and understand technical artifacts and form independent judgments, ideally from a software engineering background.

🏖️ Benefits

• Flexible paid time off including holidays that are most meaningful to you.
• Employee-friendly equity terms with extended exercise periods.
• Comprehensive health insurance (country-specific).
• Retirement savings plans (country-specific).
• Wellness allowance to support your well-being.
• Premium work-from-home equipment to ensure a productive environment.
• Regular company off-sites for team building and strategic planning.

Skills & Technologies

AWS

Git

Remote

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

Ona Systems, Inc.

Visit Website

About Ona Systems, Inc.

Ona builds open-source data platforms that enable global development and public health organizations to collect, manage, and analyze field information in real-time. The company’s core product, Ona Data, provides mobile data capture, automated quality checks, and dashboards that support monitoring and evaluation of large-scale programs. Ona also offers geospatial mapping tools, FHIR-compliant health information systems, and managed cloud infrastructure, serving partners such as WHO, UNICEF, and national governments to improve outcomes in agriculture, nutrition, and disease surveillance.

View Company Profile