ForgeApply · Job listing
Head of Security & Compliance
Aerospike
Apply in about a minute — without sacrificing quality.
ForgeApply autofills this application and tailors your resume to this exact posting. You review everything before it's sent. Free trial, no card required.
About this role
Aerospike is the real-time database for mission-critical use cases and workloads, including machine learning, generative, and agentic AI. Aerospike powers millions of transactions per second with millisecond latency, at a fraction of the total cost of ownership compared to other databases.
Global leaders, including Adobe, Airtel, Barclays, Criteo, DBS Bank, Experian, Grab, HDFC Bank, PayPal, Sony Interactive Entertainment, The Trade Desk, and Wayfair, rely on Aerospike for customer 360, fraud detection, real-time bidding, profile stores, recommendation engines, and other use cases.
At Aerospike, we dream big and deliver even bigger. Our mission is to unleash the power of the world’s real-time data with a database built for infinite scale, speed, and sustainability .
To foster strong team alignment and productivity, Bay Area–based team members are expected to work from the office 3 times per week—typically Tuesday through Thursday.
If you're ready to shape the future of data, join us.
Aerospike runs mission-critical, real-time data infrastructure, which means security is core to what we deliver, not a layer on top of it. We're SOC 2 Type II certified today and are hiring a Head of Security & Compliance to mature and scale what's already in place: corporate security, product and application security, and the compliance program behind it. This person builds the internal program the business runs on, protects the company's systems and its customers' data, and stands as the technical authority both the board and our customers rely on. It's a ground-floor role with direct visibility to the executive team and board, and room to grow as the function and the company do.
Key Responsibilities
Corporate Security
• Own endpoint, identity, and network security across a ~300-person, largely remote and hybrid organization
• Manage core security tooling, including SIEM, EDR, and identity and access management, and the vendor relationships behind them
• Run employee security awareness training and phishing simulation programs
• Identify and assess security risks within the organization in real time and implement security measures to mitigate risks
• Own incident response planning and execution for corporate systems, including business continuity and disaster recovery
Product Security
• Define security policies, standards, and procedures aligned with business objectives and industry best practices.
• Partner with engineering in a way that keeps security a natural part of how engineering ships rather than a separate gate
• Own the secure development lifecycle for Aerospike's database and cloud products
• Manage third-party penetration testing and the vulnerability disclosure program
• Own vulnerability management and patching SLAs across the product line, including emerging risks specific to AI infrastructure workloads
Compliance and Governance
• Own SOC 2 Type II and lead the path toward ISO 27001 as the sales pipeline requires it, hiring and managing a compliance lead to run the program day to day
• Respond to customer security questionnaires and support technical due diligence during enterprise procurement
• Conduct regular security assessments and internal/external audits to ensure compliance and effectiveness.
• Own customer-facing incident communication and disclosure when a security event triggers contractual notification obligations
• Maintain the security portion of vendor risk assessments and data processing agreements
• Serve as the primary point of contact for customer security teams during the sales cycle
Leadership
• Manage a team of security and compliance professionals, with a hiring plan tied to company growth
• Own a security risk register and risk appetite framework, and report posture, incident trends, and compliance status against it to executive leadership and the board
• Serve as the primary technical voice on security for executive leadership and customers during procurement, translating risk into terms both audiences can act on
• Own the security budget and prioritize spend against risk
Requirements
• 10-12 years in security roles, with deep, hands-on experience in corporate and product security, including 3-5 years managing a team; a strategic thinker who is still comfortable doing the work directly given the team's current size
• Deep understanding of cloud security architecture and tooling, and familiarity with emerging AI-specific security risk
• Working fluency in compliance frameworks, particularly SOC 2 Type II, sufficient to hire, direct, and evaluate a compliance-focused direct report
• Experience presenting security posture and risk to a board or executive audience
• Track record of partnering with engineering and GTM teams as an enabler
• Experience at a B2B infrastructure or database company preferred, given the technical sophistication of our prospects and customers
Aerospike is an Equal Opportunity Employer. We are committed to providing an environment free from discrimination on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status, or any other basis covered by appropriate law.
Join us at Aerospike and be part of a dynamic team that is shaping the future of data management. Salary Range for California Based Applicants: [$300,000 - $350,000 ](actual compensation will be determined based on experience, location, and other factors permitted by law)
To keep our recruitment pipeline as high-performance as our database, Aerospike uses AI-driven tools to streamline resume reviews, scheduling, and communication. But while we love smart tech, we value human connection even more. AI helps us optimize the process, but real people make 100% of the actual hiring decisions.
Ready to apply to Aerospike?
Apply in about a minuteSimilar jobs
- Head of Security & Compliance — Casca · San Francisco
- Head of Security and Compliance — Gimlet · San Francisco
- Director, Security & Compliance — Instabase · San Francisco, CA
- Senior Manager, Security Compliance — Gitlab · Remote
- Head of Security — Tatari · San Francisco, California, United States
- Head of Security — Tatari · New York, New York, United States
- Head of Security — Tatari · Los Angeles, California, United States
- Head of Security — Parallel · San Francisco or Palo Alto