Job Description

Description

We're looking for someone great to lead critical work in Security & Compliance!

Your primary task is to strengthen our security processes and keep our agency and our clients safe. You will take extreme amounts of initiative and enthusiasm to get things done. To do this, you should have a natural curiosity to research, experiment and reach out to the right people.

We're looking for someone who is driven to build comprehensive security systems, but also practical enough to understand real-world constraints and create resilient safeguards when the ideal setup isn't immediately available. Strong problem-solving is a must. You should be able to break down complex security issues into manageable components and execute them flawlessly.

You will be responsible for communicating with internal teams, clients, and vendors to win buy-in, explain risks, enforce compliance, and keep everyone aligned.

Key Responsibilities

Implementing, monitoring, and maintaining endpoint and network security tools (CrowdStrike, MFA, SSO, VPNs, password managers, etc.) Managing user access controls and enforcing security policies across all devices (including BYOD). Conducting vulnerability assessments and coordinating incident response. Reviewing and hardening security configurations for web servers, cloud environments, and third-party integrations. Supporting compliance efforts for ISO 27001, GDPR, SOC 2, and similar frameworks. Creating and maintaining security documentation (policies, procedures, incident response plans). Monitoring system logs and alerts for suspicious activity and responding to events. Running employee security awareness training and phishing simulations. Collaborating with Development and DevOps to ensure secure coding and deployment practices. Coordinating with clients and vendors on security questionnaires, audits, and compliance requirements.

Skills, Knowledge and Expertise

Experience:

2+ years in Endpoint Security Management, particularly for web agencies with a remote, BYOD policy.

Communication:

Strong written and verbal communication skills (you may be asked to complete a live email task during the interview)

Grit:

High persistence and follow-through to ensure people comply with security processes

Clarity:

Ability to clarify vague requests, ask smart questions, and structure security recommendations clearly

Analysis:

Strong analytical and reasoning ability

Benefits

Cutting-edge work in a fast-growing CRO environment where security is mission-critical Permanently remote work environment Full-time position with semi-flexible hours -- must overlap 4 hours with EST (8 AM-12 NN ET) Technology reimbursement (hardware and software support) Company-sponsored training and security certifications 20 days of paid vacation plus holidays Competitive salary

About Spiralyze

Spiralyze is a U.S.-based A/B testing company trusted by leading brands like Pepsi, Netflix, General Electric, CrowdStrike, NBA, Okta, Workday, and American Express Travel. We help businesses turn more website traffic into revenue, with a global team of 180 full-time employees across 20+ countries.

Our process begins with deep research to uncover what's blocking conversions. We translate those insights into high-impact designs, build new web pages, and run A/B tests to measure results. We're growing fast and looking for talented people to join us.