Head of Security

About the Role: Head of Security at Ashby

I’m Abhik, Ashby’s Co-Founder and VP of Engineering, and I’m looking for a knowledgeable, collaborative, and creative leader to scale our security program and build out our security team as our new Head of Security. You will inherit a good, nascent security program that I started and our former Head of Security & IT improved. Your mission will be to scale this program and team through our next phase of high growth.

Ashby builds powerful and easy-to-use recruiting software, replacing multiple venture-backed products, often with a superior experience. We serve notable customers like Notion, Linear, Shopify, and Snowflake, boasting tens of millions in ARR, thousands of customers (including Enterprise), over 120% year-over-year growth, very low churn, and many years of runway.

Due to our success, Ashby manages a significant amount of sensitive information and PII (personally identifiable information) for candidates and customers, a volume that is only increasing as the product expands. This presents fascinating security challenges that you will lead and solve in collaboration with other departments.

Key Challenges & Responsibilities

Your immediate challenge will be to build out the security team and scale our existing program. While it has been a team of one, we've implemented automations (e.g., one-click offboarding) and services (e.g., SecurityPal), and other departments (e.g., Support triages security@) assist with routine work. Initially, you’ll need to be a hands-on security generalist. By year-end, you will have expanded the team (1-3 individuals), processes, and automation to offload routine tasks.

Other key challenges include:

• Navigating LLMs and AI: Adopt new technologies at startup speed while establishing robust security and privacy controls. You’ll collaborate with IT and leadership to build policies, processes, and systems for rapid departmental adoption.
• Countering Recruiting Industry Threats: Lend expertise to Product and Engineering to develop in-product counters for mass bot applications and fraudulent candidates. You'll also work with customers and the industry to build external strategies.
• Managing Sensitive Data Risk: Address risks associated with expanding into people workflows and capturing more sensitive data, without hindering customer support. Partner with Engineering, IT, and Customer Support to create tools, integrations, and safeguards for practicing least privilege through smart automations.

What We're Looking For

Most importantly, we seek a collaborative leader who approaches security from a first-principles perspective. Unlike teams that blindly follow norms or aim for zero risk at the expense of velocity, you will identify, expose, and educate on risk, then collaborate to determine optimal mitigation or compromise, always prioritizing business objectives and objectivity.

Secondly, you should excel at building high-quality, scalable processes. You can step back from hands-on work to identify needs for new processes or playbooks. You are technically proficient enough to identify automation opportunities and either build them yourself or partner with IT and Engineering teams.

Finally, excellent internal and external communication is essential. Customers need confidence in Ashby's data security, which you'll achieve through robust security practices, empathetic documentation, and one-on-one meetings with larger customers' security teams. Internally, your communication will influence over 250 people, guiding opinions, prioritizing security, and fostering strong security awareness.

Ideal candidates will have experience as a Head of Security at a startup, having built a security program from the ground up and overseen its scaling. A background in Engineering is exceptional but not required.

Why You Might Not Be a Fit

• You have no experience managing information security personnel; this role involves building a team (1-3 hires) within the first year, and we lack the bandwidth for management coaching.
• You've only been a line or middle manager; this role requires setting the strategy and roadmap for our security program and posture.
• You haven't managed a security program at our scale (thousands of customers, hundreds of employees); expertise is needed to navigate the security concerns of our growth.
• You don't enjoy interacting with other departments, customers, or the broader industry; you are the face of Ashby Security.
• You don't view security as a customer-service function; we believe security should be an enabler through education, challenge, and delight.

Key skills/competency

• Security Program Management
• Risk Management
• Information Security
• Application Security (AppSec)
• Governance, Risk, and Compliance (GRC)
• Data Security
• Security Automation
• Team Leadership
• Cross-functional Collaboration
• Strategic Planning