Home › Companies › UniUni › Information Security Officer
Information Security Officer
UniUni · Canada · Remote · Active · Rippling ATS
Job facts
| Field | Value |
|---|---|
| Company | UniUni |
| Title | Information Security Officer |
| Normalized title | - |
| Department / team | Technology, Product & Design |
| Location | Canada |
| Work model | Remote / Remote |
| Employment type | Full Time |
| Salary | - |
| Status | active |
| ATS provider | Rippling ATS |
| Posted / first seen | 2026-04-28 / 2026-05-29 |
| Changed / last seen | 2026-06-06 / 2026-06-06 |
Related slices
| Page | What it contains | Open |
|---|---|---|
| Company jobs | Active postings from UniUni. | Open |
| Company breakdowns | Role, location, ATS, and work model facets for this company. | Open |
| ATS provider jobs | Active postings observed through Rippling ATS. | Open |
| Provider filtered search | The same provider as a filtered job collection. | Open |
| Department jobs | Active postings in Technology, Product & Design. | Open |
| Work model jobs | Active Remote postings. | Open |
| Lifecycle events | Open, update, close, and reopen events for this posting. | Open |
| Original posting | Canonical source or apply URL captured from the ATS. | Open |
Linked records
| Company | UniUni |
| Source | cda69ecc-4622-4b2d-afc8-27a9620c31e8 |
| ATS provider | Rippling ATS |
Description
company
About UniUni
UniUni is a late-stage last-mile logistics company operating across the United States and Canada. We move millions of parcels for some of the largest e-commerce platforms in North America, and our technology stack is cloud-native, on AWS.
We hold an active ISO 27001 certification and SOC 2 Type II attestation. Security and compliance are not afterthoughts at UniUni; they are central to our enterprise customer commitments, investor expectations, and the trust our drivers, shippers, and partners place in us every day.
role
Role Snapshot
Reports to: Chief Technology & Product Officer (CTPO)
Location: North America (remote with periodic travel to UniUni hubs)
Scope: Worldwide operations with focus on North America
The Role We are hiring an Information Security Officer to lead UniUni's security and governance function end to end. This is a hands-on leadership role reporting directly to the CTPO. You will own the security program across cloud infrastructure, application security, data security and governance, corporate IT, compliance, and risk, and you will be the senior accountable owner for our ISO 27001 certification and SOC 2 Type II attestation.
You will work closely with engineering, platform, IT, legal, and executive leadership, and you will be UniUni's primary security voice in front of customers, auditors, and investors. You will build and lead a small, high-leverage team and set the bar for how security operates as the business scales.
Key Responsibilities
Cloud Security
Set the security posture of our AWS environments, including IAM, network segmentation, encryption, logging, secrets management, and workload protection.
Drive cloud security baselines aligned to CIS Benchmarks and the AWS Well-Architected Security Pillar, and enforce them through infrastructure as code and platform guardrails.
Lead continuous monitoring and threat detection across cloud workloads using native AWS services (GuardDuty, Security Hub, CloudTrail, Config) and complementary third-party tooling.
Run vulnerability management for cloud infrastructure, including patching cadence, remediation SLAs, and exception governance.
Application Security
Embed secure development practices into the SDLC, including threat modeling, secure code review, SAST, DAST, SCA, and secrets scanning in CI/CD.
Partner with engineering leaders to triage and remediate application vulnerabilities without slowing delivery.
Run the open source software program, including license compliance, vulnerability tracking, and remediation.
Manage the external penetration testing program, from scoping and vendor selection through findings triage and remediation verification.
Set and evolve standards for authentication, authorization, session management, and API security across internal and customer-facing applications.
Deliver enterprise SSO (SAML 2.0 and OpenID Connect) for customer-facing products in support of contractual security commitments.
Data Security and Governance
Own the data security program end to end, covering data classification, encryption in transit and at rest, key and secrets management, and protections against unauthorized access, exfiltration, and misuse.
Maintain and evolve the data classification framework across UniUni's regional and shared data warehouse environments, and drive schema-level classification into operational use by engineering and analytics teams.
Govern access to production databases, data warehouses, and analytics platforms, including approval workflows, periodic access reviews, and audit trails.
Implement and operate data loss prevention controls across endpoints, email, SaaS, and cloud storage, calibrated to the sensitivity of the data and the realities of how the business operates.
Set and enforce data residency, retention, and minimization standards in line with customer commitments and regulatory obligations across the jurisdictions in which UniUni operates.
Partner with engineering, data, and product teams on privacy by design, including data flow mapping, data sharing agreements, and the secure handling of personal information for shippers, drivers, and end recipients.
Lead the response to data subject requests, data incidents, and breach notification obligations under applicable privacy laws.
Compliance and Governance
Maintain and continuously improve UniUni's ISO 27001 certification, including surveillance audits, internal audits, risk assessments, and management reviews.
Sustain UniUni's SOC 2 Type II attestation, owning control operation, evidence collection, auditor relationships, and remediation.
Own the information security policy framework, including authoring, approval workflows, annual reviews, and employee attestations.
Operate the risk management program, including the risk register, risk treatment plans, and executive risk reporting.
Lead customer-facing security activities, including security questionnaires, contract reviews, and security clauses in vendor and customer agreements.
Support regulatory compliance efforts relevant to our business, including the DOJ Data Security Program, Canadian PIPEDA, and applicable US state privacy laws.
IT Security and Operations
Partner with IT to operate and mature endpoint security, including EDR, MDM (Intune), disk encryption, and device compliance.
Govern identity and access across SaaS and corporate systems, including SSO adoption, MFA enforcement, privileged access controls, and joiner-mover-leaver processes.
Own the SaaS inventory and run periodic access reviews, with particular attention to shadow IT and uncontrolled data flows.
Lead security awareness training and phishing simulation programs.
Run the incident response program, including the IR plan, tabletop exercises, on-call rotation, and post-incident reviews.
Contribute to business continuity and disaster recovery planning in partnership with engineering and operations.
Leadership and Stakeholder Engagement
Build and lead a small security team, with hiring underway across two tracks: Compliance and GRC, and Application and Platform Security.
Serve as UniUni's senior security voice with customers, prospects, auditors, regulators, and investors.
Report on security program status, KPIs, and risks to the CTPO and the executive team on a regular cadence.
Represent security considerations in cross-functional decisions across product, infrastructure, vendor selection, and business expansion.
Required Qualifications 10+ years in information security, with at least 3 years owning a security program or a major security domain.
Demonstrated ownership of ISO 27001 certification maintenance and SOC 2 audit execution in a cloud-native organization.
Deep hands-on experience securing AWS environments at scale, including IAM, networking, logging, and workload protection.
Strong application security background across secure coding practices, common vulnerability classes, and modern AppSec tooling (SAST, DAST, SCA, secrets scanning).
Demonstrated experience building data security and governance programs, including data classification, encryption, DLP, access governance for data stores, and privacy-aligned data handling.
Practical experience with SAML 2.0 and OpenID Connect, and a track record of rolling out enterprise SSO and MFA.
Experience operating core IT security controls, including EDR, MDM, and SaaS access governance.
Track record of leading incident response, including coordination with engineering, legal, and executive stakeholders.
Ability to translate security risk into business terms for non-technical executives, customers, and investors, in writing and in person.
Preferred Qualifications
Background in logistics, supply chain, or high-volume transactional businesses.
Experience in an organization with worldwide cross-border data flows and a focus on North America.
Familiarity with the DOJ Data Security Program and bulk data transfer rules.
Hands-on experience with the Microsoft security stack (E5, Defender, Entra, Purview, Intune), and the perspective to evaluate it against alternatives such as CrowdStrike.
Relevant certifications such as CISSP, CCSP, CISM, or ISO 27001 Lead Auditor or Lead Implementer.
Prior experience taking a late-stage company through IPO-readiness security maturation.
What You Will Find at UniUni A direct reporting line to the CTPO and regular exposure to the CEO, CFO, and the rest of the executive team.
A security program with real executive commitment, a live ISO 27001 certification, and an active SOC 2 Type II attestation.
Meaningful autonomy to shape the program and the team, balanced by the discipline and cadence of a late-stage operating company.
A growing business with the operational complexity, customer scrutiny, and learning opportunities that come with scale.
How We Work
We value direct, precise, and accurate communication. We prefer honest and defensible language over favorable framing. We write concise documentation, our meeting minutes stand up to auditor review, and we make decisions with our customers and our long-term credibility in mind.
Equal Opportunity
UniUni is an equal opportunity employer. We evaluate candidates on the basis of qualifications, experience, and demonstrated ability, and we do not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, age, or any other protected characteristic.
Full job record
| Job ID | 70a2e2a8ae495d2c4186c965d30d1809cb5ca554 |
| Org ID | 262cb4c0-ea94-4203-8e83-dfbc641e7046 |
| Source ID | cda69ecc-4622-4b2d-afc8-27a9620c31e8 |
| Board ID | cda69ecc-4622-4b2d-afc8-27a9620c31e8 |
| Provider | rippling |
| Provider Job Key | 768ce87a-e4dd-4a2f-ad6f-84a9bded3d6b |
| Title | Information Security Officer |
| Normalized Title | — |
| Status | active |
| Active | yes |
| Location Text | Canada |
| Department | Technology, Product & Design |
| Team | — |
| Employment Type | full_time |
| Workplace Type | remote |
| Remote Policy | remote |
| Country | Canada |
| Region | — |
| City | — |
| Salary Raw | — |
| Salary Min | — |
| Salary Max | — |
| Salary Currency | — |
| Salary Period | — |
| Source URL | https://ats.rippling.com/uniuni/jobs/768ce87a-e4dd-4a2f-ad6f-84a9bded3d6b |
| Apply URL | https://ats.rippling.com/uniuni/jobs/768ce87a-e4dd-4a2f-ad6f-84a9bded3d6b |
| First Seen At | 2026-05-29 07:15:35Z |
| Last Seen At | 2026-06-06 08:45:55Z |
| Last Checked At | 2026-06-06 08:45:55Z |
| Last Changed At | 2026-06-06 08:45:55Z |
| Inactive At | — |
| Source Posted At | 2026-04-28 02:24:47Z |
| Source Updated At | — |
| Raw Payload Uri | s3://job-postings-prod-raw-590183727216/raw/provider=rippling/board=uniuni/date=2026-06-06/2026-06-06T08-45-51-996Z-ee38071e54f2b93a80e5cfe1504b68bd9167dc2cc21984a1f536cbe114acb31c.json |
Event Fields
{
"content_hash": "7ef573ce9afeb47388293c813a75277488bb6015d6bb7d5127fc3de97e89ab13",
"source_hash": "01206361050b67ef2d8ab8d8cfd4ab8d118d07e46e485bc2dd85dcf746491f25",
"last_changed_at": "2026-06-06T08:45:55.939Z",
"active_status": "active"
}Parsed Structured
{
"language": "en-us",
"location": {
"raw": "Canada",
"city": null,
"region": null,
"country": "Canada",
"is_remote": true,
"confidence": 0.98,
"workplace_type": "remote"
},
"salary_max": null,
"salary_min": null,
"inferred_at": "2026-06-06T08:45:55.929Z",
"launch_scope": {
"reason": "english_us_canada",
"included": true,
"language": "en-us",
"location": {
"raw": "Canada",
"city": null,
"region": null,
"country": "Canada",
"is_remote": true,
"confidence": 0.98,
"workplace_type": "remote"
},
"countries": [
"Canada"
]
},
"remote_policy": "remote",
"salary_period": null,
"workplace_type": "remote",
"salary_currency": null
}Extensions
{}Native Structured
{
"list_job": {
"id": "768ce87a-e4dd-4a2f-ad6f-84a9bded3d6b",
"url": "https://ats.rippling.com/uniuni/jobs/768ce87a-e4dd-4a2f-ad6f-84a9bded3d6b",
"name": "Information Security Officer",
"language": "en-US",
"locations": [
{
"city": null,
"name": "Canada",
"state": null,
"country": "Canada",
"stateCode": null,
"countryCode": "CA",
"workplaceType": "REMOTE"
}
],
"department": {
"name": "Technology, Product & Design"
}
},
"detail_job": {
"url": "https://ats.rippling.com/uniuni/jobs/768ce87a-e4dd-4a2f-ad6f-84a9bded3d6b",
"name": "Information Security Officer",
"uuid": "768ce87a-e4dd-4a2f-ad6f-84a9bded3d6b",
"board": {
"logo": {
"url": "https://secured-assets.ripplingcdn.com/us1/ats/6834eb36f7f3cb49175b15d9/ats_public/6285ee53727b4dd08423dfef9761947b-sensitive.jpg?Expires=1780821955&Signature=hyrBYPWzN~xUGkZRaxxbCyOPrGAWdfAFRKWMmUMmdP353jsPXtAzLyg2-esjp3jFMd~HGmz9khtdTUD9t5yaZwdE2w284VAeyoIIG2cC10fkvVOdzH5L3raYkUSBBQskzlOOedrHCfS68~~Rq7j4BdG13m7QJHj-wr70RtbGerWpt6xyJbBBJ~fswy9xNZgd-mm8bHqAoJ2oM5yIhnJ5EmXyS9mK1OcAVMZKcgKVI95dpEQ47URwmiwStQoVTptLmDLCk5ns8JdsSp5skG7MZWx3oDnkOckAszN1~MbiC6-VtXrfX294ev-B-qFMdEThLAx4RZiJhuBJG42erjaRNA__&Key-Pair-Id=K2SM3GXN9F9XGM",
"name": "unilogo.jpg",
"type": "image/jpeg"
},
"slug": "uniuni",
"title": "UniUni Job Openings",
"banner": {
"url": null,
"name": "",
"type": ""
},
"boardURL": "https://ats.rippling.com/uniuni/jobs",
"fontType": null,
"subtitle": null,
"boardType": "RIPPLING",
"linkColor": "#101820",
"buttonColor": "#ff8f1c",
"legalNotice": "<meta name=\"rteConfig\" content=\"{"version":"0.376.0","producedBy":"block","themeName":"berry"}\"><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">uniuni.com</span></p>",
"buttonTextColor": null,
"noOpeningsMessage": null,
"groupJobsByLocation": false,
"showBoardLogoOnJobPost": true,
"showCompanyInfoUnderJobPost": false
},
"createdOn": "2026-04-27T19:24:47.739000-07:00",
"department": {
"name": "Technology, Product & Design",
"base_department": "Technology, Product & Design",
"department_tree": [
"Technology, Product & Design"
]
},
"companyName": "UniUni",
"description": {
"role": "<meta><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"font-size:18pt;white-space:pre-wrap;\">Role Snapshot </strong></b></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Reports to: Chief Technology & Product Officer (CTPO) </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Location: North America (remote with periodic travel to UniUni hubs) </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Scope: Worldwide operations with focus on North America </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><br></p><h4 style=\"font-family:"Basel Grotesk",Arial,sans-serif;line-height:1.6;font-size:18pt;font-weight:600;letter-spacing:0px;margin-top:12px;margin-bottom:4px;padding-left:0px;\"><b><strong style=\"white-space:pre-wrap;\">The Role </strong></b></h4><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">We are hiring an Information Security Officer to lead UniUni's security and governance function end to end. This is a hands-on leadership role reporting directly to the CTPO. You will own the security program across cloud infrastructure, application security, data security and governance, corporate IT, compliance, and risk, and you will be the senior accountable owner for our ISO 27001 certification and SOC 2 Type II attestation. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><br></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">You will work closely with engineering, platform, IT, legal, and executive leadership, and you will be UniUni's primary security voice in front of customers, auditors, and investors. You will build and lead a small, high-leverage team and set the bar for how security operates as the business scales. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><br></p><h4 style=\"font-family:"Basel Grotesk",Arial,sans-serif;line-height:1.6;font-size:18pt;font-weight:600;letter-spacing:0px;margin-top:12px;margin-bottom:4px;padding-left:0px;\"><span style=\"white-space:pre-wrap;\">Key Responsibilities </span></h4><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><br></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"white-space:pre-wrap;\">Cloud Security </strong></b></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Set the security posture of our AWS environments, including IAM, network segmentation, encryption, logging, secrets management, and workload protection. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Drive cloud security baselines aligned to CIS Benchmarks and the AWS Well-Architected Security Pillar, and enforce them through infrastructure as code and platform guardrails. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Lead continuous monitoring and threat detection across cloud workloads using native AWS services (GuardDuty, Security Hub, CloudTrail, Config) and complementary third-party tooling. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Run vulnerability management for cloud infrastructure, including patching cadence, remediation SLAs, and exception governance. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\"> </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><br></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"white-space:pre-wrap;\">Application Security </strong></b></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Embed secure development practices into the SDLC, including threat modeling, secure code review, SAST, DAST, SCA, and secrets scanning in CI/CD. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Partner with engineering leaders to triage and remediate application vulnerabilities without slowing delivery. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Run the open source software program, including license compliance, vulnerability tracking, and remediation. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Manage the external penetration testing program, from scoping and vendor selection through findings triage and remediation verification. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Set and evolve standards for authentication, authorization, session management, and API security across internal and customer-facing applications. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Deliver enterprise SSO (SAML 2.0 and OpenID Connect) for customer-facing products in support of contractual security commitments. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><br></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><br></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"white-space:pre-wrap;\">Data Security and Governance </strong></b></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Own the data security program end to end, covering data classification, encryption in transit and at rest, key and secrets management, and protections against unauthorized access, exfiltration, and misuse. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Maintain and evolve the data classification framework across UniUni's regional and shared data warehouse environments, and drive schema-level classification into operational use by engineering and analytics teams. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Govern access to production databases, data warehouses, and analytics platforms, including approval workflows, periodic access reviews, and audit trails. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Implement and operate data loss prevention controls across endpoints, email, SaaS, and cloud storage, calibrated to the sensitivity of the data and the realities of how the business operates. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Set and enforce data residency, retention, and minimization standards in line with customer commitments and regulatory obligations across the jurisdictions in which UniUni operates. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Partner with engineering, data, and product teams on privacy by design, including data flow mapping, data sharing agreements, and the secure handling of personal information for shippers, drivers, and end recipients. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Lead the response to data subject requests, data incidents, and breach notification obligations under applicable privacy laws. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><br></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"white-space:pre-wrap;\">Compliance and Governance </strong></b></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Maintain and continuously improve UniUni's ISO 27001 certification, including surveillance audits, internal audits, risk assessments, and management reviews. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Sustain UniUni's SOC 2 Type II attestation, owning control operation, evidence collection, auditor relationships, and remediation. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Own the information security policy framework, including authoring, approval workflows, annual reviews, and employee attestations. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Operate the risk management program, including the risk register, risk treatment plans, and executive risk reporting. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Lead customer-facing security activities, including security questionnaires, contract reviews, and security clauses in vendor and customer agreements. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Support regulatory compliance efforts relevant to our business, including the DOJ Data Security Program, Canadian PIPEDA, and applicable US state privacy laws. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><br></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"white-space:pre-wrap;\">IT Security and Operations </strong></b></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Partner with IT to operate and mature endpoint security, including EDR, MDM (Intune), disk encryption, and device compliance. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Govern identity and access across SaaS and corporate systems, including SSO adoption, MFA enforcement, privileged access controls, and joiner-mover-leaver processes. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Own the SaaS inventory and run periodic access reviews, with particular attention to shadow IT and uncontrolled data flows. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Lead security awareness training and phishing simulation programs. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Run the incident response program, including the IR plan, tabletop exercises, on-call rotation, and post-incident reviews. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Contribute to business continuity and disaster recovery planning in partnership with engineering and operations. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><br></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"white-space:pre-wrap;\">Leadership and Stakeholder Engagement </strong></b></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Build and lead a small security team, with hiring underway across two tracks: Compliance and GRC, and Application and Platform Security. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Serve as UniUni's senior security voice with customers, prospects, auditors, regulators, and investors. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Report on security program status, KPIs, and risks to the CTPO and the executive team on a regular cadence. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Represent security considerations in cross-functional decisions across product, infrastructure, vendor selection, and business expansion. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><br></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><br></p><h4 style=\"font-family:"Basel Grotesk",Arial,sans-serif;line-height:1.6;font-size:18pt;font-weight:600;letter-spacing:0px;margin-top:12px;margin-bottom:4px;padding-left:0px;\"><span style=\"white-space:pre-wrap;\">Required Qualifications </span></h4><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">10+ years in information security, with at least 3 years owning a security program or a major security domain. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Demonstrated ownership of ISO 27001 certification maintenance and SOC 2 audit execution in a cloud-native organization. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Deep hands-on experience securing AWS environments at scale, including IAM, networking, logging, and workload protection. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Strong application security background across secure coding practices, common vulnerability classes, and modern AppSec tooling (SAST, DAST, SCA, secrets scanning). </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Demonstrated experience building data security and governance programs, including data classification, encryption, DLP, access governance for data stores, and privacy-aligned data handling. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Practical experience with SAML 2.0 and OpenID Connect, and a track record of rolling out enterprise SSO and MFA. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Experience operating core IT security controls, including EDR, MDM, and SaaS access governance. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Track record of leading incident response, including coordination with engineering, legal, and executive stakeholders. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Ability to translate security risk into business terms for non-technical executives, customers, and investors, in writing and in person. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><br></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"white-space:pre-wrap;\">Preferred Qualifications </strong></b></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Background in logistics, supply chain, or high-volume transactional businesses. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Experience in an organization with worldwide cross-border data flows and a focus on North America. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Familiarity with the DOJ Data Security Program and bulk data transfer rules. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Hands-on experience with the Microsoft security stack (E5, Defender, Entra, Purview, Intune), and the perspective to evaluate it against alternatives such as CrowdStrike. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Relevant certifications such as CISSP, CCSP, CISM, or ISO 27001 Lead Auditor or Lead Implementer. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Prior experience taking a late-stage company through IPO-readiness security maturation. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><br></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><br></p><h4 style=\"font-family:"Basel Grotesk",Arial,sans-serif;line-height:1.6;font-size:18pt;font-weight:600;letter-spacing:0px;margin-top:12px;margin-bottom:4px;padding-left:0px;\"><b><strong style=\"white-space:pre-wrap;\">What You Will Find at UniUni </strong></b></h4><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">A direct reporting line to the CTPO and regular exposure to the CEO, CFO, and the rest of the executive team. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">A security program with real executive commitment, a live ISO 27001 certification, and an active SOC 2 Type II attestation.</span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">Meaningful autonomy to shape the program and the team, balanced by the discipline and cadence of a late-stage operating company. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">A growing business with the operational complexity, customer scrutiny, and learning opportunities that come with scale. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><br></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><br></p><h4 style=\"font-family:"Basel Grotesk",Arial,sans-serif;line-height:1.6;font-size:18pt;font-weight:600;letter-spacing:0px;margin-top:12px;margin-bottom:4px;padding-left:0px;\"><span style=\"white-space:pre-wrap;\">How We Work </span></h4><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><br></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">We value direct, precise, and accurate communication. We prefer honest and defensible language over favorable framing. We write concise documentation, our meeting minutes stand up to auditor review, and we make decisions with our customers and our long-term credibility in mind. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><br></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"white-space:pre-wrap;\">Equal Opportunity </strong></b></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">UniUni is an equal opportunity employer. We evaluate candidates on the basis of qualifications, experience, and demonstrated ability, and we do not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, age, or any other protected characteristic. </span></p>",
"company": "<meta><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"font-size:18pt;white-space:pre-wrap;\">About UniUni</strong></b></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">UniUni is a late-stage last-mile logistics company operating across the United States and Canada. We move millions of parcels for some of the largest e-commerce platforms in North America, and our technology stack is cloud-native, on AWS. </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><br></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">We hold an active ISO 27001 certification and SOC 2 Type II attestation. Security and compliance are not afterthoughts at UniUni; they are central to our enterprise customer commitments, investor expectations, and the trust our drivers, shippers, and partners place in us every day. </span></p>"
},
"workLocations": [
"Remote (United States)",
"Canada"
],
"employmentType": {
"id": "Salaried, full-time",
"label": "SALARIED_FT"
},
"payRangeDetails": [],
"activeJobApplication": {
"basicQuestions": [
{
"oid": "first_name",
"title": "First name",
"required": true,
"fieldType": "SHORT_ANSWER"
},
{
"oid": "last_name",
"title": "Last name",
"required": true,
"fieldType": "SHORT_ANSWER"
},
{
"oid": "email",
"title": "Email",
"required": true,
"fieldType": "SHORT_ANSWER"
},
{
"oid": "pronouns",
"title": "Pronouns",
"required": false,
"fieldType": "PRONOUN"
},
{
"oid": "current_company",
"title": "Current company",
"required": false,
"fieldType": "SHORT_ANSWER"
},
{
"oid": "phone_number",
"title": "Phone number",
"required": true,
"fieldType": "PHONE_NUMBER"
},
{
"oid": "location",
"title": "Location (city only)",
"required": true,
"fieldType": "SHORT_ANSWER"
},
{
"oid": "resume",
"title": "Resume",
"required": true,
"fieldType": "FILE"
},
{
"oid": "cover_letter",
"title": "Cover letter",
"required": false,
"fieldType": "FILE"
}
],
"customQuestions": {
"fields": [
{
"oid": "first_name",
"title": "First name",
"required": true,
"fieldData": {},
"fieldType": "SHORT_ANSWER"
},
{
"oid": "last_name",
"title": "Last name",
"required": true,
"fieldData": {},
"fieldType": "SHORT_ANSWER"
},
{
"oid": "email",
"title": "Email",
"required": true,
"fieldData": {},
"fieldType": "SHORT_ANSWER"
},
{
"oid": "pronouns",
"title": "Pronouns",
"required": false,
"fieldData": {},
"fieldType": "PRONOUN"
},
{
"oid": "current_company",
"title": "Current company",
"required": false,
"fieldData": {},
"fieldType": "SHORT_ANSWER"
},
{
"oid": "phone_number",
"title": "Phone number",
"required": true,
"fieldData": {},
"fieldType": "PHONE_NUMBER"
},
{
"oid": "location",
"title": "Location (city only)",
"required": true,
"fieldData": {},
"fieldType": "SHORT_ANSWER"
},
{
"oid": "resume",
"title": "Resume",
"required": true,
"fieldData": {},
"fieldType": "FILE"
},
{
"oid": "cover_letter",
"title": "Cover letter",
"required": false,
"fieldData": {},
"fieldType": "FILE"
}
]
},
"additionalQuestions": null
},
"hasAIEvaluationsEnabled": true,
"eeocQuestionnaireEnabled": true,
"applicationConfirmationTemplate": "68ae07f79d9850d51974d25d",
"eeocQuestionnaireEnabledForJobPost": true
},
"detail_meta": {
"url": "https://ats.rippling.com/api/v2/board/uniuni/jobs/768ce87a-e4dd-4a2f-ad6f-84a9bded3d6b",
"http_status": 200,
"content_type": "application/json",
"response_bytes": 33481
},
"detail_errors": []
}Get this page with API
Rendered from the bluedoor Job Postings API. Reproduce it:
GET https://api.bluedoor.sh/job-postings/v1/jobs/70a2e2a8ae495d2c4186c965d30d1809cb5ca554?include=descriptionJSONGET https://api.bluedoor.sh/job-postings/v1/orgs/262cb4c0-ea94-4203-8e83-dfbc641e7046JSONGET https://api.bluedoor.sh/job-postings/v1/sources/cda69ecc-4622-4b2d-afc8-27a9620c31e8JSONGET https://api.bluedoor.sh/job-postings/v1/jobs/70a2e2a8ae495d2c4186c965d30d1809cb5ca554/eventsJSON