AltScore is seeking a highly skilled and motivated Head of Data Protection & Security to join our fast-growing SaaS company. This leadership role is responsible for ensuring the company's data security, regulatory compliance, and overall protection of sensitive information. The ideal candidate will possess a deep understanding of data security best practices, compliance frameworks, and risk management strategies. Moreover, the Head of Data Protection & Security should demonstrate a customer-centric approach, ensuring that security measures do not impede product functionality, ease of use, or hinder the sales process. This role requires a unique blend of technical expertise, strategic thinking, and business acumen. You’ll work directly with the CTO, product team, company’s legal team, and report to the COO.

At AltScore, we are a highly meritocratic company where employees are rewarded based on results. We believe in creating a culture of ownership and accountability, where each team member is empowered to take ownership of their work and drive their own path to success. As a fast-growing company, we offer plenty of opportunities for career growth and advancement, and we are committed to providing our team members with the support and resources they need to succeed. At AltScore, your career growth is only limited by the results you achieve, and we encourage our team members to think big and take risks in pursuit of their goals.

Responsibilities ✔️

• Ensure compliance with ISO, SOC 2, GDPR , Mexico, Ecuador, California and other relevant data privacy laws in the USA and Latam, developing and implementing policies, procedures, and controls to meet the requirements.
• Collaborate with internal teams to establish data minimization practices, consent management processes, and procedures to address data subjects' rights, including the right to be forgotten.
• Work with product team to ensure that all Altscore’s product is best-in-class from a Data Security perspective
• Lead and oversee audits, including SOC 1, SOC 2, and SOC 3 audits and ISO 27001 certification, ensuring compliance with control objectives and requirements.
• Stay updated on emerging data privacy laws and regulations, such as GDPR, CCPA and PIPEDA, and assess their impact on AltScore's data protection practices.
• Lead incident response efforts, including managing data breach incidents, coordinating investigations, and executing data breach notification procedures in accordance with GDPR and other applicable regulations.
• Conduct regular risk assessments and vulnerability assessments to identify potential weaknesses and implement appropriate controls.
• Stay informed about emerging threats, trends, and industry developments, and proactively update security strategies to address new risks.
• Develop and maintain documentation, such as Data Protection Impact Assessments (DPIAs), privacy policies, and procedures, to demonstrate compliance with data protection regulations.Lead incident response efforts, including managing data breach incidents, coordinating investigations, and executing data breach notification procedures in accordance with GDPR and other applicable regulations.
• Understand cloud technologies and architectures, such as Google Cloud Platform and AWS, and apply associated security and compliance considerations in data protection strategies.
• Apply data security principles, including encryption, anonymization, and pseudonymization techniques, to safeguard sensitive data.
• Collaborate with cross-functional teams to embed security considerations throughout the product development lifecycle without compromising functionality or user experience.
• Conduct thorough security assessments of new features, products, and systems to identify potential risks and recommend appropriate security controls.
• Champion a culture of secure coding practices, security testing, and ongoing vulnerability management to ensure the product is robust and resilient.
• Address security issues related to database technologies, ensuring secure database configurations and access controls.
• Balance security requirements with customer expectations and usability, ensuring security measures do not create unnecessary obstacles or impede the overall user experience.
• Engage with customers, understand their security concerns, and provide guidance on secure product usage, privacy, and data protection practices.
• Collaborate with customer support and sales teams to address security-related inquiries, concerns, and provide expertise during the sales process.