Security Architect

About the Company:

At Bamboo Rose, we are transforming the retail industry with our cutting-edge SaaS platform that specializes in Product Lifecycle Management and Supply Chain technology. We empower retailers to navigate the complexities of global sourcing and product development, streamline operations, and deliver exceptional products to market faster. Our commitment to customer success drives us to deliver innovative, integrated, and easy-to-use solutions that provide unmatched value, backed by world-class service and support.

At Bamboo Rose, we live by the values of Transparency, Performance, and Trust. Nowhere are these principles more critical than in security, where collaboration across the entire organization is key to safeguarding our systems and data. As a Security Architect, you will champion these values by fostering trust, driving high performance in our security practices, and ensuring transparent communication to support our shared security goals.

Job Overview:

We are seeking an experienced Security Architect to oversee and lead our information security program. This role will be responsible for building out a comprehensive corporate-wide information security management program, ensuring that information assets are adequately protected across our global operations.

This role will report to our Chief Technology Officer (CTO) and work closely with the executive team including the Chief Executive Officer (CEO), to develop and implement a security strategy that aligns with business objectives and regulatory requirements.

Key Responsibilities:

• Security Strategy Development: Define, implement, and oversee the organization’s information security strategy, ensuring robust security posture that aligns with business goals and regulatory requirements.
• Stay Current: Monitor emerging cybersecurity threats, technologies and vulnerabilities including risks specific to supply chain operations, to ensure Bamboo Rose maintains a proactive and resilient security posture.
• Risk Management: Identify, assess, and mitigate security risks related to Bamboo Rose’s products, cloud infrastructure, and corporate systems to minimize potential breaches or failures.
• Security Policies & Compliance: Continuously evolve corporate security policies, supporting their implementation across IT and software development teams. Maintain evidence of policy enforcement to support audits and certifications (e.g., GDPR, SOC1, SOC2 and customer security reviews).
• Security Architecture: Design and implement secure systems and network architectures in collaboration with IT and software development teams, embedding security throughout technical systems and processes.
• Incident Response: Continuously develop, harden and test an incident response plan to ensure swift and effective handling of security warnings, alerts, or attacks, ensuring that the company can respond quickly and effectively to minimize damage.
• Compliance and Auditing: Manage compliance with legal and regulatory requirements related to data privacy, security and intellectual property. With the help of the team and subject matter experts, lead security audits and certifications.
• Employee Training, Awareness & Exercises: Create and deliver internal security awareness programs and simulation exercises to reduce the risk of human error, phishing and social engineering.
• Vendor Management: Evaluate and manage the security protocols of third-party vendors and partners to ensure alignment with Bamboo Rose’s security standards.
• Security Metrics: Provide regular updates to the executive team on KPIs, metrics, and the status of security initiatives, threats, and incidents, highlighting the effectiveness and areas for improvement in security controls. Establish and track security metrics to measure the performance of initiatives, ensuring ongoing refinement of security strategies and alignment with business goals.

Qualifications:

• Bachelor’s or Master’s degree in Information Security, Cybersecurity, Information Technology, or a related field.
• Minimum of 7 years of experience in information security, with at least 3 years in a leadership role.
• Proven experience in leading security operations for a SaaS company.
• Strong understanding of cloud security, data privacy laws, and regulatory frameworks (e.g., GDPR, SOC 2).
• Hands-on experience with security architecture, risk management, incident response, and vendor security management.
• Proficiency in tools such as SIEM solutions, vulnerability management platforms, and cloud security systems (e.g. Azure).
• Relevant security certifications such as CISSP, CISM, CISA, or equivalent.
• Excellent leadership, communication, and crisis management skills.
• Ability to work collaboratively across departments and with external partners to ensure a robust security infrastructure.