Information Security Lead

About Rox

Rox is building the AI-native revenue operating system for modern go-to-market teams. Backed by Sequoia, GV, and General Catalyst, we’re working with some of the most ambitious enterprise teams to replace fragmented CRM workflows with intelligent, autonomous systems. Rox connects data across the GTM stack, deploys AI agents to do real work, and gives revenue leaders a clear, shared picture of what actually drives outcomes.

We’re a small, fast-moving Series A team taking on one of software’s most entrenched categories — and we’re winning by combining deep technical rigor with obsessive focus on usefulness.

About Security at Rox

Security at Rox is not a compliance afterthought — it’s a product and trust enabler. Our customers trust us with sensitive revenue data, workflows, and AI-driven decision systems, which means security must be thoughtfully designed into everything we build.

Today, security is owned collaboratively across Engineering, Platform, and Leadership. This role exists to centralize ownership, raise the bar, and ensure Rox scales with a security posture that customers, partners, and auditors can trust.

About the Role

This is a founding Information Security Lead role for someone who wants real ownership.

You will be responsible for defining and executing Rox’s information security strategy end-to-end — from cloud infrastructure and application security to policies, audits, and incident response. While this role is hands-on today, it is also a leadership role: you’ll establish the foundations, set standards, and help determine how and when the security function scales.

You’ll work closely with Engineering, Product, and Leadership to ensure security enables velocity rather than blocking it — and that Rox earns trust without slowing down.

What You’ll Do

• Own Rox’s information security program end-to-end

• Design and implement security architecture across cloud infrastructure, applications, and data systems

• Establish and maintain security policies, controls, and best practices

• Partner with Engineering to embed security into development workflows and system design

• Lead compliance efforts (e.g., SOC 2), including audits, documentation, and ongoing readiness

• Define incident response processes and act as the primary owner during security events

• Assess risk proactively and communicate tradeoffs clearly to leadership

• Help determine how the security function scales — including future hires, tooling, and process

What Success Looks Like

• In your first few weeks: You understand Rox’s architecture, data flows, and risk surface

• Within a few months: Security practices are clearer, more consistent, and easier for teams to follow

• Over time: Rox operates with strong security posture, customer trust increases, and security scales without slowing product velocity

Must-Have Skills

• Experience leading information security or security engineering efforts in B2B SaaS environments

• Strong understanding of cloud security, application security, and modern infrastructure

• Hands-on experience with compliance frameworks (e.g., SOC 2) and audit processes

• Ability to partner effectively with Engineering and Product teams

• Comfort operating in fast-moving, ambiguous environments

• Strong judgment and the ability to balance security rigor with execution speed

• Clear communication skills, especially when explaining risk and tradeoffs

Why This Role Exists

Rox is growing, and trust is foundational to that growth. This role exists to ensure security is owned, intentional, and built to scale — not bolted on later.

If you’re excited about building a security program from the ground up, working closely with product and engineering teams, and having real influence over how a company earns and keeps customer trust, this role offers that opportunity.