Security & Compliance Lead

Glimpse is the leading AI platform for CPG brands — automating critical back-office workflows like deductions management, revenue recovery, and cash application. Since launching in April 2024, we've grown from 0 to 200+ customers, raised $52M from investors including a16z, 8VC and Y Combinator.

Our AI agents retrieve deduction data, validate charges, automate cash application, and dispute invalid claims — work that would take a full-time employee years to complete. For a $1B CPG brand, a single Glimpse agent reviewed 17,000 deductions in under 24 hours, identifying over $10M in recoverable revenue.

We're building the next-generation suite of services for consumer brands and are looking for exceptional people to help us scale.

We're a fast-growing startup with a small but talented engineering team, and we're hiring our first Security & Compliance Lead to build the foundation for our security program. This is a high-ownership, high-autonomy role with a broad mandate: you'll own the security and compliance surface end-to-end, from access management and SOC 2 to infrastructure security and customer trust.

You'll report to CTO with full ownership of the security and compliance domain.

In year one, the work skews toward access management, SOC 2, and customer-facing security. Over time, the role grows into broader security engineering: monitoring, incident response, vendor risk, and architecture review.

If you've built a security program from scratch before and liked it, you'll recognize this job. If you want to build something from the ground up rather than slot into an existing program, read on.

• 5+ years in security or security-adjacent roles

• You've driven a SOC 2 audit - ideally owned one end-to-end, but if you ran the bulk of a program under a fractional CISO or security leader, that counts

• Comfortable in cloud environments (AWS, GCP, or Azure) and writing enough code or Terraform to automate access and infrastructure workflows

• You've owned customer security questionnaires and know how to make them faster

• Strong written communication

• A previous tour as the first or early security hire at a startup

• Experience with identity tooling (Okta, AWS IAM Identity Center, Teleport, ConductorOne)

• Experience with compliance platforms (Vanta, Drata, Secureframe)

• Other frameworks beyond SOC 2 (ISO 27001, HIPAA, FedRAMP)

• Background in security engineering, detection, or incident response

• High ownership: you don’t just advise - you drive the work to completion.

• Systems thinking: you can reason about messy workflows and design something scalable, not one-off.

• Customer empathy + backbone: you listen deeply, then confidently set boundaries and callout tradeoffs.

• Fast learner: you ramp into new domains and tools quickly.

Prime Midtown location — Penn Station, Madison Square Garden, and the city's best transit connections right at your door. *Moving to a new location in August

GLIMPSE is an Equal Employment Opportunity Employer. GLIMPSE will consider all qualified applicants for employment without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity, marital status, disability, veteran status or any other characteristic protected by law.