×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Data Security IT Support

Security & Compliance Leader

Job in Town of Poland, New York, USA
Listing for: Fly on the Cloud Sp. z o.o
Full Time position
Listed on 2026-01-12
Job specializations:
  • IT/Tech
    Cybersecurity, Data Security, IT Support
Salary/Wage Range or Industry Benchmark: 100000 - 125000 USD Yearly USD 100000.00 125000.00 YEAR
Job Description & How to Apply Below
Location: Town of Poland

About FOTC

We’re FOTC – a team of cloud enthusiasts helping companies get the most out of Google Cloud and Google Workspace. Whether it’s moving to the cloud, building smarter workplaces, using AI, or just making everyday work easier — we’re here for it. We’ve been around for over 10 years, and in that time we’ve worked with more than 6,500 companies in 50+ countries.

Big names, small teams, startups, scaleups – you name it. From our offices in Wrocław, Warsaw, Bucharest, Budapest – or from wherever we’re working remotely – we help businesses grow with the right tech. We’re a Google Cloud Premier Partner, but more than that — we’re people who genuinely like solving problems, testing new ideas, and turning complex stuff into simple solutions.

What

we believe in

We believe work should make sense – not just on paper, but in real life. That means innovation, partnership, responsibility, flexibility & adaptation, transparency, and a team you can count on. We support each other, share what we know, and celebrate wins (big and small). If you’re someone who likes figuring things out, isn’t afraid to take initiative, and wants to work with tech that actually makes a difference — you might just find your place with us.

Because at FOTC, it’s not just about cloud. It’s about people.

Responsibilities

End-to-end security of the cloud and user environments (GCP/AWS + Google Workspace) – prevention, detection, response, compliance (SOC 2, ISO 27001, PCI DSS, NIS2), privacy, and business continuity.

Scope of Accountability Security Program
  • Security/GRC Strategy and Roadmap; policies, standards, controls; asset & data classification.
  • Risk Register, TPM (Third-Party Management), BCP/DR (Business Continuity Plan/Disaster Recovery); privacy by design (in cooperation with DPO/Legal).
Cloud & Platform Security
  • Hardening GCP/AWS (IAM, networking, WAF, KMS/HSM, DLP, Secret Mgmt), CSPM/CNAPP; scanning IaC/containers in CI/CD.
  • Observability & logging: log export to SIEM (e.g., Chronicle/Big Query) + detection and SOAR playbooks.
Google Workspace Security (in-depth)
  • Identity & Access: Configuring SSO (SAML/OIDC) with IdP, SCIM/automated role assignment, Context‑Aware Access (Beyond Corp), MFA/Passkeys policies, OAuth restrictions (app access control), 3rd‑party token block lists.
  • Email & Domains: SPF, DKIM, DMARC (p=quarantine/reject), MTA‑STS + TLS‑RPT, BIMI; routing and quarantine rules; BEC/impersonation protection; S/MIME (optionally CSE).
  • DLP & Data Protection: DLP policies for Gmail/Drive/Chat, Drive labels/classification, data regions, Client‑Side Encryption (CSE) where required (e.g., legal department).
  • Monitoring & IR: Alert Center and Security Center (risk dashboard, recommendations), alert flow to SIEM/SOAR; IR playbooks for phishing/BEC/stolen sessions/OAuth abuse.
  • Compliance & eDiscovery: Google Vault (retention, hold, eDiscovery), legal holds, audits (Admin SDK Reports API), preparation of evidence for SOC 2/ISO/PCI/NIS
    2.
  • Endpoint & Browsers: Google Endpoint Management (Android/iOS/Windows/macOS), Chrome Enterprise policies (extensions allowlist/blocklist, safe browsing, download protection, password alerts), data isolation (managed profiles).
  • Automation: Admin SDK (Directory/Reports), GAM/gamADV‑XTD, Apps Script; automated response (e.g., revoke tokens, reset sessions).
Detection and IR
  • Design and operation of a lightweight SOC (SIEM/SOAR/EDR), 24/7 on‑call procedures (lightweight), tabletop exercises, RCA (Root Cause Analysis).
Dev Sec Ops  & App Sec
  • SAST/SCA/DAST, IaC scanning, SBOM, supply‑chain, signed artifacts, secret scanning, threat modeling.
Training & Culture
  • Awareness program (phishing drills), secure coding, policies for using Workspace and devices.
Management
  • Leading a small Sec Ops/App Sec/GRC team; budget; cooperation with Head of Cloud/CTO, Dev Ops, Data, Legal, DPO.
Requirements
  • 6–10+ years in cybersecurity;
    min. 3 years in cloud security (GCP/AWS/AZURE) and min. 2 years of practical Google Workspace Security experience (Enterprise/Enterprise Plus).
  • Documented implementation/maintenance: DMARC/SPF/DKIM, MTA‑STS/TLS‑RPT, DLP (Gmail/Drive), Vault (retention/holds), Alert/Security Center, Context‑Aware Access, SSO…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search