Head of Security (IT)

Skylight’s mission is to build the OS of the family. We make consumer products, like Skylight Frame and Skylight Calendar, that are loved by millions of people across the globe. Through a singular focus on care for our customers, Skylight has scaled from a school project to over $180M in annual revenue while being completely bootstrapped. We have a huge opportunity to make family life easier and more connected, and that’s why we have been working hard to expand our team.

We're looking for a hands-on security leader. This role is a mix of strategist, IT practitioner, and vendor manager. You'll drive our information security / cybersecurity strategy within the context of our fast moving, rapidly growing company. You’ll implement policies and solutions pragmatically, and guide us as we continue to pursue a purposeful security culture built on our values of Autonomy, Rigor, and Care. And while you will not be required to write code or directly modify our cloud infrastructure (we have an incredible, supportive team to assist with this), you will prioritize and lead efforts to be implemented by our platform engineers.

In this role, you will ensure that Skylight's security policies, tools, and education are thoughtfully applied, from identification to protection to response, according to best practices. We aren’t regulated, so compliance (beyond PCI SAQ-A) is voluntary, and you will help us make decisions about which frameworks and certifications we might choose to pursue. You’ll have a ton of autonomy to plan and execute in a way that is caring both to your fellow employees and to the people who trust us with their photos, schedules, and more. We don't believe in box-ticking or security theater; we believe in rigorous, practical protection of our customers' data.

Responsibilities

• Define and own Skylight's end-to-end security strategy and roadmap.
• Balance long-term planning with hands-on execution as a solo practitioner.
• Ensure ongoing compliance with all adopted frameworks and certifications.
• Manage relationships with security vendors and partners: pen testers, bug bounty programs (we currently work with Hacker One), auditors, SaaS providers (Okta, Google, etc.), and more.
• Build playbooks for identifying, responding to, and recovering from any future security incidents.
• Triage and lead responses to reports, alerts, and potential threats.
• Ensure that customer service has the information, training, and support they need to respond to questions about data privacy and security.
• Drive initiatives in areas like device management, endpoint protection, etc.
• Oversee identity and access, endpoint protection, monitoring, and incident response practices.
• Implement security training that is genuinely helpful and approachable for every employee.
• Partner with Engineering and Product to further embed best security practices into our development cycles without slowing velocity.
• Clearly communicate risks, posture, and progress to stakeholders and leadership.

Requirements

• 7+ years in cybersecurity or a related field.
• Proven track record designing and scaling security programs in fast-growing environments.
• Solid foundation in identity and access, endpoint/device management, detection and response, and governance.
• Experience managing bug bounty programs, identity security, and phishing-prevention tools/campaigns.
• A+ communication skills: you can engage engineers, customer service reps, and executives with clarity and pragmatism.
• Passion about protecting customer data as an act of rigor and care, not just compliance.
• Pragmatic and resourceful autonomy: You are able to prioritize, sequence, and execute without over-engineering and without explicit direction.
• Genuine enthusiasm for serving our customers by protecting their precious data.

Benefits

Our competitive compensation package includes:

• Competitive Salary + Equity Package
• 401K matching
• Wellness, learning, and home-office budgets
• Health, Dental & Vision Medical Plans
• Tremendous autonomy to set the direction of your work
• Unlimited PTO
• Company holidays on the first Friday of every month (Except November, December, and January)

Equal opportunity employer

Skylight is committed to building a diverse and inclusive team. All qualified applicants will be considered without regard to race, color, religion, sex, sexual orientation, gender identity or expression, age, national origin, disability, protected veteran status, or any other factor protected by applicable federal, state, or local laws. If you’re the best person for the job, we want you on board!

We hire across the U.S., but for legal reasons, we have to list NY and CO separately.

For Colorado-based candidates, the range being offered for this role is $200-$220K based on experience and for California-based candidates, the range being offered for this role is $$200-$220K based on experience. Pursuant to the San Francisco Fair Chance Ordinance, we will consider employment for qualified applicants with criminal histories in a manner consistent with the requirements of this law.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.