Overview & Scope

PortX is a leading AI-powered data and integration company for modern banking, bringing systems together and data to life through our unified platform for modern integration, governed customer 360 data, and next-generation payments.

We're in strong growth mode and are hiring our first dedicated Head of Security role in our HQ on Mercer Island, to own the company’s security posture end-to-end. You will build the function from a strong but informal foundation, establish repeatable processes, and position us for SOC 2 Type II and ISO 27001 certification as we quickly scale. This is a hands-on leadership role — you will be both the strategist and, initially, the primary executor running a small but dedicated team.

In addition to a competitive basic salary, benefits include an attractive equity package, insurance (medical, dental, vision), unlimited PTO, and 401(k).

Duties & Responsibilities

• Own and evolve the company’s security strategy, roadmap, and risk register; report quarterly to leadership and the board.
• Lead all compliance efforts — SOC 2 Type II (in-flight), ISO 27001, applicable AI standards and customer security questionnaires.
• Manage and mature our cloud security posture across AWS and on-premises customer environments, including IAC security, secrets management, and network segmentation.
• Partner with Engineering to embed security into the SDLC: threat modelling, secure code review, SAST/DAST tooling, and pen-test remediation.
• Own the incident response plan; be the on-call escalation point for security events.
• Build and run a lightweight security awareness and training program for all staff.
• Manage relationships with MSSPs, pen-test vendors, and external auditors.
• Support Sales and Customer Success on enterprise security reviews, RFPs, and contractual DPA/MSA negotiations.
• Hire and grow a small but mighty security team (1–2 hires in Year 1) as budget permits

Experience & Qualifications

Required

• 8+ years in information / product security roles, with at least 2 years in a leadership capacity at a SaaS or fintech company.
• Proven track record driving SOC 2 Type II or equivalent compliance at a company of comparable size (50–200 employees).
• Deep hands-on expertise in cloud security (AWS), identity & access management, and application security as well as on-premises connectivity e.g. VPNs etc.
• Experience supporting enterprise sales cycles with security documentation and customer-facing audits.
• Strong communication skills — able to translate technical risk into business language for executives and board members.

Nice to Have

• CISSP, CISM, or equivalent certification
• Background in financial services, banking technology, or regulated data environments.
• Familiarity with PCI-DSS and banking industry financial regulations.
• Experience building a security function from scratch at a high-growth startup.