Security and Compliance Lead

Bubble is a revolutionary software development platform with a simple mission: make technology accessible to everyone and help people bring their ideas to life. Rather than specializing in one or two aspects of web development, Bubble’s full-stack visual programming interface does it all, allowing you to customize your UX with a drag-and-drop editor, build out logic, manage databases, and integrate with anything via plugins and API. 

With all the tools needed to build a site like Facebook or Airbnb, anyone from first-time entrepreneurs to enterprise-level companies can take an idea from concept to fully functional, scalable reality faster and cheaper than you could with just code. As the only full-stack, no-code platform on the market with over 3 million users in over 100 countries, Bubble is breaking down the barriers to entrepreneurship and innovation across the globe.

What we’ve achieved:

Our product is working, and we are thriving. Entire VC-backed companies have been built entirely on Bubble. After finding product market fit and 8 years of bootstrapping, we raised a $100 million Series A and we’re one of the fastest-growing companies in the New York tech ecosystem. 

You can build just about anything on Bubble. For example, all new hires build Bubble apps as part of their onboarding, and a recent hire on our Customer Success team built their own version of the social media application Goodreads in 4 days. It has user authentication, an activity feed, upvotes, commenting, followers, lists, account management, live updates, a fully loaded database, API connectivity, and more.

About the Security team: 

Bubble Security is responsible for our information security program. The goal of the program is to reduce risks in our systems and establish trust with our users. With this being our first dedicated security and compliance hire, our goal is to establish a robust framework that reduces risk, ensures compliance, and strengthens trust with both internal stakeholders and external users.

About the role:

We’re a scaling startup looking for a driven, hands-on, pragmatic, and business-oriented Security & Compliance Lead to serve as our first dedicated security hire. In this role, you’ll be a thought leader, consultant, and subject matter expert—collaborating across the organization to develop, implement, and regularly assess our security, privacy, and compliance practices. You’ll coordinate efforts for audits, questionnaires, and overall improvements to Bubble’s security and reliability. This is an intellectually challenging position with significant ambiguity and complex problem-solving, offering a unique opportunity to make a meaningful impact on our organization’s future.

In this role, you’ll:

• Establish, track, and report key performance indicators to your stakeholders on a regular basis.

• Be the main point of contact for audits/assessments including audit plan preparation, policy creation, review of documentation and evidence, evaluation of procedures, and interviews.

• Work collaboratively with internal teams (Engineering, Legal, Product, and People) to identify, manage, and implement solutions related to privacy, data protection, and compliance requirements.

• Provide leadership and guidance to key stakeholders on questions or issues related to security, privacy, and compliance. 

• Leverage knowledge of industry standards and best practices to assess the current state of security and compliance risks, identify areas of exposure, and address the gaps by implementing remediating controls. 

• Lead our security incident response process and vulnerability disclosure programs, ensuring swift detection, thorough investigation, and prompt remediation of potential threats.

About you: 

• 5+ years experience in a role focused on software security, privacy, and/or compliance with an understanding software products and security council work 

• Successful experience working, collaborating, and establishing credibility and relationships with senior leadership, colleagues, and customers

• Demonstrated success working with external auditors, outside consultants, and legal affairs

• Experience or knowledge of security risk assessments and gap analysis

• Experience with HIPAA and one or more IT security compliance frameworks, such as DORA, PCI DSS, and NIST CSF

• Experience and knowledge of cloud space (AWS, Azure, GCP)

• Certified Information Systems Security Professional (CISSP) preferred (or CISA, CISM)

Compensation:

We offer competitive compensation aligned to tier one markets. Our estimated salary for this role at Bubble ranges from $150,000 to $200,000. Actual pay is determined by multiple factors such as skills, qualifications, experience and market demand.

Location: 

For this role, Bubble is currently only considering candidates who are authorized to work in the US and are within the New York City metro area.

We prefer hiring people within commuting distance of our NYC office because we value getting together in person regularly. For those who enjoy working from our Manhattan office on a more regular basis, we offer catered lunches, and happy hours, among other fun perks.

Benefits:

In addition to cash and equity compensation, Bubble offers a robust benefits package equating to roughly twenty thousand in additional annual compensation:

Our benefits include, but are not limited to:

• Comprehensive health coverage

• 401(k) Matching

• Wellness and Work Enablement stipends

• Flexible PTO

• A Sabbatical program

Join us!

Let’s democratize access to technology together! If this sounds like you, apply! If you don’t meet all of the qualifications but think you could be a match, we’d still love the chance to review your application. At Bubble, we encourage people from all ages, abilities, and experiences to apply. Bubble does not discriminate on the basis of race, color, ancestry, religion, national origin, sexual orientation, age, citizenship, marital or family status, disability, gender, gender identity or expression, pregnancy or caregiver status, veteran status, or any other legally protected status.