Information Security Officer Remote

Location: Colombia (Remote)

Contract Type: Fulltime Colombian Labor Contract

About Us

WebRTC.ventures is one of the few software development agencies in the world dedicated exclusively to realtime applications. Originally founded as AgilityFeat in 2010, we began specializing in WebRTC in 2015. We are headquartered in Charlottesville, VA, with a QAtesting center in Panama City, Panama, and a remote office in Bogotá, Colombia. With primary operations in North and South America, we serve clients around the globe. Our team has always been remote—something that fuels our passion for realtime communications.

The Role

We are seeking a proactive and experienced Information Security Officer to lead our security initiatives across internal systems and clientfacing, cloudbased applications. The ideal candidate has a strong background in risk assessment, incident response, and regulatory compliance (including HIPAA), and is comfortable collaborating with crossfunctional teams such as DevOps, QA, and Engineering. Experience with realtime communication technologies like WebRTC or VoIP is highly valued, as is the ability to design and implement practical security controls in fastpaced, developmentdriven environments.

Fluent English is a must! B2+ or above is required for this clientfacing role.

Key Responsibilities

• Develop, implement, and regularly update security policies, procedures, and standards to align with organizational and client goals, and regulatory requirements (e.g., HIPAA, GDPR, CCPA).
• Conduct regular risk assessments and security audits of internal systems, cloud environments, and active projects to identify vulnerabilities and areas for improvement.
• Design and execute security processes, tests, and controls for internal and clientfacing software applications.
• Monitor and respond to security incidents and breaches, coordinating investigation, mitigation, documentation, and reporting.
• Manage access controls and internal user credentials, including regular reviews of permissions and segregation of duties across systems and applications.
• Oversee asset management and infrastructure security, working closely with DevOps to enforce leastprivilege access and secure hardwaresoftware environments.
• Collaborate with development, QA, and operations teams to integrate security into all phases of the software development lifecycle and deployment pipeline.
• Provide security specifications and compliance input for client proposals and project planning, ensuring early alignment with requirements.
• Ensure HIPAA compliance for all relevant platforms and guide broader data privacy compliance efforts.
• Manage information security programs for both internal and client applications, including billing and database access controls.
• Create and lead security awareness training programs to foster a securityconscious culture across the organization.
• Conduct thirdparty vendor security assessments to evaluate risk and ensure contractual and regulatory compliance.
• Maintain and optimize security tools and monitoring systems, such as firewalls, IDSIPS, and antivirus software, to ensure proactive threat detection and prevention.

• 
  

  
  

  Technical Qualifications

  • Bachelor’s degree in Computer Science, Engineering, or equivalent practical experience
  • 4+ years of experience as an Information Security Officer (ISO) or in a related security leadership role for cloudbased applications in a remote software company
  • Proficiency with security tools and technologies for threat detection, prevention, and monitoring
  • Strong understanding of network architecture, operating systems, and cloud computing platforms, with the ability to identify and mitigate security risks in these areas
  • Demonstrated experience in developing, implementing, and maintaining security policies, procedures, and standards aligned with industry best practices and regulatory requirements
  • Familiarity with relevant security and privacy frameworks and regulations, such as GDPR, HIPAA, and NIST
  • Proven ability to assess security risks and vulnerabilities and to design effective mitigation strategies
  • Experience in incident response planning and execution, including managing realtime security incidents
  • Strong crossfunctional collaboration skills, particularly with management, QA, and DevOps teams
  • Leadership capabilities to promote a securityfirst culture and influence organizationwide security awareness
  • Commitment to continuous learning and staying current with emerging security threats, trends, and technologies

  • 
    
    

    Bonus Qualifications

    
    

    • Knowledge of WebRTC and security considerations for realtime, webbased communication platforms is a plus
    • Experience with AI agents is a plus
    • Experience with Compliance automation platforms such as Drata or Vanta is a plus
    • Security certifications (e.g. CISSP, CISM, ISO 27001 Lead Implementer) are a plus.

    • 
      

      
      

      General Qualifications

      • Fluent English (B2+), both written and spoken
      • Proactive, professional, respectful, and courteous communication
      • An entrepreneurial mindset with the initiative and resourcefulness to quickly identify problems, overcome challenges, and provide timely solutions
      • Experience working in agile teams using Scrum or Kanban methodologies
      • Ability to work remotely with headsetcamera equipment, responsive during working hours, a quiet place to work and reliable internet connection

      • 
        
        

        Fluent English is mandatory.
        All information must be submitted in English.