Director, Information Security

dv01 is the world’s first end-to-end data management, reporting, and analytics platform offering loan-level transparency and insight into lending markets, making them more efficient for institutional investors and safer for the world. In a nutshell, we’re doing our part to prevent a repeat of 2008.

You Will:

• Lead and manage information security and risk program. You will create, implement and keep up-to-date security policies and practices to secure sensitive customer data and ensure information security and compliance with applicable laws and customer requirements.
• Run internal security audits, penetration testing, and risk assessments. You will conduct a continuous assessment of existing IT security practices and systems, identify areas for improvement and lead the remediation effort. You will lead engineering efforts to ensure the monitoring of security vulnerabilities and hacking threats in the cloud and on-prem.

Qualifications:

• 5+ years of security experience in a B2B data company. You are intimately familiar with the compliance requirements of B2B data protection and web application security, both in the cloud and on-prem. Prior experience working in or with financial institutions is a plus.
• Knowledgeable on cloud and modern open-source technology stack. You are an expert in enterprise cloud security and architecture with a thorough understanding of security offerings from leading cloud providers such as Azure, AWS, or GCP.
• Hands-on security architect. You have a thorough understanding of the security and engineering details around vulnerability assessment, threat detection, identity management, mobile device management, endpoint security, network security, and monitoring. Experience implementing and managing a business environment that is compliant with a widely used security framework (e.g., SOC II, NIST, ISO) is a plus.
• Excellent written and verbal communication skills. You have extensive experience working with external auditors to complete audits and customer-vendor management to complete vendor questionnaires. You are capable of effectively communicating and documenting dv01's information security and risk program.
• Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Global Information Assurance Certifications (GIAC) or other similar credentials

Benefits & Perks:

• Highly collaborative culture (weekly town halls, virtual cross-team coffee hour)
• Almost 100% paid benefits (medical/dental/vision)
• Continuous learning (prototype/hackathon day, brunch & learns, Scala overviews)
• Weekly $100 lunch allowance
• Free premium Equinox membership
• Unlimited PTO
• Company virtual and in-person outings (social distance safe picnics, happy hours, team qi gong, book club, etc.)
• Casual, collaborative culture