Director of Security and Compliance

We are looking for a Director of Security and Compliance to join our Operations group.

In this position, you will be responsible for establishing and maintaining the Earnix roadmap, programs and policies to ensure information assets are protected, establish compliance and security standards and ensure ongoing adoption of best practices and relevant regulations.

You will use your abilities to solve complex technology problems in development processes and in Operations. You will also maintain Earnix’s security training and education program for Earnix employees on compliance and security best practices aiming at increasing knowledge and creating security conscious mindset.

As a Director of Security and Compliance you will also be responsible for overseeing the implementation of the policies, ensuring the technology platforms and applications are secure and participate in customer discussions always balancing security and business continuity risk/reward decisions.

You will establish, maintain, and oversee the company-wide vision, strategy, architecture, policies and programs to ensure Earnix is protected and can recover from technical, environmental and/or other types of business disruptions. Contribute DR/BCP initiatives, conduct tests and ensure the organization is resilient.

What you’ll do::

• Manage a team of security and compliance experts.
• Set priorities and drive implementation for our vulnerability management, information security monitoring/security operations, offensive security, and threat intelligence programs.
• Comply and implement security requirements to allow for corporate and product compliance to industry standards including ISO 27001, ISO27017, ISO27018, ISO27701, ISO22301, SOC2, GDPR and other regulatory data handling.
• Provide management oversight for security tools deployment and implementation.
• Optimise security policies, initiatives and standards supporting regulatory compliance, loss and fraud prevention, and breaches in information security.
• Build and nurture external networks consisting of industry and peers, partners, vendors and other relevant parties to address common trends, findings, incidents, and cybersecurity risks.
• Architect and optimize a software security organization that focuses on automation & and self-service.
• Responsibility for cloud security and CI/CD security, ability to supervise and prioritize DevSecOps workload and effort.
• Investigate potential incidents and communicate with appropriate executive management as well as local, state and federal officials in support of appropriate legal protocol.
• Serve as the key advisor to executive leadership in the development, implementation and maintenance of a strong information security program.
• Collaborate with Software Engineering leaders to ensure developed software is meeting industry best practices and standards.
• Partner with the DevOps and architecture teams to expand the security architecture and SSDLC standards to validate alignment between security and engineering framework as a whole.
• Collaborate with Platform Engineering, ITOps Engineering, Data Engineering, Product Engineering, and other technical and business functional leaders to implement changes and best practices to continuously improve the security posture of the organization.
• Manage 3rd party audits with external partners and vendors (including PCI/NIST, SOC, ISO, etc.)
• Collaborate with the legal, compliance and privacy functions to conduct reviews/audits, recommend policies and procedures, monitor status and report violations to appropriate management.

You’ll do it using:

Seasoned information security expert who has built/led a broad security organization, set strategic direction at the executive level, engaged with senior leaders, influenced/gained consensus on key initiatives, and has a record of measurable results.

• Experience with running compliance programs (worldwide), ISO27K and SOC2 in particular.
• Proven track record and experience in successfully executing programs that meet the objectives of excellence in a dynamic business environment.
• Professional certification, such as a CISSP, CISM, CISA or other information security credentials, is preferred.
• Previous experience with Cloud or/and Fintech company
• Minimum five years' demonstrated successful experience in compliance, security, administrative and/or operational duties in a management role.
• Proven experience with managing a team.
• Ability to effectively communicate in English, both verbally and in writing.
• Excellent computer skills. MS Word, Excel and PowerPoint proficiency.