Chief Information Security Officer (CISO)

About Caribou 

At Caribou, we’re on a mission to help drivers save money and take control of their car payments. Caribou does this by using technology to unlock low rates, and people to make the process easy and enjoyable. We offer a fully online application and a dedicated team to walk you through the process. We put Driver in control.

In the last year alone, we grew revenue by 5x and raised a $50M Series B. We’re built by leaders from the technology, automotive, and finance industries, and we’re proud to be backed by a great team of venture capital investors, including QED Investors, Goldman Sachs, Moderne Ventures, Accomplice, Link Ventures, Motley Fool Ventures and others.

About the Role 

Caribou is looking for a Chief Information Security Officer (CISO) to drive the vision and lead the team that will make Caribou an industry leader in information security and consumer data protection.  This will involve building out our nascent security programs, working cross-functionally on policy, and stewarding the security roadmap.  As a leader, you will continue building the security team and facilitate security-related work across the company.  Your altitude will range from developing and presenting Board-level roadmaps to designing technical strategy that shifts our software development left on security.  You will work closely with   the Chief Technology Officer to whom this role reports.

About You

Leadership Ability

• Relationship builder who relentlessly strives to foster trusting relationships and put others first to enable high-performing teams
• Transformational leader who motivates through attitudes, beliefs, and values rather than via compliance, enabling highly autonomous security teams
• Collaborator who thrives when working cross functionally to solve strategic problems across the business
• Systems thinker who considers human and technical factors when planning and making decisions
• Empath strongly motivated by a mission that creates positive outcomes for our world

Cross-Departmental Collaboration

• Thoughtful communicator who can relate a potentially arcane subject to a Board member or an engineer alike (or basically anyone else!)
• A cross functional nexus who understands the policy needs of legal, compliance, HR/P&C, and integrates those needs into the security programs
• Adept at consulting with senior-level stakeholders across the company to identify risk areas, find security blindspots, and implement remediations

Expertise

• You love learning.  Whether at university/school, on the job, or in your free time - you put in the time & effort to develop your craft.
• Develop novel processes and solutions by synthesizing industry knowledge, organizational context, and first principles thinking.
• Build high performing and autonomous security teams that are technically competent and highly cohesive
• Previous experience with both front line security and security program development at a senior level, and in the regulated financial services industry
• Strong working knowledge of applicable laws and regulations related to technology, data handling, security, and privacy in Financial Technology
• Knowledge of and experience with incident and risk management
• Knowledge of and experience with some or all of al the cornerstone security frameworks (NIST, AICPA SOC 2, PCI-DSS, ISO27XXX, CCPA, GDPR,  etc.), technologies (SIEM, DLP, SOAR, Encryption, IDS/IPS, , etc.) and regulatory guidance and expectations (FFIEC, GLBA, etc.)

How we will take care of you

Everyone at Caribou is a valued team member, and we always strive to live up to our value Take Care of Each Other. Our compensation and benefits package includes: 

• Competitive base salary compensation: $250K-$300K annually
• Equity in a high-growth company
• 401k savings program with 3% company contribution
• Generous paid time off including: 20 days accrued PTO per year, 14 annual company holidays, 16-weeks paid parental leave, bereavement leave, and volunteer day
• Robust wellness benefits including company-paid plans for health, dental, vision, mental health, disability and basic life insurance
• Optional benefits to suit your individual circumstances such as HSAs, FSAs, supplemental life and medical insurance, and pet insurance
• Up to $1,000 per year for eligible professional development expenses

Our Core Values

We come from all walks of life and are joined together by our shared values, which guide our work. This helps us improve life for our customers, our communities and our team members.

• See people as people
• Take care of each other
• Commit to the mission
• Move quickly and bravely
• Get better every day
• Seek truth

Our Security & Tech stack is not limited to this list but gives you a general flavor of our ecosystem: Elastic/ELK SIEM, BugCrowd, GCP, Kubernetes (GKE), Github, Postgresql, Ruby, Haskell, TypeScript, GoLang

This role can be based out of Caribou offices in Washington, DC; Denver, CO. Alternatively, the CISO may work remotely from a state where Caribou does business. However, this role will require attendance at occasional in-person meetings. As a result, candidates must be fully vaccinated against COVID-19 to be eligible for this position.

Caribou is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, sexual orientation, pregnancy status, marital status, military or protected veteran status, genetics, or any other characteristic protected by law. This position is not restricted solely to the responsibilities listed above, and the scope and responsibilities are subject to change. A pre-employment background check is required as a condition of employment.