VP, Information Security

Who We Are:

Socure is redefining identity verification with groundbreaking technology, supporting myriad organizations with the most accurate authentication tools in the industry.

What we build helps businesses scale faster, stop fraud, and ultimately allows millions of people who are excluded from the digital economy (due to outdated fraud detection models) to take part in it like everyone else. 

Our culture is about innovation, winning, and customer obsession. We are full of top performers that prioritize excellence and results, as well as support for one another, on the path to achieving our mission: to verify 100% of good identities in real time and completely eliminate identity fraud for every applicant on the internet.

To learn more about working at Socure visit our career page here: https://www.socure.com/company/careers

What the Role Is:

Reporting into the CISO, the Vice President of Information Security provides the direction and strategy for protecting the confidentiality and integrity of Socure’s systems and related infrastructure, ensuring that a comprehensive cybersecurity program is effectively managed by leveraging industry best practices to protect and prevent cyber threats based upon their risk and potential impact to the organization.

What You'll Do:

• Designs, builds and implements a standards-based information security management program in accordance with Socure’s Information Security Policies & Standards and in alignment with Socure’s business priorities
• Provides strategic leadership of Socure’s information security program, coordinating information security standards and compliance across all products
• Provides clear, concise metrics, analytics and reporting of Socure’s risk posture to executive stakeholders
• Serves as the strategic information security risk advisor to Socure’s Product, Engineering, and Data Science teams and other key technical and business leaders
• Evaluates Socure’s information security risk in accordance with Socure’s enterprise-wide information security strategy to develop an annual information security management plan specific to Socure’s operating environment
• Establishes key performance indicators and proactively reports to Socure’s CISO and executive stakeholders on performance of information security activities and metrics, and related risk posture
• Maintains Socure’s information security management program in accordance with company, industry, and legal/regulatory requirements
• Ensures Socure’s information security program is integrated with Socure’s products, as well as enterprise IT system planning, development, and acquisition lifecycle
• Leads Socure’s information security-related workflow mapping and related policy and procedural documentation management
• Monitor and ensure compliance with Socure’s information security program by employees, non-employees, and third parties.
• Ensures that the individuals accountable for controls are implementing, testing, and remediation any failures or deficiencies effectively and within established SLAs
• Manage Socure’s corporate information security staff in a direct and matrix team structure, and provides leadership to support complex and ever-evolving operational requirements for the business.
• Leads Socure’s security change management, vulnerability management, application security, and cloud platform security activities in close collaboration with enterprise IT security teams, ensuring clear and measurable security requirements are available and a clear assessment methodology is in place to allow consistent compliance verification for across all environments
• Along with the CISO, represents Socure’s security compliance interests in all matters: with partners, suppliers, and industry associations to ensure the bi-directional flow of technical information and best practices in the area of information security
• Regularly evaluates, reviews and reports on the effectiveness of Socure’s information security management program to the CISO, executive team, and company as a whole
• Leads Socure’s internal and third-party assessment programs from a Security perspective, ensuring that the level of effort for each assessment is commensurate with the sensitivity of information and/or content to be shared and aligned with key partners like GRC on compliance and control matters
• Provides expert-level analysis of alternatives, design and implementation plans, and makes recommendations to the CISO and executive leadership team supported by strong research skills and provided through strong communication skills
• Works in conjunction with Socure’s GRC teams to supervise and review updates to information security policies, architecture, standards, and/or other technical documents
• Stays abreast of latest industry and legal/regulatory developments in information security to ensure appropriate and proactive adjustments are made to Socure’s information security posture and controls
• Drives innovation of security programs and underlying process and solutions to stay ahead of the threat landscape

What You'll Bring:

• Bachelor’s degree or equivalent work experience required; Advanced degree is a plus
• 10+ years of relevant senior leadership experience in information security, within complex, rapidly growing, and globally-distributed organizations based in AWS public cloud environments.
• Action oriented with high standard for quality and performance
• Solid business acumen with a high level of integrity and dependability, and an understanding of the needs and strategic imperatives of other departments across the organization.
• Demonstrated expertise in crafting and managing department-wide budgets, FP&A forecasting, BVA reconciliation, and optimizing Capex/Opex spend and allocations.
• Strong familiarity with information security, risk management, and IT governance standards and frameworks (e.g., NIST 800-53, ISO 27001, FedRAMP, etc.), including developing and reporting on KPIs to Executive/Board-level audiences in both business and technical roles.
• Proven ability to inspire, motivate and lead multiple teams to produce quality work in the design and development of security solutions and operations.
• Demonstrated inclusive leadership that embraces diversity.
• Proven ability to successfully operate in a highly-matrixed organizational system where partnership and influence across departments are key drivers of success
• Demonstrated experience in identifying, achieving cross-functional buy-in/alignment on, and leading large organization-wide security initiatives.
• Experience in formal risk assessment and risk management practices, including third party and supply chain risk management.
• Demonstrated ability to continually develop team capabilities and mentor/develop junior staff.
• Excellent written and verbal communication skills
• Excellent presentation and group dynamics skills
• Experience in Financial Services, Identity Verification/Fraud Prevention, High Tech API/SaaS or related industries is a plus.
• Current or prior certifications in one of more of the following - CISSP, CISM, CISA, CPP, CRISC, CEH

Perks & Benefits:

• Competitive base salary
• Equity - every employee is a stakeholder in our enormous upside
• A tech-first company culture driven by entrepreneurial thinking and talent
• A great team working in unison towards the same mission
• Transparency is what our product is built on—and so is our culture
• Generous medical, dental and vision benefits for employees and their dependents
• Flexible PTO
• 401K with company match
• Free meals, snacks, and drinks...and so much more

We are an equal opportunity employer and value diversity of all kinds at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.