Director, IT Security & Compliance
Remote
About Figure
Figure is transforming the trillion dollar financial services industry using blockchain technology.
In three short years, Figure has unveiled a series of fintech firsts using the Provenance blockchain for loan origination, equity management, private fund services, banking and payments sectors - bringing speed, efficiency and savings to both consumers and institutions. Today, Figure is one of less than a thousand companies considered a unicorn, globally.
Our mission requires us to have a creative, team-oriented, and supportive environment where everyone can do their absolute best. The team is composed of driven, innovative, collaborative, and curious people who love architecting ground-breaking technologies. We value individuals who bring an entrepreneurial mindset to every task and will embrace our culture of innovation.
Every day at Figure is a journey in continuous learning yet a daily focus on getting work done that makes a difference. Join a team of proven leaders who have already created billions of dollars in value in the FinTech space!
Forbes America’s Best Startup Employers
Forbes Top 50 Blockchain Companies
About the Role
Figure is seeking a Director for the Information Technology Security team reporting to the Chief Information Security Officer to develop the governance, risk, and compliance service. This individual will be responsible for managing Information Security Risk across the corporation and products and will lead development of a multi-year strategy for building the service.
What You'll Do
- Create and implement a strategy for the development and implementation of an IT Security governance, risk and compliance program responsible for developing supporting services, developing a team to deliver those services, and the evaluation, implementation and support of any supporting technologies and service providers
- Develop and implement a IT Risk Management program that measurably demonstrates risk reduction and risk management effectiveness
- Maintain and enhance existing policy library supporting the information security program
- Develop and lead internal compliance programs to build demonstrable and effective security controls across the corporation and products
- Advance third party compliance programs in alignment with regulatory requirements and business development needs including but not limited to SOC2 Type 2, PCI, and ISO 27001
- Manage and respond to risk assessments sought by vendors and partners
- Support security review of contracts
- Perform risk assessments of vendors, sub-service providers and partners to determine their compliance with security policies and standards
- Deliver and enhance the security awareness program
- Monitor the regulatory environment and incorporate into strategic planning
- Track the latest GRC security innovations and maintain awareness of supporting technologies
- Support business continuity planning and testing
- Build and lead the IT security GRC team, security experts and advisors
What We Look For
- 6+ years of proven IT security experience with at least 2 years in a senior role. 2 Years of team leadership preferred
- Experience obtaining SOC 2 Type 2, PCI, or ISO 27001 third-party attestations for businesses or products
- Bachelor’s degree in IT, Computer Science or related technology field is preferred
- Proven history of developing and managing cyber security services or programs for Financial Services, SaaS, Cloud or Technology companies
- Excellent communication, interpersonal and leadership skills, with experience in managing teams
- Business process experience, and ability to link information security issues to broader business goals
- Ability to lead and motivate cross-functional teams while thriving in a fast-paced growing company. A proven record of dealing with complex projects and meeting conflicting demands
Benefits and Perks
- Competitive salary and growth opportunities
- Company quarterly performance based bonus
- Equity stock options package
- Employer funded comprehensive health, vision, dental insurance and wellness program for employees and their dependents
- Employer funded life and disability insurance coverage
- Company HSA, FSA, Dependent Care, 401k, and commuter benefits
- Up to 12 weeks paid family leave
- In office, remote, and hybrid work location options
- Home office and technology stipend for those working outside of a traditional office more than 75% of the time
- Flexible time-off plan to empower employees to take the time off that they want and need
- Continuing education reimbursement
- Routine Team swag deliveries!
Depending on your residential location certain laws might regulate the way Figure manages applicant data. California Residents, please review our California Employee and Prospective Employee Privacy Notice for further information. By submitting your application, you are agreeing and acknowledging that you have read and understand the above notice.
Figure will not sponsor work visas for this position. In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire.
#LI-SS1
Tags: Banking Blockchain Cloud Compliance Computer Science FinTech Governance ISO 27001 Privacy Risk assessment Risk management SaaS SOC SOC 2 Strategy
Perks/benefits: 401(k) matching Career development Competitive pay Equity Flex hours Flex vacation Health care Home office stipend Insurance Salary bonus Startup environment Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs