Head of Security
Colorado, United States
Full Time Executive-level / Director USD 200K - 260K
Rocket Lawyer
About the Role
As the Head of Security, you will champion and elevate the security standards of Rocket Lawyer. This role requires an individual who can integrate a robust security mindset across all departments, ensuring that every aspect of our operation and product development adheres to the highest security standards. This is a pivotal, player-coach role involving hands-on development of security roadmaps and strategies, managing a team of security professionals, and driving projects to completion, not just identifying risks.
Responsibilities
- Own and continuously improve the security framework of Rocket Lawyer's platform, ensuring alignment with industry best practices and certifications and protection of critical Rocket Lawyer and customer information against cybersecurity threats.
- Develop and oversee the implementation of detailed security strategies for general operations, AI security, and payments security, including ownership of the respective roadmaps.
- Lead the security team in achieving and maintaining PCI compliance and other critical security certifications.
- Establish and maintain secure software development life cycle (SDLC) practices across the product development organization. Transition to a secure agile delivery methodology that supports the strategic goals of the company.
- Act as a player-coach by directly engaging in the creation of strategies and detailed roadmaps, ensuring their execution and alignment with organizational objectives.
- Build and nurture relationships with key stakeholders across all departments to ensure integration of security practices.
- Conduct security control gap analysis, risk assessments, internal penetration tests, and code reviews.
- Coordinate with external security service providers and support the selection of future security services vendors and suppliers.
Requirements
- Minimum 10 years experience in Information Security at a consumer-facing online business, with a proven track record of leading security initiatives and protecting critical customer information.
- Must hold one or more of the following certifications: CISSP, CISM, CRISC, CISA.
- Strong understanding and practical experience in implementing security frameworks and secure SDLC practices.
- Experience with Managed Security Services and SOC implementations.
- Demonstrated ability to manage multiple concurrent projects and deliver results analytically and methodically.
- Excellent verbal and written communication skills with the ability to write clear technical specifications.
Preferred Qualifications:
- Expertise in AI security, including strategy development and roadmap ownership.
- Proficiency in payment security strategy and its implementation.
- Strong leadership skills with experience in a player-coach role, actively participating in strategy and roadmap development.
Benefits & Perks
- Comprehensive health plans (including Medical, Dental and Vision insurance for full-time employees)
- Unlimited PTO
- Competitive salary packages
- Life insurance
- Disability benefits
- Supplemental Optional Life Insurance Benefits
- FSA Options Optional
- HSA with Company Match
- 401k program with Company Match
- Fertility Assistance and Planning options
- Wellhub & ClassPass fitness platforms
- Comprehensive Pet Insurance options
- Financial Wellbeing & Student Loan Program access
- Access to additional Mental Health & Wellbeing resources
- Pre-tax Commuter/Transit Benefits
- Free Rocket Lawyer account with online access to an extensive legal documents library and brilliant licensed attorneys at discounted rates
By applying for this position, your data will be processed as per Rocket Lawyer Privacy Policy.
Tags: Agile CISA CISM CISSP Compliance CRISC Privacy Risk assessment SDLC Security strategy SOC Strategy
Perks/benefits: 401(k) matching Competitive pay Fertility benefits Health care Insurance Unlimited paid time off
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Cybersecurity Analyst jobs
- Open Senior Cybersecurity Engineer jobs
- Open Security Operations Engineer jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Product Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Analyst jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information Security Architect jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Agile-related jobs
- Open Network security-related jobs
- Open Risk assessment-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open CISA-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open Threat intelligence-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open EDR-related jobs
- Open PowerShell-related jobs