Director, Information Security
Orum is revolutionizing how consumers and businesses send, receive, and access money through its platform of API-based, embeddable infrastructure products. Powered by proprietary intelligence, Orum optimizes transactions for speed, cost, and risk, enabling intelligent routing across multiple rails--including ACH, same-day ACH, RTP, crypto, wires and more--unlocking 24/7/365 money movement for our partners.
The Orum team is helmed by expert fintech operators from LearnVest, Marqueta, N26, Square, Bread and Stash and has raised over $82M from leading investors, including Accel, Canapi, Bain Capital Ventures, Inspired Capital, Homebrew, Acrew, BoxGroup, Clocktower Ventures, Primary Ventures, SVB Capital, and American Express Ventures. To learn more, visit Orum.io.
At Orum, we are a remote-first and people-first company. We believe that working remotely presents a unique opportunity to build a diverse team that opportunistically leverages distance to asynchronously work better. We have thoughtfully invested in the right tools and practices that will enable individuals to bring their best selves to work while having the flexibility and support to enjoy their personal lives. We are committed to cultivating an equitable and inclusive work environment where everyone's voice matters. If you’d like to play a part in crystallizing the vision of a world where money is smart, real time, and fully automated, we’d love to hear from you.
About the Role
We are seeking a Director of Information Security to join our Operations team. This person will be responsible for managing, scaling, and deploying Orum’s information security posture as it relates to the organization's proprietary technology, IT and SaaS tools, security policies and practices, and critical partnerships. This role will report to Orum’s Head of Operations and act as the primary, hands-on, security resource for key business functions and initiatives. You would be joining a small team of experienced technologists and business people excited to be changing the experience of moving money in the US for everyone.
The ideal candidate will bring a high level of expertise in information security frameworks, controls and audit techniques. You can quickly understand the security operations and challenges in the current and future state of the business’s SOC2 compliant operations.
As a Director of Information Security, you will oversee five main categories:
- Strategic Planning and Growth
- Plan, build, and deploy an InfoSec roadmap and define the future of the department
- Create and manage an internal team to support your vision and maintain alignment of key objectives across the organization
- Product Security
- Protection and processes regarding all of Orum’s product related assets and systems
- Cloud and infrastructure security, application security, control automation through CI/CD integration, alerts and monitoring, etc.
- Enterprise IT Security
- Protection and processes regarding all non-product related assets and systems
- Examples of such systems include Google Workspace, Okta, collaboration tools, wikis, CRM, finance systems, employee laptops/desktops, secure web gateway, CASB, etc.
- GRC (Governance, Risk, & Compliance)
- Program maintenance and delivery of all monthly, quarterly, and annual requirements for existing certifications
- Policy management, risk assessment, supplier and vendor management
- Prospective and existing due diligence, audit management, customer questionnaire response services, access and change management, ongoing employee security training
- Incident Response and Business Continuity
- Security operations configuration, monitoring, and responding to alerts 24x7x365
- Disaster recovery, Data Loss Prevention, and strategic response trainings
You should apply if:
- You have 6+ years of experience in Risk Management, Information Security, IT and/or as a senior leader of technology teams.
- Strong knowledge of common information security management frameworks, such as SOC2, ISO/IEC 27001, and NIST.
- Working knowledge of Zero Trust concepts and tools, including Secure Web Gateway, CASB, and Software Defined Perimeter.
- Self starter, comfortable completing hands-on work that will help us scale and automate future workflows
- Experience with Cloud computing services including but not limited to AWS, GCP, and Azure
- You are prepared to make decisions and move quickly
- You are born operator with a love of collaborative problem solving and a passion for information security
- You want to work in a very fast-paced and fluid small-team environment at a growing company.
About our Benefits
- Competitive Salary
- 100% paid medical for you and your dependents, as well as dental and vision plans
- Healthcare and Dependent Care FSA
- 401(k) Matching
- Employee stock incentive plan
- Take what you need PTO
- 12 paid holidays & 1-week company-wide time off in December
- Paid parental leave
- Paid monthly mental health days for you to reset and focus on your personal well being
- Weekly meeting-free, deep-work days
- Bi-weekly paid virtual “Cafeteria” lunches
- Subsidized membership to co-working spaces
- Quarterly health and wellness stipend
- Stipends for remote office supplies
- Ongoing professional development
Orum.io provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
Tags: Application security Automation AWS Azure Cloud Compliance Crypto Finance FinTech GCP Governance Incident response Monitoring NIST Product security Risk assessment Risk management SaaS SOC2 Vendor management
Other jobs like this
Explore more Cyber Security career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cybersecurity in general, filtered by job title or popular skill, toolset and products used.
- Open Security Operations Analyst jobs
- Open Senior Security Operations Engineer jobs
- Open Senior DevSecOps Engineer jobs
- Open Senior Infrastructure Security Engineer jobs
- Open Head of Information Security jobs
- Open Application Security Engineer/Architect jobs
- Open Senior Security Analyst jobs
- Open SOC Analyst jobs
- Open Offensive Security Engineer jobs
- Open Lead Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Information System Security Officer (ISSO) jobs
- Open Sr. Security Engineer jobs
- Open Senior Information Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Information Security Officer jobs
- Open Senior Threat Intelligence Analyst jobs
- Open Cloud Security Operations Lead jobs
- Open Security Researcher jobs
- Open Security Engineer II jobs
- Open Senior Information Security Analyst jobs
- Open Cloud Security Automation Specialist jobs
- Open Account Executive, Cyber Security jobs
- Open Security Consultant jobs
- Open GCP-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open Analytics-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Audits-related jobs
- Open Clearance-related jobs
- Open PCI-related jobs
- Open Agile-related jobs
- Open Threat intelligence-related jobs
- Open OWASP-related jobs
- Open Forensics-related jobs
- Open IDS-related jobs
- Open CISM-related jobs
- Open Ruby-related jobs
- Open Governance-related jobs
- Open CISA-related jobs
- Open DevSecOps-related jobs
- Open Open Source-related jobs
- Open ISO 27001-related jobs
- Open Security assessments-related jobs
- Open Encryption-related jobs
- Open GDPR-related jobs