Are you looking for a friendly, fast-paced workplace with an emphasis on helping customers and empowering team members? Snap Finance is a thriving leader in the financial services industry, and our team members are the foundation of our success.
Snap knows that happy, empowered, and engaged team members are essential to innovation and business success- and our approach is working. Come join us!
Snap Finance is a rapidly growing FinTech company focused on digital disruption in the $1+ trillion financial services industry.
Our proprietary technology platform and machine-learning decision algorithms are changing the face and pace of consumer retail finance.
FinTech is the combination of technology and finance and is at the forefront of the next generation of emerging disruptive technologies with the ability to democratize the lending process for all consumers.
Snap has a strong supportive culture and is dedicated to its customers, merchant partners, and team members.
Snap Finance is seeking a dedicated Director of Information Security to help protect its digital assets as well as physical security.
You will be responsible for driving all security-related projects, support audit proceedings, champion certification, and attestation processes and lead a dedicated team of security engineers.
This individual will review define and implement security protocols aligned with the company culture, market and needs, while working within a budget, and meeting the company’s expectations.
Establish and execute a strategic, comprehensive, enterprise-wide information security program, with supporting directives, plans, programs
Develop and maintain information security standards, policies, and guidelines and oversee their distribution in the company.
Identify assess, mitigate and monitor risks, vulnerabilities, and gaps to improve the overall effectiveness of the security program and improve awareness of best information security practices.
Work directly with customers who have information security questions, concerns, and assessments.
Review legal contracts as needed to help ensure information security requirements are reasonable and in-line with industry-
best security practices and the security program.
Produce security whitepapers and marketing content, as needed, to help customers understand the security program and practices in place.
Achieve and maintain security compliance certifications relevant to the organization (e.g., SOC2, PCI, ISO 27001, GLBA).
Provide leadership and guidance on information security topics advising and collaborating on security processes, business continuity, and disaster recovery plans.
Keep an eye on security vulnerabilities and threats and ensure that system and application security design is follows best security practices.
Work closely with technology and other teams to ensure security is factored into the evaluation, selection, installation, and configuration, and deployment of applications and software.
Be involved in security investigations and recommended courses of action. Assist with related legal matters associated with such events as needed and suggest actions to prevent future incidents.
Monitor external threat environment for emerging threats and advise relevant stakeholders on appropriate courses of action.
Provide regular reporting on the current state of the information security program to executive management, the CTO and other senior managers as appropriate.
Establish metrics and reporting framework to measure the efficiency, effectiveness, and maturity level of the program.
Connect organizational requirements with security goals.
Provide oversight to the architecture and engineering of new security systems including evaluating technical designs.
Prepare financial forecasts and budgets to execute effective security programs and operations.
Provide leadership, training, and guidance to team members by building and maintaining a top performing team.
10+ years of related security experience.
Prior experience as CSO, CISO, VP of Security, or Director of Security.
Extensive knowledge of various security standards (e.g., ISO 27001, Trust Services Principles, NIST SP 800-53r4, OWASP Top 10, SANS Top 20, and associated laws, rules, and regulations.)
Experience instantiating, managing, and creating information security programs including creating security policies, processes, controls, and programs.
Ability to identify, assess, mitigate, and monitor threats and risks.
Extensive knowledge of the various security requirements at the federal, state and local level in the privacy and security areas.
Extensive knowledge of all layers of the technology stack network, systems, database, application, code, infrastructure-
as-a-service providers and how to secure each of these layers.
Experience using IDS, SEIM, log-based alerting, vulnerability scanning, and other key security technologies.
Knowledge of various encryption techniques and their proper utilization.
Interpersonal communication skills for training and working with others.
Previous experience hiring, training, developing, and leading members of the security team.
Experience interacting directly with customers to help instill and maintain customer trust in the security program.
Experience managing ongoing security assessments and programs such as SOC2, PCI, and ISO 27001.
Demonstrates excellent oral and written communication skills with the ability to communicate to a technical and non-technical audience including senior management.
Demonstrates ability to establish relationships and build rapport to influence colleagues at all levels, uncover issues, and identify needs.
Bachelor's degree in related technology field (Information Technology, Information Systems, Computer Science, or another technical field).
Certification(s) in the information security areas such as the CISSP (Certified Information Systems Security Specialist) preferred by not required.
BENEFITS : 401k
Medical, Dental & Vision
Long-term & Short-term Disability
Generous Paid Time Off (PTO)
Company Sponsored Events
All-Around Awesome Company Culture
Snacks & Rocket Fuel
Snap values diversity, and all qualified applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.