Remote Director of Information Security

Summary

Join Nova Credit as Director of Information Security and shape the global information security vision, strategy, and compliance by coordinating internal and external cyber and information security audits and translating compliance requirements into actionable cyber and information security controls.

Requirements

• Over 8 years of experience in compliance or information security roles, with a background in financial services, financial technology, startups, consulting, or other relevant fields
• Strong expertise in managing information security programs and risk management. Experience with frameworks such as SOC 2 Type II, ISO 27001, PCI-DSS, and others
• Professional certifications in security management, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or equivalent
• Proficient in ensuring compliance with regulatory requirements and industry standards, including GDPR, NIST 800-53, NIST Cybersecurity Framework, HIPAA, and ISO 27001
• Demonstrates an agile, responsive, and positive approach to managing shifting priorities
• A deep understanding of security risks, threats, and the latest industry trends and technologies to keep IT security operations current and effective, along with a track record in developing and implementing security awareness programs to educate employees about best practices and foster a strong security culture within the organization
• Proven experience developing and implementing information security policies and procedures, successfully executing programs that achieve high standards in dynamic environments
• Excellent written and verbal communication skills with the ability to effectively convey security and risk-related concepts to both technical and non-technical audiences
• An ability to creatively problem solve and find ways to achieve goals with minimal resource use
• Ability to work independently and manage and develop a team
• Skilled in maintaining strong, positive relationships across different functional areas
• Genuine interest in advancing financial inclusion for underserved consumers

Responsibilities

• Develop a deep understanding of how our products and services work and are regulated
• Conduct an assessment of our compliance and information security suite, developing ideas for documentation, improvement, and greater efficiencies in managing security incidents, technical risks, and vulnerabilities
• Familiarize yourself with our control sets, frameworks, and requirements
• Support with IT help desk questions from Novans and customer questionnaires
• Lead the deployment, monitoring, maintenance, development, documentation, and support of high-quality, reliable IT systems and networks- using industry security standards into practical security operations
• Provide hands-on technical expertise to maintain, configure, install, monitor, and support the Nova Credit team
• Work closely with our business development and supply teams to coordinate the incoming due diligence, information security, and other regulatory compliance reviews from current and prospective customers and outgoing reviews of data suppliers, including credit bureaus
• Lead and manage a team of IT security professionals, providing guidance, development, and support to ensure the effective execution of security initiatives
• Be a key stakeholder in information security, driving critical initiatives to our customers and program maturity
• Conduct regular risk assessments, audits, and vulnerability tests to identify potential security threats and develop mitigation strategies
• Develop and implement the organization's IT security strategy, policies, and procedures
• Lead the development of a roadmap to enhance our information security and compliance operations
• Prepare and present regular reports to leadership on the organization's IT security posture, including insights, recommendations, and metrics
• Monitor and analyze security incidents, investigate breaches, and implement corrective actions as necessary
• Develop and implement security awareness programs to educate employees about security best practices and promote a security culture within the organization

Benefits

$200,475 - $243,000 a year