Head of Information Security at Earnest
San Francisco, CA, US
Earnest is a next generation financial technology company disrupting consumer lending. We are a quickly growing team of math nerds, designers, computer geeks, and relentless innovators going after a huge market by creating a company built on flawless design, powerful software, advanced data science, and an incredible client experience. We believe that if we fundamentally re-engineered banking it would look and feel completely different than how it does today – and that is what we have set out to do.

Our team is made up of people who are both inspired innovators and results driven —individuals who are prepared to roll up their sleeves, to challenge the status quo, to venture far beyond what's comfortable, and who are able to fail and get back up again.

The Role:

We are seeking a Head of Information Security to lead efforts to protect sensitive information for our external applications and internal systems. This key role reports directly to the VP of Engineering. You will be accountable for designing, implementing, managing and reporting on security controls throughout the company and ensuring compliance with appropriate governmental regulations. You will identify potential risks, threats and vulnerabilities present in the environment and provide guidance for appropriate security controls to mitigate them. In addition, you will advise and assists executives with risk management of confidential information, data security training and compliance on security matters.

This role is the customer-facing compliance interface. The Head of Security works with prospective and existing partners to ensure all areas of security compliance are addressed adequately. You’ll interact with internal and external auditors to ensure we are maintaining the highest standards relative to compliance.

As Head of Security you will:

Manage the delivery of all day-to-day information security operations, policies, architecture and governance
Provide overall information security management direction to the company
Manage all due diligence for the security function and security systems
Develop and maintain a threat model for Earnest’s information systems
Directs the development and enforcement of information security and privacy policies in compliance with industry standards and regulatory requirements
Collaborate with internal stakeholders to define and drive the security agenda for the information security program
Partner with leaders in IT, Engineering and Legal to ensure information security efforts receive appropriate prioritization and resources
Provide security guidance on new projects and technologies
Develop and maintain metrics to measure Earnest’s security posture
Regularly provide the leadership team with useful measurement of security risks and mitigation plans
Develop and maintain security control frameworks/guidelines to ensure consistent application of security controls
Maintain documentation of security controls
Respond in-person and via written form to inquiries from Earnest partners, investors, regulators and other third parties

10+ years of relevant work experience leading corporate information security programs and an ability to contribute at both strategic and tactical levels
Demonstrated experience developing and managing a security vision and documentation of security controls
Certifications: (one or more) CISSP, CISM, CISA or CRISC
Experience with regulatory standards such as SOC 2, PCI DSS and ISO 27001/2
Ability to evaluate risks, articulate issues, develop consensus, raise awareness and provide and implement solutions
Excellent written and oral communication skills
Experience in host, network and application security
Knowledge of attacker lifecycles and strategies to inhibit attacker activity

Qualified applicants with criminal histories will be considered for the position in a manner consistent with the Fair Chance Ordinance.