Key skills
Information Security StrategySecurity EngineeringSecurity OperationsFirewallsIntrusion Detection SystemsData EncryptionAccess ControlsApplication SecurityDetection EngineeringSecurity Incident ResponseSecurity Infrastructure DesignSIEMEndpoint ProtectionCloud SecurityAWSAzureGCPISO 27001NISTCISCISSPCISMGIACLeadershipCommunication
About this role
Achieve is a leading digital personal finance company dedicated to helping individuals improve their financial situations through innovative solutions. The Director of Information Security will oversee the security and integrity of the organization’s systems, manage security engineering and operations, and ensure that security measures align with business objectives.
Responsibilities:
- Develop and execute the company's information security strategy, aligning it with business goals and objectives
- Establish and maintain relationships with internal stakeholders to foster a security-aware culture
- Provide executive-level guidance on security measures and initiatives, ensuring they are integrated into the overall company strategy
- Manage the information security budget effectively, allocating resources for key security projects and initiatives
- Foster a collaborative and high-performance culture within the team
- Set clear objectives and goals for the team members and ensure they are aligned with the overall security strategy
- Conduct regular performance evaluations, provide constructive feedback, and support professional development plans for team members
- Recruit and onboard new team members as needed
- Collaborate with Platform and Dev/Ops teams to ensure security best practises are being met
- Develop and execute a comprehensive security strategy, including the design and implementation of security infrastructure, policies, and procedures
- Collaborate with cross-functional teams to assess security risks and requirements/configurations for new technologies, systems, and services
- Design and implement secure network architectures, including firewalls, intrusion detection systems, data encryption, and access controls
- Ensure the effective deployment and configuration of security tools and technologies to protect critical assets
- Oversee Application Security practices working closely with Engineering teams, Dev/Ops and Platform teams
- Familiarity with detection engineering functions
- Oversee the day-to-day security operations, monitoring systems, and responding to security incidents promptly
- Lead oversight of the detection engineering / management of alerting and detections
- Implement and manage security incident response functions and procedures; including investigation, containment, and resolution of security breaches
- Create and maintain operational metrics
- Manage relationships with MssP and XDR providers
- Develop and maintain security incident response plans, including coordination with internal stakeholders and external partners
Requirements:
- Proven experience (+ 5 years) in managing security engineering and operations in a complex IT environment
- Bachelor's degree in Computer Science, Information Security, or a related field is desirable
- Strong knowledge of security principles, practices, frameworks, and industry standards (e.g., ISO 27001, NIST, CIS)
- Extensive experience in designing and implementing security infrastructure; including firewalls, IDS/IPS, SIEM, endpoint protection, etc
- Familiarity with cloud security principles and technologies (e.g., AWS, Azure, GCP)
- Strong leadership and team management skills, with the ability to inspire and motivate a diverse team
- Strong communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams
- Relevant certifications (e.g., CISSP, CISM, GIAC) are highly desirable