Director of Business Information Security
DIRECTOR OF BUSINESS INFORMATION SECURITY
Current is a leading U.S. fintech serving people who have been overlooked by traditional banks and one of the fastest growing companies with nearly 4 million members. Headquartered in NYC, our results-driven environment enables us to build better products, grow faster and empower everyone on our team to have an impact on our business and our mission to improve financial outcomes for our members.
We are seeking a highly skilled and experienced Director of Business Information Security to join our organization and lead information security and compliance efforts. This individual will play a critical role in overseeing and ensuring the security and compliance of our organization, with a primary focus on PCI (Payment Card Industry) and SOC 2 (Service Organization Control) audits. This role reports directly to Current’s Head of Compliance and will be responsible for developing and implementing comprehensive information security and compliance programs to safeguard our systems, data, and customer information. This role has a salary range of $180,000 - $250,000.
WHAT YOU’LL DO:
- Security Strategy and Governance:
- Develop and implement a strategic information security and compliance roadmap, aligning it with organizational goals and objectives.
- Establish, maintain, and enforce security policies, procedures, and controls to protect sensitive data and assets.
- Vendor Risk Management:
- Assess the security practices of third-party vendors and service providers to ensure they meet the organization's security standards.
- PCI and SOC 2 Audits:
- Lead and manage all aspects of the PCI and SOC 2 audit process, including scoping, planning, and execution.
- Ensure that the organization is fully compliant with PCI DSS and SOC 2 requirements.
- Coordinate with external audit firms, as necessary, and act as the main point of contact during audits.
- Support key partnerships with our networks and issuing banks by responding to data and security-related inquiries in a timely manner.
- Monitor changes in regulatory requirements and industry standards related to security and compliance.
- Ongoing monitoring of PCI DSS and SOC 2 compliance along with other relevant regulations and internal policies and procedures.
- Security Awareness and Training:
- Promote a culture of information security awareness throughout the organization.
- Develop and deliver information security training and awareness programs for employees.
- 7+ years of information security experience on consumer-facing technology products; experience at a financial technology company preferred
- Strong knowledge of security technologies, standards, and best practices.
- B.S. Computer Science or equivalent relevant fields
- Knowledge of current frameworks, standards and regulations such as SOC2, Cloud Security Alliance (CSA), PCI-DSS, GDPR, CCPA, GLBA, and ISO270xx
- Deep experience with cloud technologies and cloud architecture
- Excellent communication and leadership skills.
- Ability to work collaboratively with cross-functional teams.
- Experience with incident response and forensic investigations.
- Competitive salary
- Meaningful equity in the form of stock options
- 401(k) plan
- Discretionary performance bonus program
- Biannual performance reviews
- Medical, Dental and Vision premiums covered at 100% for you and your dependents
- Flexible time off and paid holidays
- Generous parental leave policy
- Commuter benefits
- Fitness benefits
- Healthcare and Dependent care FSA benefit
- Employee Assistance Programs focused on mental health
- Healthcare advocacy program for all employees
- Access to mental health apps
- Team building activities
- Our modern Chelsea-based office with open floor plan, stocked kitchen, and catered lunches