Stash is investing, simplified. We are an investing platform that makes it easy for anyone to start with as little as $5. Through empowering our users with education and guidance, we help investors learn the basics so they can do it themselves. At Stash, we are working toward a future where investors are as diverse as our world.

The Director of Information Security will create and implement Stash’s information security policies and procedures across all our software products and all our physical locations. This hire will ensure policies and standards are developed and followed and that all information security risks are identified and addressed.

This position requires the coordination and management of external security vendors testing and directing QA and Engineering teams as appropriate to test our applications and to ensure that measures are in place to mitigate any vulnerabilities. They will work with the CTO to ensure security is incorporated into all aspects of the company to pre-empt external and internal threats. They will also work with Compliance on security policies, guidelines, and standards. Finally, this individual will also partner with business unit leaders to define program objectives and implement initiatives in order to assess risk, monitor controls, and evolve information security and technology risk management.

What you'll do:

• Lead and manage information security and risk program
• Research, identify and evaluate emerging cybersecurity threats and technologies to resolve them
• Provide hands-on support, maintenance and oversight of security tools, technologies and service providers
• Formulate customer security risk assessment and due diligence questionnaires
• Produce detailed security and risk briefs for management and administrators
• Document security for data at rest and in-flight
• Prepare cost estimates for security-related expenses
• Document any integration issues with third-party vendors
• Leads and manage incident response team
• Liaise with Legal & Compliance to verify conformance of security implementations with applicable laws, rules, and regulations

What we're looking for:

• 8+ years of experience working in Information Security in a management role
• Demonstrated experience with leading platforms for vulnerability assessment, intrusion/threat detection, forensic analysis, identity management, mobile device management, endpoint security, and monitoring
• Experience with regulatory compliance programs in the areas of cybersecurity, privacy, confidentiality and data protection
• Formal and industry-recognized security education or certifications such as CISSP, CISM, OSCP
• Familiarity with industry security standards including NIST 800-53, ISO 27001, and ISO 27018
• Familiarity with Service Organization Control (SOC2) Reports and Vendor Audits
• Ability to maintain confidentiality while dealing with sensitive information
• Strong verbal and written communication skills

**No recruiters, please