Head of Information Security Compliance at Bread

| Greater NYC Area
Sorry, this job was removed at 11:21 a.m. (EST) on Tuesday, October 29, 2019
Find out who's hiring in NYC.
See all Operations jobs in NYC
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Bread is a technology company that aims to transform the world of paper credit card applications and hidden interest rates by providing leading point-of-sale financing options for merchants across the e-commerce journey. We build tools, technologies and APIs that allow merchants to integrate an installment loan financing and checkout experience anywhere in their customers’ shopping journey. Bread was started in 2015 by financial technology veterans, and has experienced explosive growth to date. We’re backed by top investors including Menlo Ventures, Bessemer Venture Partners, Kinnevik, among others.

Bread is looking to hire a dedicated Head of Information Security Compliance. This role is critical to Bread’s core business of offering transparent financial products for merchants and consumers while maintaining the trust and confidence of our customers that we will protect their privacy and their personal information. You’ll be creating a robust, secure and compliant data regime to protect both the company and customers’ assets and privacy, while fostering a culture of security and compliance with the various department leaders and throughout the organization.

The Head of Information Security Compliance:

  • Oversees and coordinates information security risk management and compliance efforts across Bread, including departments such as Engineering, Information Technology, Human Resources, Legal, Finance and other groups
  • Drives the execution of the information security risk assessments and information security compliance initiatives and standards throughout the organization. 
  • Owns the development and administration of Bread’s information security policies, setting procedures and guidelines to ensure that all information systems are functional, secure and safeguarded throughout the company and are in compliance with privacy, customer trust and applicable information security laws and regulations 
  • Works closely with key individuals throughout the organization to develop business cases for new security projects and provides appropriate expertise to manage associated information security risks
  • Provides leadership, technical expertise and administrative support for the development of Disaster Recovery and Business Continuity programs for the company. 
  • Leads information security risk management and compliance efforts related to strategic partnerships

Day to Day Responsibilities include:

  • Develop and Maintain our internal information security risks and controls catalogue 
  • Lead strategic partnerships and relationship-building in support of our ongoing security-compliance commitments such as SOC-1, SOC-2, PCI, and ISO27001. 
  • Drive resolution of information security gaps or control deficiencies, and help business owners prioritize remediation activities
  • Executing information security risk assessments for third-party vendors, and responds to information security diligence requests from external partners 
  • Manage the information security relationship with key partners
  • Serve as the primary point of contact for information security audits and assessments for business partners/third-party vendors, and represent IT/Engineering across these exercises
  • Provide information security training and awareness to employees
  • Report on the state of information security control environment to the Governance, Risk and Compliance Working Group 

Preferred Background:

  • 7+ years of experience in information security compliance or information security risk management in financial services
  • Experience with implementing an Information Security Risk Management and Compliance Program, including information security policies management, information security risk assessments, information security governance, information security training)
  • Able to communicate security-related concepts to a broad range of technical and non-technical staff. Acting as a bridge between IT and business process owners.
  • Certification is required, such as CISA, CISM or CISSP
  • Knowledge and experience in the following information security areas:
    • Information security assessment and auditing procedures, from both technical and business perspectives, and the use of formal methodologies such as NSA IAM
    • Vulnerability scanning and auditing tools
    • Network security
    • E-commerce application security
    • Computer investigation and forensics methods and technologies
    • Secure messaging architectures
  • Knowledge of regulatory bodies, and information security and privacy related regulations and/or guidance issued by these bodies such as the FDIC, CFPB, FinCEN and Federal Reserve Board
  • Knowledge of privacy laws, such as GLBA, Regulation P
  • Experience working with Mac Endpoint tools such as JAMF, IAM tools such as Okta/Duo, and security tools such as Sophos and Qualys.
  • Strong project or program management experience
  • Proven ability to collaborate cross-functionally and desire to work closely with other members of the team
  • Strong verbal and written communication skills
Read Full Job Description
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Technology we use

  • Engineering
  • Product
  • Sales & Marketing
    • GolangLanguages
    • JavascriptLanguages
    • FluxLibraries
    • ReactLibraries
    • ReduxLibraries
    • PostgreSQLDatabases
    • RedisDatabases
    • Google AnalyticsAnalytics
    • Heap AnalyticsAnalytics
    • LookerAnalytics
    • PythonAnalytics
    • RAnalytics
    • RedshiftAnalytics
    • IllustratorDesign
    • PhotoshopDesign
    • UsertestingDesign
    • FigmaDesign
    • ConfluenceManagement
    • JIRAManagement
    • TrelloManagement
    • HubSpotCRM
    • SalesforceCRM
    • MailChimpEmail
    • DatanyzeLead Gen


In the heart of the Flatiron district in between both Madison Square Park and Union Square Park.

An Insider's view of Bread

What are some social events your company does?

We love celebrating all that we can from our monthly happy hours, DI&B events to our summer/winter holiday parties. Our team is extremely thoughtful about how we gather together to ensure everyone is excited about and included in all we do. It fosters collaboration in a more strategic yet relaxed way which helps build relationships.


Head of Employee Engagement

What projects are you most excited about?

A typical day at Bread is different depending on the engineer. While some engineers enjoy more autonomy, I enjoy collaborating on projects with other engineers and coming up with great solutions together. We strike a balance between stability and innovation through code reviews and guest lectures. I feel supported in my career growth here at Bread.


Software Engineer

How does the company support your career growth?

Bread encourages us to empower ourselves from the very start of our careers by offering every employee a stipend to seek educational resources and support. If you envision a role we don’t currently offer, or aspire to transition internally, we aim to give you the tools needed to meet your goal.


Recruiting Coordinator

How do you collaborate with other teams in the company?

One of the great things about working at Bread is the cross-functional collaboration with other teams. As an integrations engineer, I have not only learned how to intentionally build a product in a thoughtful manner from the Engineering and Product teams, but also how to be effective in a client facing role from our Sales and Success teams.


Integrations Engineer

What are Bread Perks + Benefits

Bread Benefits Overview

100% Paid Health, Dental & Vision
Stock Options
Flexible Vacation Policy
Team Events
Weekly Lunches
Learning & Development stipend
Bi-monthly Yoga
Bi-monthly chair massage
Life events and milestone celebrations

Volunteer in local community
Partners with Nonprofits
Friends outside of work
Eat lunch together
Intracompany committees
Daily stand up
Open door policy
Team owned deliverables
Team based strategic planning
Open office floor plan
Dedicated Diversity/Inclusion Staff
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Wellness Programs
Team workouts
We have in office yoga once a week!
Retirement & Stock Options Benefits
Company Equity
Child Care & Parental Leave Benefits
Generous Parental Leave
Remote Work Program
Family Medical Leave
Company sponsored family events
Bread sponsors family oriented events annually.
Vacation & Time Off Benefits
Unlimited Vacation Policy
Paid Holidays
Perks & Discounts
Casual Dress
Commuter Benefits
Company Outings
Stocked Kitchen
Some Meals Provided
Employees get free lunch on Friday.
Happy Hours
Recreational Clubs
Relocation Assistance
Fitness Subsidies
Professional Development Benefits
Job Training & Conferences
Bread offers employees professional development opportunities like annual individual budget for training, the ability to attend job related conferences and seminars.
Diversity Program
Lunch and learns
Bread hosts lunch and learn meetings on occasion.
Promote from within
Continuing Education stipend
We offer $$$ annually for continuing education.
More Jobs at Bread3 open jobs
All Jobs
Design + UX
Dev + Engineer
New York
Design + UX
New York
New York
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.
Save jobView Bread's full profileSee more Bread jobs