Director of Security and Compliance at Lob
About the role
Lob is looking for a strategic leader with excellent stakeholder management skills, who can create and deliver a holistic and compelling approach to security, governance, risk and compliance (GRC). The Director of Security & Compliance will drive transformational change in how we manage security risks across the company’s business functions and associated Lob products. The role requires strategic vision, the ability to influence change and a coherent understanding of how security data can be leveraged to empower leadership teams across the business.
The ideal candidate would be someone who can adeptly build frameworks for security governance, embed threat-based risk assessments processes and also elevate cyber security within the business. You will be responsible for leading a team of security and compliance professionals who are responsible for security and compliance needs across the business (including, but not limited to SOC2, ISO 27001, HIPAA, GDPR, CCPA).
We offer remote working opportunities in California and New York. You can also work onsite at our San Francisco headquarters.
As the Director of Security & Compliance, you’ll...
- Lead the security engineering and GRC teams for the organization to include recruiting, hiring, training and developing excellent talent.
- Provide advice and direction to executive leadership in the integration of security practices into the organization’s strategic goals.
- Establish clear and measurable strategic information security goals, roadmaps, OKRs, budgets, metrics, KPIs, etc. to drive measurable improvements that align with business initiatives and goals.
- Work closely with internal and external stakeholders to stay informed of planned changes to tools, services, processes, etc. that could impact the organization’s information security posture and help guide those changes to ensure they adhere to regulatory, contractual and audit requirements and follow industry standards.
- Develop and maintain an effective Information Security Management System to guide the organization to ISO 27001 certification.
- Liaise with various teams (e.g. legal, sales, engineering, etc.) during the sales cycle to review contracts, complete RFPs, respond to due diligence questionnaires, participate in sales calls with the customer, etc. as needed to help the organization meet their goals.
- Author operational and intelligence reports for business partners and executive leadership to keep everyone up-to-date on changes in industry standards, audit requirements, threats, vulnerabilities, security trends, etc. that would impact the security and compliance of the organization.
- Oversee the coordination and execution of external and internal audits and communicate the outcomes of those audits to business partners and executive leadership to include providing guidance on how to improve current processes or the creation of new processes to ensure continued success on future audits.
- Oversee the development, revision and dissemination of information security policies and procedures to ensure adherence to contractual, audit and regulatory (e.g. CCPA, GDPR, HIPAA, etc.) requirements.
- Oversee the vendor management process to include assisting the legal team and other business partners define security requirements for the organization’s third party vendors and partners.
- Oversee the implementation and administration of security tools and services.
- Stay up-to-date on new security technologies and industry best practices and drive improvements as needed.
What you will bring to this role…
- 10+ years of experience in a leadership role.
- 10+ years of experience in security engineering and/or GRC.
- Extensive knowledge and experience with regulatory requirements (e.g. GDPR, CCPA, HIPAA, etc.), various security frameworks (e.g. SOC 2, ISO 27001, NIST CSF, CIS, OWASP, etc.) and risk frameworks or standards (e.g. NIST 800-39, FAIR, ISACA Risk IT, ISO 31000, etc.).
- Experience identifying, evaluating and managing risks.
- Experience securing Software-as-a-Service (Saas) and cloud (Azure, AWS, Rackspace, etc.) environments.
- Experience with a sales driven organization as well as partnering with sales and legal to review contracts and complete RFPs to close deals as well as completing industry recognized security assessments (e.g. CAIQ, VSA, SIG, etc.).
- Experience directing and managing audits (e.g. ISO 27001, SOC 2, HIPAA, etc.).
- Experience with third party vendor management programs.
- Experience managing budgets, setting OKRs, building roadmaps, establishing KPIs, etc.
- Experience with or knowledge of GRC and security engineering technologies and services such as firewalls, IDS/IPS, identity and access management, email security, web proxies, vulnerability scanners, SIEM, DLP, compliance management solutions, etc.
- Proven experience engaging and collaborating with stakeholders across the organization to build secure processes and procedures.
- Experience authoring, reviewing and maintaining information security related policies and procedures.
Lob was built by technical co-founders with a vision to make the world programmable. We offer two flagship APIs (print & mail and address verification) that enable companies to send postal mail as effortlessly as sending emails. Lob is venture-backed by the most reputable investors in tech, and we are rapidly growing our team to shape the future of our company and meet the demands of a quickly growing customer base and dynamic product offerings.
We give our employees a lot of responsibility and ownership of their work. You will have fun at work while engaging in challenging projects with the best and brightest.
Health benefits for you and your dependent(s)
Medical Flexible Spending Accounts (FSA)
Unlimited vacation policy
Wellness program (includes monthly stipend or free Barry’s Bootcamp classes!)
Paid parental leave
Commuter & Parking benefits (includes monthly stipend) for those based out of our San Francisco office
Free lunch, snacks and dinner when working at our San Francisco office
Dog-friendly San Francisco office
Allowance for in-person team meetings (all flights and accommodations covered) for those not based out of our San Francisco office
Home-office setup and phone/internet stipend for those not based out of our San Francisco office
Ground floor opportunity as an early member of the Lob team; you’ll directly shape the direction of our company
Our Commitment to Diversity
Lob is an equal opportunity employer andvalues diversity ofbackgrounds and perspectives to cultivate an environment of understanding to have a greater impact on our business and customers. We encourage under-represented groups to apply and do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or criminal history in accordance with local, state, and/or federal laws, including the San Francisco’s Fair Chance Ordinance.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
#86 on Y Combinator's Top Private Companies List 2021
BuiltIn Best Midsize Companies to Work For 2021
2020 Inc 5000 List of the Fastest-Growing Private Companies
2019 Timmy Awards - Best Tech Workplace for Diversity, Community Favorite in the Bay Area
Deloitte’s 2019 Technology Fast 500
Why you should join Lob
Lob is automating the offline world. Businesses use Lob’s APIs to programmatically create and deliver transactional and marketing direct mail—turning it from a slow, manual process into a timely, relevant, and personalized communication channel. Lobsters—employees at Lob—enjoy a relaxed work environment where curiosity is harnessed for professional and personal growth.
Founded in 2013 and based in San Francisco, Lob is venture-backed by Y Combinator, Polaris Partners, Floodgate, and First Round Capital.