Director of Security (CISO)

Description

Empathy supports individuals and families in need through partnerships with financial institutions, life insurers, and employers.

We're looking for a Director of Security to build and lead our security and compliance function from the ground up. This is a unique opportunity to shape security at a fast-growing B2B2C startup backed by top-tier investors and led by experienced founders with a strong track record of successful exits.

Reports To: CTO

As our first dedicated security hire, you’ll be responsible for defining and executing our security strategy, owning compliance initiatives (SOC 2, ISO 27001), and serving as a key advisor to leadership, customers, and internal teams.

In this role you will

• Lead risk management and mitigation across the organization.
• Act as the face of security with our customers – supporting sales, handling security questionnaires, and building trust with enterprise clients in regulated industries (finance, insurance, employers).
• Define and clearly communicate our security posture to both internal and external stakeholders.
• Work cross-functionally with Legal, Engineering, IT, and People to implement security tools, policies, and processes.
• Own and evolve our security and compliance programs (SOC 2, ISO 27001, etc.).
• Help shape our IT and access control posture (alongside the first IT hire).
• Build a scalable foundation for a growing security function.

Why join us?

• Backed by leading VCs with multiple funding rounds closed quickly.
• Led by serial entrepreneurs with a history of successful startups and acquisitions.
• Growing fast (130+ employees globally) with exciting B2B2C traction.
• You’ll report directly to the CTO and work closely with Legal, Engineering, IT, and People teams.
• Full ownership of security, with the potential to grow into a VP-level role and build a team over time.

Requirements

• 5+ years in security roles, ideally with recent experience at a startup or scale-up.
• Experience in one or more of the following: GRC, AppSec, Risk Management, or as a Deputy CISO.
• Strong communicator with a customer-facing presence and excellent written/spoken English.
• Experience working directly with enterprise clients in regulated environments.
• Familiarity with cloud-native environments (especially AWS) and SaaS platforms.
• Startup mentality – you’re comfortable wearing multiple hats, taking initiative, and building from scratch.
• Ability and aspiration to grow into a leadership role and eventually build and lead a security team.

Bonus points for:

• Experience integrating security into the SDLC or CI/CD pipeline.
• Familiarity with access management tools, security awareness training, and vendor risk assessment.
• Previous ownership of SOC 2 or ISO 27001 audits.