Director of Information Security

Full-time • Hybrid • USA • up to $180K per annum

Eligibility: Must be based in the USA and authorised to work. Unfortunately, we cannot sponsor visas.

About Us

Novata is a public benefit corporation created and funded by a unique consortium of foundations and private sector companies including the Ford Foundation, the Omidyar Network, S&P Global, and Hamilton Lane. We are a for-profit, mission-driven company with a goal of empowering the private markets to build a more inclusive and sustainable form of capitalism. By bringing together the brightest minds in financial data, private equity, social justice and inclusive capitalism, we aim to build the best technology and tools for the private markets to better collect, analyze, benchmark, and report ESG (Environmental, Social, Governance) data. We have an experienced and diverse team who are as ambitious about growing a successful company as we are about making an impact. We hope you’ll join us.

What We’re Seeking

• Cybersecurity Expertise: At least 8 years leading cybersecurity, detection, response programs, or corporate security initiatives, with experience defending large-scale web and cloud infrastructure.
• Leadership: 4+ years managing teams, including individual contributors and managers, with a proven ability to guide performance and foster career growth.
• Incident Response: Strong experience across the incident response lifecycle, including threat detection, SIEM tools, and integrating threat intelligence.
• Technical Skills: Proficiency with security infrastructure (e.g., SIEM systems, firewalls, identity management, vulnerability management) and corporate security tools like endpoint and SaaS protection.
• Security Operations: Familiarity with product security, software development life cycles, and digital forensics techniques, such as malware analysis and network forensics.
• Communication: Exceptional written and verbal skills, with empathy and a talent for advocating for your team.
• Cross-Functional Collaboration: Comfortable working across departments, including engineering, external response teams, and law enforcement, to resolve incidents.
• Executive Engagement: Skilled in briefing senior leaders, legal counsel, and public relations during security incidents.
• Compliance and Risk Management: Knowledge of managing bug bounty programs, vendor risk, and security-related customer inquiries.

Requirements

Team Leadership: Create a supportive environment, provide performance feedback, and guide team members’ professional growth.

Strategic Oversight: Set the team’s vision, prioritize goals, and ensure alignment with company objectives.

Incident Management: Lead the response to security incidents, take decisive action, and identify priorities to resolve crises.

Risk and Improvement: Conduct root cause analyses to address issues, define risks, and develop solutions for continuous improvement.

Security Practices: Promote robust security processes across the company and ensure alignment with best practices.

Compliance Readiness: Oversee security program readiness for SOC 2 and ISO 27001 certifications.

Policy Development: Create and maintain security policies, standards, and controls to support a strong security framework.

Audit Management: Manage the information security audit and compliance schedule to meet certifications and internal standards.

Vendor Risk: Lead risk assessments for vendors and technology partners to meet customer security obligations.

Customer Support: Address customer inquiries, contracts, and RFPs related to security and data privacy.

Resource and Vendor Management: Oversee team budgets, external vendor relationships, service provider contracts, and third-party contractors and consultants to ensure optimal resource utilization and alignment with organizational goals.

Incident Oversight: Participate in on-call rotations and streamline incident management processes.

Remediation Plans: Develop blameless mitigation plans to restore systems after incidents.

Collaboration: Work closely with legal, privacy, and product security teams to address risks and ensure compliance.

Experience using a Governance, Risk, and Compliance (GRC) system.  Familiarity with Secure Email Gateway (SEG), Data Loss Prevention (DLP), Cloud Application Security Broker (CASB), Endpoint Detection & Response (EDR), and Mobile Device Management (MDM) systems. 

Benefits

• A base-salary up to $180k per annum depending on your experience, plus stock options.
• Hybrid approach to working, with regular co-working days in our New York office
• Comprehensive health benefit packages (medical, dental, vision and pension)
• Robust leave policies (PTO, parental leave, VTO)
• Opportunities for personal and professional development

Why Join Us?

Novata is a mission-first company built to enable the private markets to drive more impact.  We are at the unique intersection of ESG, the private markets, and mission driven impact.  We are well-funded, have a top tier executive leadership team and members of our leadership team have been globally recognised for their success as leaders of large public companies, founders of successful startups, leaders of established ESG organisations, and builders of robust tech platforms. We are passionate, highly motivated, and experienced individuals who embrace our diverse backgrounds. Together, we will become the platform of choice and a catalyst for a change in the way business is done.