Director, Corporate Security

Interested in working on cutting-edge blockchain technology and creating equitable access to the global financial system? Since 2014, the mission-driven team at the Stellar Development Foundation (SDF) has helped fuel the tremendous growth of the Stellar blockchain network, an open-source platform that operates at high-scale today. Developers and companies around the world build on it, and the SDF team is expanding to support the rapidly growing and changing Stellar ecosystem.

The Stellar Development Foundation (SDF) is looking for a talented, experienced, and hands-on corporate cybersecurity professional to join our team. In this senior managerial role, you’ll be shaping and implementing SDF’s corporate IT and cybersecurity strategy. You will oversee and coordinate information technology and security efforts throughout the organization and be an advocate for necessary changes in the cybersecurity posture as they arise. You will serve as a bridge between senior executives and the operational security team.

While this role pertains to our corporate IT infrastructure, you will report to our Chief Financial Officer and work closely with senior executives to ensure consistent policy development. You will work collaboratively with internal stakeholders, senior management, and external partners to enhance SDF’s corporate security posture and progress vital mitigation strategies.  On a daily basis, you will manage a team of 2 – 3 IT security professionals, ensure the functionality of the corporate IT security team, and execute the SDF cybersecurity strategy.

In this role, you will:

• Identify Cybersecurity Risks:
  • Maintain a comprehensive NIST CSF based cybersecurity risk management framework, ensuring alignment with relevant cybersecurity regulations and industry standards.
  • Support regular risk assessments to identify and evaluate cybersecurity threats, vulnerabilities, and potential impacts on the organization, and organize efforts to design and improve our security vulnerability management programs both proactively (audits, etc.) and reactively (patching policy, CVE tracking, etc.)
  • Ensure an accurate inventory of critical assets is maintained. 
  • Draft and review information security policies, standards and procedures. 
  • Oversee management of security reviews of third-party vendors and track surface area of risk for use of their products and integrations at SDF.
  • Work closely with the IT & engineering teams on security analyses using SIEM tools and vulnerability assessments. While improving or implementing solutions as needed.
• Communicate Risks and Mitigation Strategies:
  • Provide detailed, actionable reports on identified risks to executive leadership and decision-makers.
  • Develop and present risk mitigation options and recommendations that align with the organization's risk appetite and strategic objectives.
  • Integrate and coordinate security and security impacting functions (e.g., IT, HR) throughout the organization.
• Implement and Monitor Mitigations:
  • Oversee the implementation of approved cybersecurity mitigation strategies and solutions, including endpoint, cloud, and third-party security baselines.
  • Oversee the effective deployment of security tools, policies, and procedures to protect the organization’s assets and information, including resilient backup and recovery solutions. Develop roadmaps for improving and iterating on implemented security tooling and policy.
  • Continuously monitor the effectiveness of implemented controls, including via internal and/or external audits and penetration tests, and adjust strategies as necessary to address emergent risks.
• Respond to Security Incidents 
  • Track and document security impacting changes and exceptions to security policy and controls, approve, deny or escalate as required. 
  • Work within SDF’s incident response framework and ensure postmortem follow up is completed in a timely manner. 
  • Coordinate with internal and external stakeholders to ensure comprehensive incident response and recovery plans are in place and regularly tested.

You have:

• 10+ years of experience in enterprise IT and and corporate security 
• A Bachelor's or Master’s degree, or equivalent experience.
• Subject matter expert in cloud infrastructure and SaaS applications
• Extensive experience in a senior cybersecurity and/or IT leadership roles, including coordination with cross-functional teams, and effective collaboration with various stakeholders.
• Strong hands-on technical knowledge of cloud and enterprise platforms, security, security tools, and security architecture.
• Operational security experience, including incident response. 
• In-depth knowledge of cybersecurity frameworks, standards, and best practices (e.g., NIST, ISO 27001, CIS), threat analysis, and risk management.
• Strong communication skills to convey complex security concepts to non-technical stakeholders.
• Relevant certifications such as CISSP, CISM, or CISA.
• Knowledge of access control and identity management systems
• Experience with network protocols and secure network design
• A strong track record working in a collaborative environment
• Experience consulting with external vendors
• Experience with MITRE, NIST, OWASP frameworks

Bonus points:

• Experience working on open source projects
• Master's Degree in Computer Science and/or Information Technology 
• Participation in the crypto community
• Experience with security solutions like SEIM tooling, Wazuh, and audit tooling
• Experience in developing policies in collaboration with executive level roles

We offer competitive pay with a base salary range for this position of $195,000 - $235,000 depending on job-related knowledge, skills, experience, and location. In addition, we offer lumen-denominated grants along with the following perks and benefits:

USA Benefits/Perks:

• Competitive health, dental & vision coverage with most plans covered at 100% for the employee + any dependents
• Flexible time off + 15 company holidays including a company-wide holiday break
• Up to 12 weeks of paid parental leave for both non-birthing and birthing parents, as well as up to 14 weeks of paid pregnancy leave for birthing parents
• Gym reimbursement ($80 per month)
• Life & ADD (up to $50K)
• Short & Long term disability
• 401K with 4% match
• Health & Dependent Care FSA Accounts
• Commuter benefits with $250/month employer contribution
• Health Savings Account (HSA) with monthly employer contribution
• Family building benefits through Kindbody
• Wellbeing benefits (One Medical, Rightway, Headspace)
• L&D budget of $1,500/year
• Daily lunch and snacks in office
• Company retreats

About Stellar   Stellar is more than a blockchain. Powered by a decentralized, fast, scalable, and uniquely sustainable network made for financial products and services and a thriving and passionate ecosystem that includes a non-profit organization driven by a mission, Stellar is paving the path to unlock the world’s economic potential through blockchain technology. Built with speed and low costs in mind, the Stellar network provides builders and financial institutions worldwide a platform to issue assets, and to send and convert currencies in real time creating real world utility. Founded in 2014, the Stellar Development Foundation (SDF) supports the continued development and growth of the Stellar network and also serves the ecosystem of NGOs, corporations, universities, small businesses, governments, and solo entrepreneurs building on the Stellar network through tooling, funding and strategic collaborations. Together, Stellar is where blockchain meets the real world.   About the Stellar Development Foundation   The Stellar Development Foundation (SDF) is a non-profit organization focused on working with and supporting changemakers to create equitable access to the global financial system through blockchain technology. SDF provides grants, investments, funding, and other awards to builders and organizations. SDF also develops resources and tooling on the Stellar network to help unlock real world utility. As a nonprofit foundation, SDF puts the health of the Stellar network and the Stellar ecosystem and its mission above all else.   We look forward to hearing from you!   Privacy Policy   By submitting your application, you are agreeing to our use and processing of your data in accordance with our Privacy Policy.   SDF is committed to diversity in its workforce and is proud to be an equal opportunity employer. SDF does not make hiring or employment decisions on the basis of race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other basis protected by applicable local, state or federal law.