Head of Security
New York City
Full Time Executive-level / Director USD 170K - 225K
January
Changing debt collection. For good. Learn how January uses machine learning to recover debt collections faster and maintain world-class borrower satisfaction.At January, we're transforming the lives of consumers by bringing humanity to consumer finance. Our data-driven products help financial institutions streamline their collections, offering borrowers straightforward and compassionate solutions to regain financial stability and control over their lives. We're not just expanding access to credit – we're restoring dignity and giving millions of people the chance to achieve financial freedom.
About the Role
As our Head of Security, you'll help us maintain and radically improve a proactive security posture that ensures compliance with industry standards, mitigates real risks, and enhances client confidence in how we handle sensitive data. This role will report directly to the Director of Engineering; expect to drive strategic security initiatives, implement effective monitoring and response systems, and foster a culture of security awareness and excellence within the organization.
What You’ll Work On
Security Leadership
Define and execute January's comprehensive security strategy aligned with our mission.
Lead and build a security team as we grow, fostering a culture of security and excellence.
Act as the principal security advisor to senior management, providing insights and recommendations on security matters.
Strategic Security Planning
Develop and maintain a robust security framework to protect client data, ensure system integrity, and safeguard our technology infrastructure.
Create a security roadmap that aligns with our long-term business objectives and technological advancements.
Risk Management & Compliance
Conduct regular risk assessments to identify vulnerabilities and develop strategies to mitigate them.
Ensure compliance with financial regulations such as SOC2, GDPR, and PCI_DSS, and manage audit processes to maintain regulatory standards.
Stay updated on changes in regulatory requirements and adjust security practices accordingly.
Operational Security Oversight
Oversee daily security operations, including monitoring, incident response, and forensic investigations.
Develop and enforce security policies, standards, and guidelines to ensure a secure operational environment.
Lead the response to security incidents, conducting thorough investigations and implementing corrective actions.
Integration of Security into DevOps & Development
Collaborate with our development and DevOps teams to integrate security into the software development lifecycle (SDLC), ensuring secure coding practices and rapid, secure delivery of solutions.
Automate security processes and incorporate security testing into CI/CD pipelines.
Training & Security Culture
Develop and implement security awareness programs to educate employees about security best practices and foster a culture of security across the organization.
Mentor and support future security hires, developing their skills and promoting a collaborative approach to security.
Technology & Vendor Management
Evaluate and recommend security tools and technologies to enhance our security capabilities.
Manage relationships with security vendors and service providers, ensuring they meet our security requirements.
What You Bring to the Table
Experience:
7-10 years of experience in security roles, with at least 3 years in a leadership or senior technical position.
Proven experience in leading and managing security teams, preferably within the financial sector or a startup environment.
Demonstrated success in developing and implementing security strategies and managing complex security projects.
Technical Expertise:
Deep knowledge of security principles, protocols, and technologies.
Extensive hands-on experience with security tools such as firewalls, IDS/IPS, SIEM, encryption, and vulnerability management.
Proficiency in cloud security (AWS, Azure, or Google Cloud) and securing cloud-native applications.
Strong coding or scripting skills (e.g., Python, Shell scripting) for automating security tasks.
Expertise in network security, endpoint protection, and application security.
Regulatory Knowledge:
In-depth understanding of financial regulations, including SOC2, GDPR, and PCI-DSS.
Experience conducting compliance audits and managing regulatory documentation and reporting.
Leadership & Soft Skills:
Exceptional leadership skills with a track record of building and mentoring security teams.
Strong problem-solving and analytical abilities, capable of navigating complex security challenges.
Excellent communication skills, with the ability to effectively convey security concepts to both technical and non-technical stakeholders.
Ability to thrive in a fast-paced, dynamic startup environment.
Passion for continuous learning and staying up-to-date with the latest in cybersecurity trends and technologies.
We are currently hiring for this position in our New York office.
As a New York City-based company, we are dedicated to transparent, fair, and equitable compensation practices that reflect our commitment to fostering an environment where all team members are valued and supported. We encourage individuals from all backgrounds to apply.
We are an equal opportunity employer committed to diversity and inclusion in the workplace. We do not discriminate based on race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, age, veteran status, or any other legally protected characteristic.
Tags: Application security Audits AWS Azure CI/CD Cloud Compliance DevOps Encryption Finance Firewalls GCP GDPR IDS Incident response IPS Monitoring Network security Python Risk assessment Risk management Scripting SDLC Security strategy SIEM SOC 2 Strategy Vendor management Vulnerabilities Vulnerability management
Perks/benefits: Career development Startup environment
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.