Allocate

Information Security Lead

Allocate

full-time

Posted on:

Location Type: Remote

Location: CaliforniaMassachusettsUnited States

Visit company website

Explore more

AI Apply
Apply

Salary

💰 $175,000 - $195,000 per year

Job Level

Senior

About the role

  • Own and evolve the GRC program in partnership with Legal and our CCO
  • Lead all efforts to achieve and maintain critical compliance certifications (SOC 2, potentially ISO 27001)
  • Manage external SOC2 audits and coordinate with third-party auditors (currently 4-6 week intensive periods annually)
  • Conduct quarterly user access reviews and maintain comprehensive access control documentation
  • Develop, maintain, and enforce clear, practical security policies across all departments
  • Work cross-functionally with IT and HR to ensure consistent policy adherence
  • Monitor compliance with laptop MDM requirements, 2FA, policy attestations, and security training
  • Develop and execute a comprehensive information security roadmap aligned with business objectives
  • Lead the organization's migration to a Zero Trust security approach
  • Select, implement, and manage endpoint detection and response (EDR) solutions
  • Oversee relationship with our managed IT service provider
  • Conduct vendor security reviews, risk assessments, and ongoing monitoring
  • Develop and execute security awareness training programs for all employees

Requirements

  • 5+ years of experience in information security, with at least 2 years in a leadership or senior individual contributor role
  • Experience in fintech, banking, healthcare, payments, or other highly regulated industries
  • Proven track record managing SOC 2 compliance, including audit preparation and evidence gathering
  • Deep understanding of GRC frameworks and compliance requirements for fintech companies
  • Experience developing and enforcing security policies in a rapidly growing organization
  • Strong knowledge of endpoint security, including EDR solutions and mobile device management
  • Experience conducting vendor security assessments and managing third-party risk
  • Hands-on experience with security tools and technologies (SIEM, EDR, vulnerability management, etc.)
  • Demonstrated ability to work cross-functionally with Legal, HR, Engineering, and Product teams
  • Excellent written and verbal communication skills, with the ability to explain complex security concepts to non-technical stakeholders
  • Strong project management skills and ability to manage multiple initiatives simultaneously
  • Experience working with managed IT service providers or in-house IT teams
  • Ability to travel to our Palo Alto and/or NYC on a quarterly basis
Benefits
  • Medical
  • Dental
  • Vision
  • 401(k)
  • Responsible time off
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
information securityGRC frameworksSOC 2 compliancesecurity policiesendpoint securityEDR solutionsmobile device managementvendor security assessmentsrisk assessmentssecurity awareness training
Soft Skills
leadershipcross-functional collaborationwritten communicationverbal communicationproject managementability to explain complex conceptsorganizational skillsability to manage multiple initiatives
Certifications
SOC 2ISO 27001