Senior Director, Information Security (Remote, US)
Openly is rebuilding insurance from the ground up. We are re-envisioning and enhancing every aspect of the customer experience. Doing this requires a rapidly growing team of exceptional, curious, empathetic people with a wide range of skill sets, spanning technology, data science, product, marketing, sales, service, claims handling, finance, etc.
Now is the perfect time to join the journey. Here’s why
- It’s working. We’re in multiple states and on our way to operating countrywide. We have thousands of agents selling our product and millions of dollars of annual customer premiums.
- We’re well-backed & stable. We closed our $100M Series D fundraise. We are supported by some of the top investors globally, including Google’s “Gradient” AI-focused fund, Obvious Ventures, Advance Venture Partners, Eden Global Partners, and Clocktower Technology Ventures.
- It’s not too late! Despite this traction and stability, we’re still early enough in the journey that there’s time to make a real difference during Openly’s formative period.
As the Senior Director of Information Security, you will build our security structure from the ground up and establish our security footprint to fit the needs of a growing organization. You will do this by working closely with cross-functional teams to identify potential risks and develop strategies to mitigate them. You will establish security policies, procedures, and guidelines, and enable compliance throughout the organization. In this role, you will apply a risk-informed approach to security and compliance, enabling the business to operate in safe and secure ways.
- Develop and execute a comprehensive information security strategy that aligns with the organization's business goals and objectives.
- Collaborate closely with the VP of Engineering, VP of Legal and Compliance, IT Director, and CTO on security strategy
- Provide oversight for security governance and risk management, including risk assessments, vulnerability management, and incident response planning.
- Develop and implement an incident response plan, including detection, containment, mitigation, and recovery strategies.
- Promote a culture of security awareness throughout the organization by conducting training sessions and awareness campaigns.
- Provide regular updates and reports to senior management and stakeholders on the state of information security within the organization.
Policy and Compliance:
- Establish and maintain information security policies, standards, and procedures in compliance with relevant industry regulations (e.g., GDPR, PCI DSS, state Insurance Data Security laws) and best practices.
- Coordinate and oversee internal and external security audits, assessments, and penetration testing activities.
- Evaluate and implement security technologies and solutions to protect the organization's assets.
- Evaluate and manage security risks associated with third-party vendors and service providers.
What You’ll Bring
- Experience establishing a security program from the ground up to fit growing business needs as an individual contributor and leader
- Proven management abilities
- Experience guiding and growing teams of teams, balancing security, compliance and engineering needs with the needs of the business.
- Demonstrated ability to leverage resources and teams to deliver multiple projects from start to finish in reasonable overlapping time frames
- Experience developing a strategy or roadmap for your teams
- Defaults to a collaborative mindset to work with multiple stakeholders to maximize our resources
- No Egos - focuses on the best outcomes for the security, engineering, and IT teams and the company over ownership of any particular project, process, or people, demonstrating high engagement and low attachment
- Passion for fostering DE&I to build effective, capable teams
- Comfortable making decisions, owning and being accountable for results
- A high level of comfort navigating and making decisions and recommendations in environments of ambiguity
- Bias towards action over perfection
- Ability to juggle both a long term investment approach and an iterative approach to address immediate needs while understanding long term implications.
- When presented with a complex problem, process, or existing system, you can consistently reduce the complexity to get more done with less work.
- Typically requires 10+ years of experience across management and security domains
- Familiarity and willingness to work with Agile methodologies
- Excellent written and verbal communication
- CISSP, CISM, or other cybersecurity certifications preferred, but not required
- Working knowledge of one or more public cloud technologies (AWS, Azure, Google Cloud) and information security in a hybrid cloud environment
- Risk management experience
- Familiarity with PCI Data Security Standards and other financial industry-accepted security standards and frameworks
- Working knowledge of PAM, SIEM, SSO, WAF, endpoint detection, and email threat management technology
- Proficient with network and application security tools and best practices
Our stack (for reference)
We do not expect competency in this stack to be successful, but awareness in security concerns associated is a plus:
- Backend/Core: Go & Postgresql
- Frontend: Browser-based, VueJS, Webpack, Nuxt &, Tailwind
- Research/Data Science: R, ArcGIS, H2O, & Python
- Infrastructure: Google Cloud, specifically Cloud Run, Cloud Build, and CloudSQL, managed with Terraform. We use GitHub for code hosting and CircleCI for running our CI/CD pipelines.
- Remote work tools: Slack, Zoom
Benefits & Perks
- Remote-First Culture - We supported #remotelife long before it was a given. We'll keep promoting it.
- Competitive Salary & Equity
- Comprehensive Medical, Dental, and Vision Plan Offerings
- Life and disability coverage including voluntary options
- Competitive PTO - 20 days and 11 paid holidays (including floating holidays) per year under the Company’s vacation and holiday policies.
- Parental Leave - 12 weeks paid for eligible employees
- 401K Company Contribution - Openly contributes 3% of the employee's gross income, even if the employee does not contribute.
- Work-from-home stipend - We provide a $1,500 allowance to spend on setting up your home workplace
- Annual Professional Development Fund: Each employee has $2,000 in professional development (PD) funds to spend on activities or resources annually. We want each Openly employee to achieve personal and professional success and to feel supported, confident, and informed about improving their efficiency and productivity.
- Be Well Program - Employees receive $50 per month to use towards your overall well-being
- Paid Volunteer Service Hours
- Referral Program and Reward
Depending on position, Employees generally are eligible for cash incentive compensation, including commissions for sales eligible roles. In all cases, eligibility for compensation and benefits is subject to applicable plan and policy terms in effect from time to time.
U.S. Citizens, Green Card Holders, and those authorized to work in the U.S. for any employer and currently residing in the US will be considered.
Openly is committed to equal employment opportunity and non-discrimination for all employees and qualified applicants without regard to a person's race, color, sex, gender identity or expression, age, religion, national origin, ancestry, ethnicity, disability, veteran status, genetic information, sexual orientation, marital status, or any characteristic protected under applicable law. Openly is an E-Verify Employer in the United States. Openly will make reasonable accommodations for qualified individuals with known disabilities under applicable law.