Location: Santa Clara, CA (4 days onsite)
Total Compensation: $200,000-$300,000
Role SummaryWe are seeking a Director of Information Security to lead and strengthen Eltropy's security architecture, operational security program, IT security governance, and product security practices. This role will work closely with Engineering, DevOps and Product teams to build a scalable and resilient security foundation for a high growth SaaS Fintech.
This is a leadership role for someone who can operate strategically while also bringing strong hands-on experience across security operations, cloud and infrastructure security, product security, vulnerability management, and modern security governance. The role will lead the company's overall security posture across internal systems and enterprise operations, while partnering with Engineering and Product teams to embed security into the design, development, and operation of our platform, including AI-enabled capabilities.
Responsibilities- Define and enhance Eltropy's security architecture across cloud infrastructure, identity and access, endpoint security, logging, monitoring, and data protection.
- Lead the operational security program, including incident response processes, security runbooks, monitoring, and escalation frameworks.
- Strengthen identity and access governance, including role-based access controls, privileged access management, joiner/mover/leaver processes, and periodic access reviews.
- Oversee endpoint security, asset inventory, and IT security governance across the organization.
- Lead business continuity and disaster recovery planning, readiness, and testing.
- Partner with SRE / DevOps, Engineering, and Product teams to govern product security for the SaaS platform.
- Establish and maintain a secure development framework, including secure SDLC practices, secure coding standards, threat modeling, code scanning, security reviews before release, and developer security training.
- Oversee the vulnerability management program across applications, cloud infrastructure, endpoints, and third-party dependencies.
- Manage remediation tracking for annual penetration tests and coordinate with Engineering and relevant teams on remediation efforts.
- Define and strengthen security and governance controls for internal AI tool usage and AI-enabled product capabilities.
- Develop practical guardrails for AI security, customer data privacy, and responsible use of AI technologies across internal and customer-facing environments.
- Partner cross-functionally to provide visibility to leadership on security risks, remediation priorities, and program maturity.
Required Qualifications- 10+ years of experience in cybersecurity, information security, security engineering, or related roles, including leadership responsibility.
- Experience in a SaaS environment with responsibility across multiple security domains such as security operations, cloud security, IT security, identity and access management, or product security.
- Strong hands-on experience with incident response, vulnerability management, endpoint security, identity and access controls, and centralized logging and monitoring.
- Experience partnering with Engineering and DevOps teams to strengthen cloud and application security.
- Experience establishing or improving secure development practices, including secure SDLC, threat modeling, code scanning, and release security reviews.
- Experience coordinating remediation of security findings, including penetration test findings and vulnerability management activities.
- Demonstrated ability to lead cross-functionally and influence technical, operational, and compliance stakeholders.
- Strong written and verbal communication skills, including the ability to clearly communicate risks, priorities, and recommendations to senior leadership.
Preferred Qualifications- Experience in fintech, regulated SaaS, or environments serving financial institutions.
- Experience working in organizations with SOC 2 or similar security and compliance frameworks.
- Experience with business continuity and disaster recovery planning and testing.
- Experience with AI security, AI governance, or security review of AI-enabled product capabilities.
- Familiarity with data protection and privacy considerations in customer-facing SaaS environments.
- Experience building or scaling security programs in a high-growth company.
