In this position you will have tremendous impact and bring ideas about how to take our Cybersecurity team to the next level. You will oversee a group of ten direct reports within Security Platform Engineering, Application Security and Technology Risk. While not a ground up build, there is still a ton of opportunity to grow our practice with a brilliant, energized group.
As the Sr Director, Cybersecurity at OnDeck, you will:
- Build the overall risk profile of our company and create a plan towards reducing risk exposure in an agile, collaborative, and well socialized manner.
- Establish the risk tolerance for the company with executive management.
- Define governance and policies to ensure information assets are adequately protected without severely impacting innovation and operation.
- Lead relevant regulatory compliance and audit initiatives.
- Define best practices for S-SDLC and lead a team that can work with application developers towards those goals.
- Work with technology and other stakeholders on threat and incident response, remediation and communication.
- Ensure vendors are appropriately vetted and comply with relevant security policies, controls and regulations.
- Leverage vendors and external partners where appropriate to meet the needs of the organization.
- Manage a Security and Technology Risk team that is responsible for Information Security; Risk Management; Security Operations; Policy; Application Security; Security Risk including DLP and Vendor risk, Threat prevention, identification and mitigation; encryption policies and implementations.
Necessary qualifications for success:
- Interoffice travel from NY to VA or vice versa to partner with Development, IT, QA, and DevOps teams as necessary for critical projects and relationship-building
- Some weekends or after-hours work may be necessary for incident management
- Able to create and run a holistic Information Security program that aligns with OnDeck’s growing needs.
- Ability to assess and evaluate corporate risk tolerance and translate into goals and policies for the corporation, including software engineering, IT teams, and other relevant stakeholders.
- Ability to build a security team focused on Security Ops, Policy management, Application Security, Technology Risk Management.
- Prior experience creating monitoring for security threats, and a process to respond to questionable events with appropriate and known SLA’s.
- Ability to analyze internal and external processes and integration to understand risk.
- Understanding of relevant audit and control standards and the ability to drive and maintain the compliance initiative across the organization.
- Experience managing a team of security experts in a diverse set of security topics including, but not limited to, security architecture, financial controls and regulatory compliance, identity and access management, penetration testing, data loss prevention, network security, security monitoring, white box testing/static code analysis, and building secure systems.
- Experience with Security Information Event Management systems, particularly Splunk Enterprise Security
- Experience with Amazon Web Services (AWS) and securing technologies such as EC2, RDS, S3, etc
- Experience with risk management methodologies such as, but not limited to, FAIR.
- Experience with security vendors such as, but not limited to: Thales, zScaler, FireEye, Okta, Sailpoint, EnCase, exaBeam, Securonix, Tenable, Rapid7, Splunk, Vormetric, Imperva, etc
- Bachelor's Degree or higher (or equivalent experience). Computer Science/Engineering major is preferable.
- Strong understanding of Network protocols such as TCP/IP, DNS, VPNs (IPSEC), and wireless security technologies (PEAP, WPA, etc).
What we offer you:
- Medical, dental, vision, and life benefits from day one.
- Paid/flexible sick-leave, vacations, and holidays so you can take off the time that you need when you need.
- Up to four months paid parental leave for all new parents. Adoption assistance with reimbursement of up to $5K. We want you to have time to bond with your new bundle of joy.
- We’ll match your 401(k) contributions and offer a discount through our Employee Stock Purchase Plan. All to complement your personal financial strategy.
- We want to help advance your career. Take classes relevant to your job and the first $5K is on us.
- Enjoy our annual company summer party, holiday party and department quarterly outings.
- Our partnership with SoFi gives you access to student loan refinancing, personal loans and even mortgages.
- We work hard, we play hard. Build or join an OnDeck intramural club, group, and/or sports team and be part of our OnDeck Community.
- Fully stocked kitchens with free snacks & drinks.
OnDeck Stats & In the News:
- In 2015, OnDeck & JP Morgan Chase partner to offer small business loans, named the biggest deal in the history of marketplace lending
- Our first $3 billion in loans led to 74,000 jobs and $11 Billion in U.S. economic impact.
- On December 17, 2014 OnDeck rings in the biggest NYC tech IPO since 1999
- OnDeck was New York’s largest VC-backed tech exit ever
Awards we've received:
- com and Great Place to Work 100 Best Workplaces for Millennials, 2015
- Fortune/Great Place To Work Great Rated! People’s Picks: 20 Great Workplaces in Financial Services, 2015
- Crain’s New York Best Places to Work, 2013, 2014, 2015
- Colorado SHRM Best Companies to Work For in Colorado, 2015
- Built in Colorado, Top 100 Digital Companies in Colorado, 2015
- Forbes’ America’s Most Promising Companies, 2013, 2014
- Selling Power Magazine Best Company to Sell For, 2013, 2014, 2015
- 500|5000, 2013, 2014
- Crain’s New York Business Fast 50, 2013, 2014