Head of Information Security
Zip is tackling the $50B+TAM space to transform the way businesses manage spend. Our co-founders started Zip (YC S2020) because they saw the challenges companies had using outdated 20 year old software to manage hundreds of millions of dollars in spend every year. We invented the world’s leading Intake-to-Procure solution to bring a consumer grade user experience to B2B purchasing. And, we’re just getting started.
We're a fast growing team that helped scale category-defining companies like Airbnb, Facebook, Salesforce, Apple, Quora, Pinterest, and Square. With $180 million in funding from YC Continuity (Y Combinator), CRV and Tiger Global, we're valued at $1.5 billion in just 3 years. In today's economic climate, the value we offer our customers is more critical than ever and our business is accelerating. We're growing quickly and need your help!
Zip is building the future of B2B spend. As Zip’s Head of Information Security, you will be responsible for ensuring Zip’s enterprise systems and data are secure, overseeing security strategy, and managing and mitigating risk. You will lead a team of security professionals to ensure the confidentiality, integrity, and availability of data in corporate IT systems. Additionally, you will collaborate with other senior leaders to ensure compliance with regulatory requirements and maintain a strong security posture. This is a hybrid position - you should plan to come in-person to our San Francisco headquarters two days a week.
- Develop and implement security policies and procedures to meet compliance and regulatory requirements
- Measure and report on information security posture to keep senior stakeholders informed
- Develop strong relationships across the business including Product, Engineering, IT, Compliance, Legal Finance, and HR to drive cross functional security initiatives
- Collaborate and align on risk appetite with senior stakeholders and BoD
- Support customer relationships by ensuring Zip meets the security and privacy standards of global enterprises, occasionally interfacing directly with customers to convey Zip’s InfoSec capabilities
- Build the InfoSec organization
- Build executive reporting/dashboards of current and historical security metrics
- Establish vulnerability management, incident response, disaster recovery, security champions, and other programs to mitigate risks
- Implement and maintain different Information Security compliances, such as SOC 1 & 2, GDPR, HITRUST, ISO 27001
- Monitor the external environment for emerging threats, and advise relevant stakeholders on appropriate course of action
- Conduct global security training and awareness
- Bachelors in Computer Science, Information Security, Information Management Systems, or related field
- 8+ years of experience in relevant positions in Information Security, IT, and Engineering
- 4+ years in leadership roles within enterprise security (IT, network, systems, application & cloud security)
- Hands-on experience in conducting audits and implementing security and compliance controls
- Strong knowledge of SOC 1, SOC 2, PCI, GDPR, HIPAA/HITRUST & ISO 27001 compliance
- Strong understanding of information security frameworks, such as NIST and CIS
- Strong written and verbal communication skills and ability to effectively interface with both technical staff and leadership
The salary range for this role is $200,000 - $240,000. The salary for this position is determined based on a variety of job-related factors that may include location, relevant experience, education, or particular skills and expertise.
Perks & Benefits
At Zip, we’re committed to providing our employees with everything they need to do their best work.
- 📈 Start-up equity
- 🦷 Full health, vision & dental coverage
- 🍽️ Catered lunches & dinners for SF employees
- 🚍 Commuter benefit
- 🚠 Team building events & happy hours
- 🌴 Flexible PTO
- 💻 Apple equipment plus home office budget
- 💸 401k plan
We're looking to hire Zippers and that means hiring people who take ownership, communicate openly, have an underdog mindset, and are excited to increase the pace of innovation for every business in the world. We encourage all candidates to apply even if your experience doesn't exactly match up to our job description. We are committed to building a diverse and inclusive workspace where everyone (regardless of age, religion, ethnicity, gender, sexual orientation, and more) feels like they belong. We look forward to hearing from you!
Something looks off?