Your Role

Zip is building the future of B2B spend. As Zip’s Head of Information Security, you will be responsible for ensuring Zip’s enterprise systems and data are secure, overseeing security strategy, and managing and mitigating risk. You will lead a team of security professionals to ensure the confidentiality, integrity, and availability of data in corporate IT systems. Additionally, you will collaborate with other senior leaders to ensure compliance with regulatory requirements and maintain a strong security posture. This is a hybrid position - you should plan to come in-person to our San Francisco headquarters two days a week.

You will

• Develop and implement security policies and procedures to meet compliance and regulatory requirements
• Measure and report on information security posture to keep senior stakeholders informed
• Develop strong relationships across the business including Product, Engineering, IT, Compliance, Legal Finance, and HR to drive cross functional security initiatives
• Collaborate and align on risk appetite with senior stakeholders and BoD
• Support customer relationships by ensuring Zip meets the security and privacy standards of global enterprises, occasionally interfacing directly with customers to convey Zip’s InfoSec capabilities
• Build the InfoSec organization
• Build executive reporting/dashboards of current and historical security metrics
• Establish vulnerability management, incident response, disaster recovery, security champions, and other programs to mitigate risks
• Implement and maintain different Information Security compliances, such as SOC 1 & 2, GDPR, HITRUST, ISO 27001
• Monitor the external environment for emerging threats, and advise relevant stakeholders on appropriate course of action
• Conduct global security training and awareness

Qualifications

• Bachelors in Computer Science, Information Security, Information Management Systems, or related field
• 8+ years of experience in relevant positions in Information Security, IT, and Engineering
• 4+ years in leadership roles within enterprise security (IT, network, systems, application & cloud security)
• Hands-on experience in conducting audits and implementing security and compliance controls
• Strong knowledge of SOC 1, SOC 2, PCI, GDPR, HIPAA/HITRUST & ISO 27001 compliance
• Strong understanding of information security frameworks, such as NIST and CIS
• Strong written and verbal communication skills and ability to effectively interface with both technical staff and leadership

The salary range for this role is $200,000 - $240,000. The salary for this position is determined based on a variety of job-related factors that may include location, relevant experience, education, or particular skills and expertise.

Perks & Benefits

At Zip, we’re committed to providing our employees with everything they need to do their best work.

• 📈 Start-up equity
• 🦷 Full health, vision & dental coverage
• 🍽️ Catered lunches & dinners for SF employees
• 🚍 Commuter benefit
• 🚠 Team building events & happy hours
• 🌴 Flexible PTO
• 💻 Apple equipment plus home office budget
• 💸 401k plan

We're looking to hire Zippers and that means hiring people who take ownership, communicate openly, have an underdog mindset, and are excited to increase the pace of innovation for every business in the world. We encourage all candidates to apply even if your experience doesn't exactly match up to our job description. We are committed to building a diverse and inclusive workspace where everyone (regardless of age, religion, ethnicity, gender, sexual orientation, and more) feels like they belong. We look forward to hearing from you!