Information Security Risk Management Director @ BILL
Company: Ponderosa Management LLC
Location: San Jose
Posted on: October 16, 2024
Job Description:
Information Security Risk Management Director BILL The AP, AR,
and spend & expense solution that lets you create and pay bills,
manage expenses, control budgets, and get the credit your
business/firm needs to grow. View all jobs at BILL Do the best work
of your career as a champion for small and mid-size businesses.BILL
is a leader in financial automation software for small and midsize
businesses (SMBs). As a champion of SMBs, we are dedicated to
automating the future of finance so businesses can thrive. Hundreds
of thousands of businesses trust BILL solutions to manage financial
workflows, including payables, receivables, and spend and expense
management. With BILL, businesses are connected to a network of
millions of members, so they can pay or get paid faster. Through
our automated solutions, we help SMBs simplify and control their
finances, so they can confidently manage their businesses, and
succeed on their terms.BILL is a trusted partner of leading U.S.
financial institutions, accounting firms, and accounting software
providers. We have operations in San Jose, CA, Draper, UT, Houston,
TX and are continuing to expand into other geographic locations. If
you're looking for a place that helps you do the best work of your
career, look no further than BILL.Make your impact within a rapidly
growing Fintech CompanyBILL's Information Security department is
searching for an Information Security Risk Management Director to
lead the security strategy for our growing Security Risk Management
function, reporting to the Deputy CISO. The ideal candidate will
bring a blend of technical acumen and strategic insight, capable of
effectively communicating with stakeholders and guiding team
members in alignment with our security culture and business
priorities. The candidate will possess a strong background in
cybersecurity and risk management, with working knowledge and
experience in risk management frameworks such as NIST RMF, FAIR,
and OWASP. Information Security is looking for a strong leader who
is capable of working closely with cross-functional engineering
teams and leadership to perform comprehensive security risk
assessments, communicate identified risks effectively, and ensure
timely remediation from a technical perspective, in addition to
enhancing the security risk management program capabilities.Key
Responsibilities:
- Lead the comprehensive cyber risk management program including
strategy, framework, process, execution, and continuous
maturity
- Conduct security risk assessments to identify potential risks
from threats and vulnerabilities within the organization's
infrastructure and applications.
- Perform control effectiveness assessment by collaborating with
cross-functional teams to understand technical implementations and
assess control strength
- Communicate identified security risks and their potential
impact to stakeholders, including technical and non-technical
audiences.
- Develop and implement strategies for security risk remediation,
ensuring alignment with technical, compliance and business
requirements.
- Provide expert guidance on security controls and best practices
to cross-functional teams and guide risk mitigation
- Maintain up-to-date knowledge of industry standards, regulatory
requirements, and emerging threats to inform risk assessment and
remediation processes.
- Lead the enhancement of the security risk management program,
including policies, procedures, and frameworks.
- Track and report on the status of risk remediation efforts,
ensuring timely resolution and compliance with organizational
policies.
- Develop and present detailed reports on risk assessments,
including identified threats, vulnerabilities, and the
effectiveness of implemented mitigation measures. Ensure these
reports are understandable to technical and non-technical
stakeholders, including senior management
- Demonstrate a process-oriented, results-driven approach to
security risk engineering, employing effective problem-solving and
communication skills to serve as a subject matter expert and
trusted advisorWe'd love to chat if you have:
- Bachelor's degree in Computer Science, Information Security, or
a related field.
- 10+ years of experience in security risk assessment, with a
focus on qualitative analysis, or equivalent and relevant security
experience.
- Strong technical knowledge of security controls, including but
not limited to access controls, encryption, network security, and
vulnerability management.
- Demonstrated experience working within a GRC framework, with an
understanding of regulatory and compliance requirements (e.g., PCI
DSS, SOC).
- Excellent communication skills at all levels, with the ability
to articulate complex technical concepts to diverse audiences,
including including C-Suite
- Proven ability to work collaboratively with engineering teams
to assess and mitigate security risks.
- Experience with security risk remediation programs, including
technical implementation and compliance considerations.
- Strong analytical and problem-solving skills, with attention to
detail and accuracy.Preferred Skills:
- Experience with security assessment tools and
methodologies.
- Knowledge of cloud security best practices and technologies
(e.g., AWS, Azure, GCP).
- Familiarity with security incident response, vulnerability
triaging and threat assessments
- Strong project management skills with the ability to prioritize
tasks and manage multiple projects simultaneously.The estimated
salary range for this role is noted below for our San Jose based
role. Our ranges for each role and job level are based on a variety
of factors including candidate experience, expertise, and
geographic location and may vary from the amounts listed above. The
role is also eligible for a competitive benefits package that
includes: medical, dental, vision, life and disability insurance,
401(k) retirement plan, flexible spending & health savings account,
paid holidays, paid time off, and other company benefits.San Jose
pay range$185,100-$230,900 USD Do the best work of your career as a
champion for small and mid-size businesses.BILL is a leader in
financial automation software for small and midsize businesses
(SMBs). As a champion of SMBs, we are dedicated to automating the
future of finance so businesses can thrive. Hundreds of thousands
of businesses trust BILL solutions to manage financial workflows,
including payables, receivables, and spend and expense management.
With BILL, businesses are connected to a network of millions of
members, so they can pay or get paid faster. Through our automated
solutions, we help SMBs simplify and control their finances, so
they can confidently manage their businesses, and succeed on their
terms.BILL is a trusted partner of leading U.S. financial
institutions, accounting firms, and accounting software providers.
We have operations in San Jose, CA, Draper, UT, Houston, TX and are
continuing to expand into other geographic locations. If you're
looking for a place that helps you do the best work of your career,
look no further than BILL.Make your impact within a rapidly growing
Fintech CompanyBILL's Information Security department is searching
for an Information Security Risk Management Director to lead the
security strategy for our growing Security Risk Management
function, reporting to the Deputy CISO. The ideal candidate will
bring a blend of technical acumen and strategic insight, capable of
effectively communicating with stakeholders and guiding team
members in alignment with our security culture and business
priorities. The candidate will possess a strong background in
cybersecurity and risk management, with working knowledge and
experience in risk management frameworks such as NIST RMF, FAIR,
and OWASP. Information Security is looking for a strong leader who
is capable of working closely with cross-functional engineering
teams and leadership to perform comprehensive security risk
assessments, communicate identified risks effectively, and ensure
timely remediation from a technical perspective, in addition to
enhancing the security risk management program capabilities.Key
Responsibilities:
- Lead the comprehensive cyber risk management program including
strategy, framework, process, execution, and continuous
maturity
- Conduct security risk assessments to identify potential risks
from threats and vulnerabilities within the organization's
infrastructure and applications.
- Perform control effectiveness assessment by collaborating with
cross-functional teams to understand technical implementations and
assess control strength
- Communicate identified security risks and their potential
impact to stakeholders, including technical and non-technical
audiences.
- Develop and implement strategies for security risk remediation,
ensuring alignment with technical, compliance and business
requirements.
- Provide expert guidance on security controls and best practices
to cross-functional teams and guide risk mitigation
- Maintain up-to-date knowledge of industry standards, regulatory
requirements, and emerging threats to inform risk assessment and
remediation processes.
- Lead the enhancement of the security risk management program,
including policies, procedures, and frameworks.
- Track and report on the status of risk remediation efforts,
ensuring timely resolution and compliance with organizational
policies.
- Develop and present detailed reports on risk assessments,
including identified threats, vulnerabilities, and the
effectiveness of implemented mitigation measures. Ensure these
reports are understandable to technical and non-technical
stakeholders, including senior management
- Demonstrate a process-oriented, results-driven approach to
security risk engineering, employing effective problem-solving and
communication skills to serve as a subject matter expert and
trusted advisorWe'd love to chat if you have:
- Bachelor's degree in Computer Science, Information Security, or
a related field.
- 10+ years of experience in security risk assessment, with a
focus on qualitative analysis, or equivalent and relevant security
experience.
- Strong technical knowledge of security controls, including but
not limited to access controls, encryption, network security, and
vulnerability management.
- Demonstrated experience working within a GRC framework, with an
understanding of regulatory and compliance requirements (e.g., PCI
DSS, SOC).
- Excellent communication skills at all levels, with the ability
to articulate complex technical concepts to diverse audiences,
including including C-Suite
- Proven ability to work collaboratively with engineering teams
to assess and mitigate security risks.
- Experience with security risk remediation programs, including
technical implementation and compliance considerations.
- Strong analytical and problem-solving skills, with attention to
detail and accuracy.Preferred Skills:
- Experience with security assessment tools and
methodologies.
- Knowledge of cloud security best practices and technologies
(e.g., AWS, Azure, GCP).
- Familiarity with security incident response, vulnerability
triaging and threat assessments
- Strong project management skills with the ability to prioritize
tasks and manage multiple projects simultaneously.The estimated
salary range for this role is noted below for our San Jose based
role. Our ranges for each role and job level are based on a variety
of factors including candidate experience, expertise, and
geographic location and may vary from the amounts listed above. The
role is also eligible for a competitive benefits package that
includes: medical, dental, vision, life and disability insurance,
401(k) retirement plan, flexible spending & health savings account,
paid holidays, paid time off, and other company benefits.San Jose
pay range$185,100-$230,900 USDLet's talk about benefits
- 100% paid employee health, dental, and vision plans (choose
HMO, PPO, or HDHP)
- HSA & FSA accounts
- Life Insurance, Long & Short-term disability coverage
- Employee Assistance Program (EAP)
- 11+ Observed holidays and wellness days and flexible time
off
- Employee Stock Purchase Program with employee discounts
- Wellness & Fitness initiatives
- Employee recognition and referral programs
- And much moreFor positions that are in office we support a
hybrid work environment with on-site and remote work days. Check
out ourLinkedIn Life Page for each location and discover BILL. We
live our culture and values every dayAt BILL, we're different by
design-it's our culture. Our CEO is a trusted entrepreneur who
lives our cultural values: Humble, Authentic, Passionate,
Accountable, and Fun. People here love being their authentic
selves, contributing unique experiences, sharing ideas,
perspectives, and intellectual curiosity. We celebrate our
diversity as the heart and soul of how we work, grow, and succeed
together. Inspiring people with meaningful career experiences they
love really does make the dream work and our successes just keep
getting better. There's no limit to what we can build and where we
can go from here. We'd love you to join us.
BILL is proudly an Equal Opportunity Employer where everyone is
welcome. Our innovation and technology are inspired by an inclusive
culture unlike any other. Everyone brings a different personal
story and perspective and this diverse mix of minds, backgrounds,
and experiences is where our greatest ideas come from. We welcome
people of all races, ethnicities, ages, religions, abilities,
genders, and sexual orientations to make us an even more vibrant
company. We want everyone to bring their authentic selves here, to
share our values, shape our vision, drive innovation, and become
part of a culture we celebrate every day.Our promise to our
candidates is to be transparent, diligent, and engaging while
guiding individuals through each step of our hiring process. At
BILL we strive to achieve an inclusive and positive candidate
experience that aligns with our core values and focuses on
diversity.If you require a reasonable accommodation for your
application, interviews, or another aspect of the hiring process,
please contactinterviewaccommodations@hq.bill.com .BILL Culture:
- Humble - We check our egos at the door. We are curious. We
listen, accept feedback.
- Authentic - We earn and show trust by being real-embracing our
authentic selves.
- Passionate - We care deeply about each other and our
customers.
- Accountable - We are duty-bound to each other, our customers,
and society.
- Fun- We wrap it all together by building connections and
enjoying time spent together.Our Applicant Privacy Notice describes
how BILL treats the personal information it receives from
applicants Find even more open roles below ordered by popularity of
job title or skills/products/technologies used.
#J-18808-Ljbffr
Keywords: Ponderosa Management LLC, Daly City , Information Security Risk Management Director @ BILL, Executive , San Jose, California
Didn't find what you're looking for? Search again!
Loading more jobs...