What we're looking for:
We are seeking a Director of Information Security to own our information security strategy and policy. This individual will prioritize a strategic roadmap to mitigate risk against all relevant threat vectors (including application/product security and employee security), monitor the effectiveness of the security program, and interface with regulators and third parties to represent and defend Arcadia’s posture. The ideal candidate is detail-oriented and data-driven, with an excitement for problem-solving and working collaboratively with others in a fast-paced, highly dynamic environment.
This role is based in Washington, D.C., or New York City, NY, though we are open to considering a remote candidate and will report directly to the Head of Engineering. Additionally, this candidate will collaborate frequently with other engineers as well as the Product, Enterprise Solutions, IT, Legal and Regulatory, Operations, and Analytics & Data Science teams.
What you'll do:
- Define and drive Arcadia’s information security roadmap, strategy, tactics, and execution
- Lead and mentor a team of security engineers to implement a comprehensive security program
- Architect programs and processes that evaluate and enhance Arcadia's information security policies through monitoring, remediation, reporting, and auditing
- Partner with Arcadia’s engineering teams during scoping and execution of all roadmap deliverables to ensure that security concerns are treated as first-class product requirements
- Respond appropriately and effectively to security-related incidents and report back to key internal and external stakeholders
- Participate in externally requested security audits from partners
- Lead efforts to periodically review and update information security and privacy policy best practices across the company
- Work with a leading policy team on developing regulatory structures around utility data access and security
- Oversee and coordinate security efforts across the company alongside Engineering, IT, HR, Product, Legal, and more
- Stay up to date with IT/Security industry trends and evaluate new solutions & techniques
- Launch company-wide security initiatives and training
What will help you succeed:
Must-haves:
- 6+ years of prior experience in information security and/or risk management, preferably at a SaaS company
- 3+ years of management experience
- Experience working in a fast-paced, startup environment
- Experience implementing SOC II, GDPR and CCPA compliance
- Skill with collaboration, mentoring, learning from other engineers, and treating colleagues with empathy and respect
- Excellent verbal, written and interpersonal communication skills, including the ability to effectively communicate security and risk-related concepts to individuals with technical and non-technical backgrounds
- Deep knowledge and application of software development and quality assurance methodologies to application and infrastructure delivery
- Proven track record of designing, launching, and driving successful adoption of company-wide security initiatives and programs
- Passion for our mission, sustainability, and helping drive a clean-energy future
Nice-to-haves:
- Professional security management certification such as CISSP, CCISO, CISM, GIAC, and/or other CISA
- Familiarity with AWS (or an equivalent cloud-provider) and the related security best practices