Director, Information Security

Arcadia is seeking a Director of Information Security to lead and own the company's information security strategy and policy. This role involves defining and driving the security roadmap, managing a team of security engineers, enhancing security policies, partnering with engineering teams, responding to security incidents, and overseeing company-wide security efforts. The ideal candidate will have a strong background in information security and risk management, with experience in compliance and a passion for problem-solving in a dynamic environment.

Must Have

• 6+ years of prior experience in information security and/or risk management, preferably at a SaaS company
• 3+ years of management experience
• Experience working in a fast-paced, startup environment
• Experience implementing SOC II, GDPR and CCPA compliance
• Skill with collaboration, mentoring, learning from other engineers, and treating colleagues with empathy and respect
• Excellent verbal, written and interpersonal communication skills, including the ability to effectively communicate security and risk-related concepts to individuals with technical and non-technical backgrounds
• Deep knowledge and application of software development and quality assurance methodologies to application and infrastructure delivery
• Proven track record of designing, launching, and driving successful adoption of company-wide security initiatives and programs
• Passion for our mission, sustainability, and helping drive a clean-energy future

Good to Have

• Professional security management certification such as CISSP, CCISO, CISM, GIAC, and/or other CISA
• Familiarity with AWS (or an equivalent cloud-provider) and the related security best practices

Perks & Benefits

• "Remote first" culture - work anywhere in the US as long as you have a reliable internet connection
• Flexible PTO - no accrued hours and no limit on the number of vacation days exempt employees can take each year
• 17 annual company-wide holidays, including a week-long "summer break"
• 10 days sick leave
• Up to 4 weeks bereavement leave
• 2 volunteer days off
• 2 professional development days off
• 12 weeks paid parental leave for all parents
• 80-95% employer cost coverage for medical, dental, and vision benefits for employees and dependents
• A supportive engineering culture that values diversity, empathy, teamwork, trust, and efficiency

What we're looking for:

We are seeking a Director of Information Security to own our information security strategy and policy. This individual will prioritize a strategic roadmap to mitigate risk against all relevant threat vectors (including application/product security and employee security), monitor the effectiveness of the security program, and interface with regulators and third parties to represent and defend Arcadia’s posture. The ideal candidate is detail-oriented and data-driven, with an excitement for problem-solving and working collaboratively with others in a fast-paced, highly dynamic environment.

This role is based in Washington, D.C., or New York City, NY, though we are open to considering a remote candidate and will report directly to the Head of Engineering. Additionally, this candidate will collaborate frequently with other engineers as well as the Product, Enterprise Solutions, IT, Legal and Regulatory, Operations, and Analytics & Data Science teams.

What you'll do:

• Define and drive Arcadia’s information security roadmap, strategy, tactics, and execution
• Lead and mentor a team of security engineers to implement a comprehensive security program
• Architect programs and processes that evaluate and enhance Arcadia's information security policies through monitoring, remediation, reporting, and auditing
• Partner with Arcadia’s engineering teams during scoping and execution of all roadmap deliverables to ensure that security concerns are treated as first-class product requirements
• Respond appropriately and effectively to security-related incidents and report back to key internal and external stakeholders
• Participate in externally requested security audits from partners
• Lead efforts to periodically review and update information security and privacy policy best practices across the company
• Work with a leading policy team on developing regulatory structures around utility data access and security
• Oversee and coordinate security efforts across the company alongside Engineering, IT, HR, Product, Legal, and more
• Stay up to date with IT/Security industry trends and evaluate new solutions & techniques
• Launch company-wide security initiatives and training

What will help you succeed:

Must-haves:

• 6+ years of prior experience in information security and/or risk management, preferably at a SaaS company
• 3+ years of management experience
• Experience working in a fast-paced, startup environment
• Experience implementing SOC II, GDPR and CCPA compliance
• Skill with collaboration, mentoring, learning from other engineers, and treating colleagues with empathy and respect
• Excellent verbal, written and interpersonal communication skills, including the ability to effectively communicate security and risk-related concepts to individuals with technical and non-technical backgrounds
• Deep knowledge and application of software development and quality assurance methodologies to application and infrastructure delivery
• Proven track record of designing, launching, and driving successful adoption of company-wide security initiatives and programs
• Passion for our mission, sustainability, and helping drive a clean-energy future

Nice-to-haves:

• Professional security management certification such as CISSP, CCISO, CISM, GIAC, and/or other CISA
• Familiarity with AWS (or an equivalent cloud-provider) and the related security best practices

Benefits:

• "Remote first" culture - work anywhere in the US as long as you have a reliable internet connection
• Flexible PTO - no accrued hours and no limit on the number of vacation days exempt employees can take each year
• 17 annual company-wide holidays, including a week-long "summer break"
• 10 days sick leave
• Up to 4 weeks bereavement leave
• 2 volunteer days off
• 2 professional development days off
• 12 weeks paid parental leave for all parents
• 80-95% employer cost coverage for medical, dental, and vision benefits for employees and dependents
• A supportive engineering culture that values diversity, empathy, teamwork, trust, and efficiency

Eliminating carbon footprints, eliminating carbon copies.

Here at Arcadia, we cultivate diversity, celebrate individuality, and believe unique perspectives are key to our collective success in creating a clean energy future. Arcadia is committed to equal employment opportunities regardless of race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, protected veteran status, or any status protected by applicable federal, state, or local law. Please note that we are unable to offer visa sponsorship for this position at this time

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Target Annual Compensation Range for this role will be $165,000 to $295,000. There will also be a competitive benefits and equity (bonus if applicable) component to the package. The exact compensation at which this job is filled will be determined by the skills, experience, and location of the qualified candidate.

Thank you

Create a Job Alert

Interested in building your career at Arcadia? Get future opportunities sent straight to your email.

Create alert

Apply for this job

------------------

• indicates a required field

Autofill with MyGreenhouse

First Name*

Last Name*

Preferred First Name

Email*

Phone

Country*

Phone*

Location (City)*

Locate me

Resume/CV*

AttachAttach

Dropbox

Google Drive

Enter manuallyEnter manually

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

AttachAttach

Dropbox

Google Drive

Enter manuallyEnter manually

Accepted file types: pdf, doc, docx, txt, rtf

• * *

Education

School*

Select...

Degree*

Select...

End date year*

Add another

• * *

What are your pronouns? (optional)

LinkedIn Profile

Website

Do you currently live in the U.S.?*

Select...

What city do you currently live in?*

If Yes, what state do you currently live in?*

Select...

What is your zip code? *

Are you legally eligible to work in the U.S.?*

Select...

Will you now or in the future require visa sponsorship for employment at Arcadia?*

Select...

Have you personally served as the primary leader/owner (not just a contributor) for achieving SOC 2 Type II certification from start to audit completion at a previous company?*

Select...

Have you personally implemented and maintained IAM policies and security controls in AWS (or equivalent cloud provider) in a production environment for at least 2 years?*

Select...

How many security incidents have you personally led the response for (as incident commander or primary coordinator) that required communication with external stakeholders (customers, partners, regulators, or law enforcement)?*

Select...

How many of the following compliance certifications/frameworks have you successfully implemented from inception to completion? (SOC 2 Type II, ISO 27001, GDPR compliance program, CCPA compliance program, HIPAA, PCI-DSS, FedRAMP, NIST CSF)*

Select...

0

What is the largest security team you have directly managed (direct reports only, not dotted-line or cross-functional)?" *

Select...

SOC 2 Type II audits evaluate controls based on Trust Services Criteria. Which of the following is NOT one of the five official Trust Services Criteria?*

Select...

Submit application