Job details

Head of Security

Hum Capital is the funding platform that connects great companies with the right capital. Hum offers companies the most efficient way to access private capital by helping them understand the power of their data in the fundraising process. For investors, Hum delivers investment insights and a personalized deal flow built on company data they can trust. Hum is working to make private fundraising more data-driven and accessible to both companies and investors.

Hum’s Intelligent Capital Market puts companies' financial data to work, applying data analytics and AI to provide an investor's view of their business so they can fundraise with confidence. Hum empowers companies raising up to $50 million to make informed financing choices based on the options provided via the ICM’s two funding processes, SmartRaise and SmartMatch. To date, Hum has helped companies raise more than $600 million in committed capital and currently has over 2,000 companies on the platform and over 400 institutional investors.

Hum was founded by alumni from Stanford, Draper Fisher Jurvetson (DFJ), OakTree, Foursquare, NASA, Class Dojo, and has over 75 years of experience on Wall Street and Silicon Valley. Our team is formed by passionate Hum-ans who welcome diversity of backgrounds, ideas and perspectives. We believe that transparent, verified and tested information is the fuel of meaningful and profound work, but also the basis of a great and trustful environment to change the world’s fundraising system. If you find this exciting, you are in the right place. For more information, visit humcapital.com.

The Role

The Head of Security will report to the Executive Vice President of R&D and will also continuously be updating the Board of Directors. They are responsible for all of Hum’s information security related activities. This is a key leadership role in the organization and will play an important role in leading Hum through its next stage of growth.

Hum’s Intelligent Capital Market is continuously pulling live financial data from companies across the US, processing and managing that data to inform investment decisions. We interact with some of the largest banks and investment institutions in the US. As such, Information Security and Compliance remain a critical aspect of our business that we wish to continue to grow.

What you'll be doing:

Establish and execute a strategic, comprehensive information security program, with supporting directives, plans, programs
Develop and maintain information security standards, policies, and guidelines and oversee their distribution in the company
Identify, assess, mitigate and monitor risks, vulnerabilities, and gaps to improve the overall effectiveness of the security program and improve awareness of best information security practices
Work directly with strategic partners who have information security questions, concerns, and assessments
Review legal contracts as needed to help ensure information security requirements are reasonable and in-line with industry-best security practices and the security program
Achieve and maintain security compliance certifications relevant to the organization (e.g., SOC2, PCI, ISO 27001, GLBA)
Lead and build out the information security team
Provide leadership and guidance on information security topics-advising and collaborating on security processes, business continuity, and disaster recovery plans
Keep an eye on security vulnerabilities and threats and ensure that system and application security design follows best security practices
Work closely with DevOps, IT, Engineering and third party partner organizations to ensure security is factored into the evaluation, selection, installation, and configuration, and deployment of applications and software
Be involved in security investigations and recommended courses of action
Assist with related legal matters associated with such events as needed and suggest actions to prevent future incidents
Monitor external threat environments for emerging threats and advise relevant stakeholders on appropriate courses of action
Provide regular reporting on the current state of information security program to executive management
Establish metrics and reporting framework to measure the efficiency, effectiveness, and maturity level of the program
Collaborate with the CTO and CPO to connect organizational requirements with security goals
Provide oversight to the architecture and engineering of new security systems-including evaluating technical designs
Prepare financial forecasts and budgets to execute effective security programs and operations
Provide leadership, training and guidance to team members by building and maintaining a top performing team
Produce security white papers and marketing content, as needed, to help customers understand the security program and practices in place

What you'll bring;

10+ years of related security experience
Prior experience as CSO, VP of Security, or Director of Security.
**Domain expertise in finance and lendingExtensive knowledge of various security standards (e.g., ISO 27001, Trust Services Principles, NIST SP 800-53r4, OWASP Top 10, SANS Top 20, and associated laws, rules and regulations.)
Experience instantiating, managing, and creating information security programs-including creating security policies, processes, controls, and programs
Ability to identify, assess, mitigate, and monitor threats and risks
Extensive knowledge of the various security requirements at the federal, state and local level in the privacy and security areas within the United States - note, down the road we will be establishing a more global footprint
Extensive knowledge of all layers of the technology stack-network, systems, database, application, code, infrastructure-as-a-service providers-and how to secure each of these layers
Experience using log-based alerting, vulnerability scanning, and other key security technologies
Knowledge of various encryption techniques and their proper utilization
Interpersonal communication skills for training and working with others
Past experience hiring, training, developing, and leading members of the security team
Experience interacting directly with customers or partners to help instill and maintain customer trust in the security program
Experience managing ongoing security assessments and programs such as SOC2, PCI, and ISO 27001
Demonstrates excellent oral and written communication skills with the ability to communicate to a technical and non-technical audience including senior management
Experience with building and leading highly motivated and engaged teams
Demonstrates ability to establish relationships and build rapport to influence colleagues at all levels, uncover issues, and identify needs
Bachelor's degree in related technology field (Information Technology, Information Systems, Computer Science, or another technical field)
Certification(s) in the information security areas such as the CISSP (Certified Information Systems Security Specialist) preferred by not required.