Job details

Tech Lead Information Security

Hum Capital is the funding platform that connects great companies with the right capital. Hum offers companies the most efficient way to access private capital by helping them understand the power of their data in the fundraising process. For investors, Hum delivers investment insights and a personalized deal flow built on company data they can trust. Hum is working to make private fundraising more data-driven and accessible to both companies and investors.

Hum’s Intelligent Capital Market puts companies' financial data to work, applying data analytics and AI to provide an investor's view of their business so they can fundraise with confidence. Hum empowers companies raising up to $50 million to make informed financing choices based on the options provided via the ICM’s two funding processes, SmartRaise and SmartMatch. To date, Hum has helped companies raise more than $600 million in committed capital and currently has over 2,000 companies on the platform and over 400 institutional investors.

Hum was founded by alumni from Stanford, Draper Fisher Jurvetson (DFJ), OakTree, Foursquare, NASA, Class Dojo, and has over 75 years of experience on Wall Street and Silicon Valley. Our team is formed by passionate Hum-ans who welcome diversity of backgrounds, ideas and perspectives. We believe that transparent, verified and tested information is the fuel of meaningful and profound work, but also the basis of a great and trustful environment to change the world’s fundraising system. If you find this exciting, you are in the right place. For more information, visit humcapital.com.

The Role

The Tech Lead for Information Security will report to the CISO and is responsible for all technical aspects of Hum’s information security related activities. This is a key role in the organization and will play an important role in leading Hum through its next stage of growth.

Hum’s Intelligent Capital Market is continuously pulling live financial data from companies across the US, processing and managing that data to inform investment decisions. We interact with some of the largest banks and investment institutions in the US. As such, Information Security and Compliance remain a critical aspect of our business that we wish to continue to grow.

What you'll be doing:

Help establish and execute a strategic, comprehensive information security program.
Identify, assess, mitigate and monitor risks, vulnerabilities, and gaps to improve the overall effectiveness of the security program and improve awareness of best information security practices
Work directly with strategic partners who have information security questions, concerns, and assessments.
Help achieve and maintain security compliance certifications relevant to the organization (e.g., SOC2, PCI, ISO 27001, GLBA)
Provide Information Security related technical leadership to the InfoSec, DevOps, IT and Engineering teams
Provide leadership and guidance on information security topics-advising and collaborating on security processes, business continuity, and disaster recovery plans
Keep an eye on security vulnerabilities and threats and ensure that system and application security design follows best security practices
Work closely with third party partner organizations to ensure security is factored into the evaluation, selection, installation, and configuration, and deployment of applications and software
Be involved in security investigations and recommended courses of action
Assist with related legal matters associated with such events as needed and suggest actions to prevent future incidents
Monitor external threat environments for emerging threats and advise relevant stakeholders on appropriate courses of action
Provide oversight to the architecture and engineering of new security systems-including evaluating technical designs

What you'll bring:

5+ years of related security experience
Prior experience as Tech Lead, Staff or Senior member of Information Security team
**Domain expertise in finance and lending
Extensive knowledge of various security standards (e.g., AOC/2, FINRA, CCPA, GDPR, NIST SP 800-53r4 and associated laws, rules and regulations.)
Experience instantiating, managing, and creating information security programs-including creating security policies, processes, controls, and programs
Ability to identify, assess, mitigate, and monitor threats and risks
Extensive knowledge of the various security requirements at the federal, state and local level in the privacy and security areas within the United States - note, down the road we will be establishing a more global footprint
Extensive knowledge of all layers of the technology stack-network, systems, database, application, code, infrastructure-as-a-service providers-and how to secure each of these layers
Experience using log-based alerting, vulnerability scanning, and other key security technologies
Knowledge of various encryption techniques and their proper utilization
Interpersonal communication skills for training and working with others
Experience working through ongoing security assessments and programs such as SOC2, PCI, and ISO 27001
Demonstrates excellent oral and written communication skills with the ability to communicate to a technical and non-technical audience including senior management
Bachelor's degree in related technology field (Information Technology, Information Systems, Computer Science, or another technical field)
Certification(s) in the information security areas such as the CISSP (Certified Information Systems Security Specialist) preferred by not required.

You must be a US Citizen or Green Card holder to be considered for this role.

HUM Capital Glassdoor Company Review

4.5