BILL
Information Security Risk Management Director
BILL, North, South Carolina, United States, 29112
Information Security Risk Management Director
Do the best work of your career as a champion for small and mid-size businesses.BILL is a leader in financial automation software for small and midsize businesses (SMBs). As a champion of SMBs, we are dedicated to automating the future of finance so businesses can thrive. Hundreds of thousands of businesses trust BILL solutions to manage financial workflows, including payables, receivables, and spend and expense management.Make your impact within a rapidly growing Fintech CompanyBILL’s Information Security department is searching for an Information Security Risk Management Director to lead the security strategy for our growing Security Risk Management function, reporting to the Deputy CISO. The ideal candidate will bring a blend of technical acumen and strategic insight, capable of effectively communicating with stakeholders and guiding team members in alignment with our security culture and business priorities. The candidate will possess a strong background in cybersecurity and risk management, with working knowledge and experience in risk management frameworks such as NIST RMF, FAIR, and OWASP.Key Responsibilities:Lead the comprehensive cyber risk management program including strategy, framework, process, execution, and continuous maturity.Conduct security risk assessments to identify potential risks from threats and vulnerabilities within the organization's infrastructure and applications.Perform control effectiveness assessment by collaborating with cross-functional teams to understand technical implementations and assess control strength.Communicate identified security risks and their potential impact to stakeholders, including technical and non-technical audiences.Develop and implement strategies for security risk remediation, ensuring alignment with technical, compliance and business requirements.Provide expert guidance on security controls and best practices to cross-functional teams and guide risk mitigation.Maintain up-to-date knowledge of industry standards, regulatory requirements, and emerging threats to inform risk assessment and remediation processes.Lead the enhancement of the security risk management program, including policies, procedures, and frameworks.Track and report on the status of risk remediation efforts, ensuring timely resolution and compliance with organizational policies.Develop and present detailed reports on risk assessments, including identified threats, vulnerabilities, and the effectiveness of implemented mitigation measures.Demonstrate a process-oriented, results-driven approach to security risk engineering, employing effective problem-solving and communication skills to serve as a subject matter expert and trusted advisor.We’d love to chat if you have:Bachelor’s degree in Computer Science, Information Security, or a related field.10+ years of experience in security risk assessment, with a focus on qualitative analysis, or equivalent and relevant security experience.Strong technical knowledge of security controls, including but not limited to access controls, encryption, network security, and vulnerability management.Demonstrated experience working within a GRC framework, with an understanding of regulatory and compliance requirements (e.g., PCI DSS, SOC).Excellent communication skills at all levels, with the ability to articulate complex technical concepts to diverse audiences, including C-Suite.Proven ability to work collaboratively with engineering teams to assess and mitigate security risks.Experience with security risk remediation programs, including technical implementation and compliance considerations.Strong analytical and problem-solving skills, with attention to detail and accuracy.Preferred Skills:Experience with security assessment tools and methodologies.Knowledge of cloud security best practices and technologies (e.g., AWS, Azure, GCP).Familiarity with security incident response, vulnerability triaging and threat assessments.Strong project management skills with the ability to prioritize tasks and manage multiple projects simultaneously.Let’s talk about benefits100% paid employee health, dental, and vision plans (choose HMO, PPO, or HDHP).Life Insurance, Long & Short-term disability coverage.Employee Assistance Program (EAP).11+ Observed holidays and wellness days and flexible time off.Employee Stock Purchase Program with employee discounts.Wellness & Fitness initiatives.Employee recognition and referral programs.And much more.We live our culture and values every dayAt BILL, we’re different by design—it's our culture. Our CEO is a trusted entrepreneur who lives our cultural values: Humble, Authentic, Passionate, Accountable, and Fun. People here love being their authentic selves, contributing unique experiences, sharing ideas, perspectives, and intellectual curiosity.BILL is proudly an Equal Opportunity Employer where everyone is welcome. Our innovation and technology are inspired by an inclusive culture unlike any other. Everyone brings a different personal story and perspective and this diverse mix of minds, backgrounds, and experiences is where our greatest ideas come from.
#J-18808-Ljbffr
Do the best work of your career as a champion for small and mid-size businesses.BILL is a leader in financial automation software for small and midsize businesses (SMBs). As a champion of SMBs, we are dedicated to automating the future of finance so businesses can thrive. Hundreds of thousands of businesses trust BILL solutions to manage financial workflows, including payables, receivables, and spend and expense management.Make your impact within a rapidly growing Fintech CompanyBILL’s Information Security department is searching for an Information Security Risk Management Director to lead the security strategy for our growing Security Risk Management function, reporting to the Deputy CISO. The ideal candidate will bring a blend of technical acumen and strategic insight, capable of effectively communicating with stakeholders and guiding team members in alignment with our security culture and business priorities. The candidate will possess a strong background in cybersecurity and risk management, with working knowledge and experience in risk management frameworks such as NIST RMF, FAIR, and OWASP.Key Responsibilities:Lead the comprehensive cyber risk management program including strategy, framework, process, execution, and continuous maturity.Conduct security risk assessments to identify potential risks from threats and vulnerabilities within the organization's infrastructure and applications.Perform control effectiveness assessment by collaborating with cross-functional teams to understand technical implementations and assess control strength.Communicate identified security risks and their potential impact to stakeholders, including technical and non-technical audiences.Develop and implement strategies for security risk remediation, ensuring alignment with technical, compliance and business requirements.Provide expert guidance on security controls and best practices to cross-functional teams and guide risk mitigation.Maintain up-to-date knowledge of industry standards, regulatory requirements, and emerging threats to inform risk assessment and remediation processes.Lead the enhancement of the security risk management program, including policies, procedures, and frameworks.Track and report on the status of risk remediation efforts, ensuring timely resolution and compliance with organizational policies.Develop and present detailed reports on risk assessments, including identified threats, vulnerabilities, and the effectiveness of implemented mitigation measures.Demonstrate a process-oriented, results-driven approach to security risk engineering, employing effective problem-solving and communication skills to serve as a subject matter expert and trusted advisor.We’d love to chat if you have:Bachelor’s degree in Computer Science, Information Security, or a related field.10+ years of experience in security risk assessment, with a focus on qualitative analysis, or equivalent and relevant security experience.Strong technical knowledge of security controls, including but not limited to access controls, encryption, network security, and vulnerability management.Demonstrated experience working within a GRC framework, with an understanding of regulatory and compliance requirements (e.g., PCI DSS, SOC).Excellent communication skills at all levels, with the ability to articulate complex technical concepts to diverse audiences, including C-Suite.Proven ability to work collaboratively with engineering teams to assess and mitigate security risks.Experience with security risk remediation programs, including technical implementation and compliance considerations.Strong analytical and problem-solving skills, with attention to detail and accuracy.Preferred Skills:Experience with security assessment tools and methodologies.Knowledge of cloud security best practices and technologies (e.g., AWS, Azure, GCP).Familiarity with security incident response, vulnerability triaging and threat assessments.Strong project management skills with the ability to prioritize tasks and manage multiple projects simultaneously.Let’s talk about benefits100% paid employee health, dental, and vision plans (choose HMO, PPO, or HDHP).Life Insurance, Long & Short-term disability coverage.Employee Assistance Program (EAP).11+ Observed holidays and wellness days and flexible time off.Employee Stock Purchase Program with employee discounts.Wellness & Fitness initiatives.Employee recognition and referral programs.And much more.We live our culture and values every dayAt BILL, we’re different by design—it's our culture. Our CEO is a trusted entrepreneur who lives our cultural values: Humble, Authentic, Passionate, Accountable, and Fun. People here love being their authentic selves, contributing unique experiences, sharing ideas, perspectives, and intellectual curiosity.BILL is proudly an Equal Opportunity Employer where everyone is welcome. Our innovation and technology are inspired by an inclusive culture unlike any other. Everyone brings a different personal story and perspective and this diverse mix of minds, backgrounds, and experiences is where our greatest ideas come from.
#J-18808-Ljbffr