Ponderosa Management LLC
Information Security Risk Management Director @ BILL
Ponderosa Management LLC, San Jose, California, United States, 95199
Information Security Risk Management Director
BILL
The AP, AR, and spend & expense solution that lets you create and pay bills, manage expenses, control budgets, and get the credit your business/firm needs to grow.
View all jobs at BILL
Do the best work of your career as a champion for small and mid-size businesses.BILL is a leader in financial automation software for small and midsize businesses (SMBs). As a champion of SMBs, we are dedicated to automating the future of finance so businesses can thrive. Hundreds of thousands of businesses trust BILL solutions to manage financial workflows, including payables, receivables, and spend and expense management. With BILL, businesses are connected to a network of millions of members, so they can pay or get paid faster. Through our automated solutions, we help SMBs simplify and control their finances, so they can confidently manage their businesses, and succeed on their terms.BILL is a trusted partner of leading U.S. financial institutions, accounting firms, and accounting software providers. We have operations in San Jose, CA, Draper, UT, Houston, TX and are continuing to expand into other geographic locations. If you’re looking for a place that helps you do the best work of your career, look no further than BILL.Make your impact within a rapidly growing Fintech CompanyBILL’s Information Security department is searching for an Information Security Risk Management Director to lead the security strategy for our growing Security Risk Management function, reporting to the Deputy CISO. The ideal candidate will bring a blend of technical acumen and strategic insight, capable of effectively communicating with stakeholders and guiding team members in alignment with our security culture and business priorities. The candidate will possess a strong background in cybersecurity and risk management, with working knowledge and experience in risk management frameworks such as NIST RMF, FAIR, and OWASP. Information Security is looking for a strong leader who is capable of working closely with cross-functional engineering teams and leadership to perform comprehensive security risk assessments, communicate identified risks effectively, and ensure timely remediation from a technical perspective, in addition to enhancing the security risk management program capabilities.Key Responsibilities:Lead the comprehensive cyber risk management program including strategy, framework, process, execution, and continuous maturityConduct security risk assessments to identify potential risks from threats and vulnerabilities within the organization's infrastructure and applications.Perform control effectiveness assessment by collaborating with cross-functional teams to understand technical implementations and assess control strengthCommunicate identified security risks and their potential impact to stakeholders, including technical and non-technical audiences.Develop and implement strategies for security risk remediation, ensuring alignment with technical, compliance and business requirements.Provide expert guidance on security controls and best practices to cross-functional teams and guide risk mitigationMaintain up-to-date knowledge of industry standards, regulatory requirements, and emerging threats to inform risk assessment and remediation processes.Lead the enhancement of the security risk management program, including policies, procedures, and frameworks.Track and report on the status of risk remediation efforts, ensuring timely resolution and compliance with organizational policies.Develop and present detailed reports on risk assessments, including identified threats, vulnerabilities, and the effectiveness of implemented mitigation measures. Ensure these reports are understandable to technical and non-technical stakeholders, including senior managementDemonstrate a process-oriented, results-driven approach to security risk engineering, employing effective problem-solving and communication skills to serve as a subject matter expert and trusted advisorWe’d love to chat if you have:Bachelor’s degree in Computer Science, Information Security, or a related field.10+ years of experience in security risk assessment, with a focus on qualitative analysis, or equivalent and relevant security experience.Strong technical knowledge of security controls, including but not limited to access controls, encryption, network security, and vulnerability management.Demonstrated experience working within a GRC framework, with an understanding of regulatory and compliance requirements (e.g., PCI DSS, SOC).Excellent communication skills at all levels, with the ability to articulate complex technical concepts to diverse audiences, including including C-SuiteProven ability to work collaboratively with engineering teams to assess and mitigate security risks.Experience with security risk remediation programs, including technical implementation and compliance considerations.Strong analytical and problem-solving skills, with attention to detail and accuracy.Preferred Skills:Experience with security assessment tools and methodologies.Knowledge of cloud
security best practices and technologies (e.g., AWS, Azure, GCP).Familiarity with security incident response, vulnerability triaging and threat assessmentsStrong project management skills with the ability to prioritize tasks and manage multiple projects simultaneously.The estimated salary
range for this role is noted below for our San Jose based role. Our ranges for each role and job level are based on a variety of factors including candidate experience, expertise, and geographic location and may vary from the amounts listed above. The role is also eligible for a competitive benefits package that includes: medical, dental, vision, life and disability insurance, 401(k) retirement plan, flexible spending & health savings account, paid holidays, paid time off, and other company benefits.San Jose pay range$185,100—$230,900 USD
Do the best work of your career as a champion for small and mid-size businesses.BILL is a leader in financial automation software for small and midsize businesses (SMBs). As a champion of SMBs, we are dedicated to automating the future of finance so businesses can thrive. Hundreds of thousands of businesses trust BILL solutions to manage financial workflows, including payables, receivables, and spend and expense management. With BILL, businesses are connected to a network of millions of members, so they can pay or get paid faster. Through our automated solutions, we help SMBs simplify and control their finances, so they can confidently manage their businesses, and succeed on their terms.BILL is a trusted partner of leading U.S. financial institutions, accounting firms, and accounting software providers. We have operations in San Jose, CA, Draper, UT, Houston, TX and are continuing to expand into other geographic locations. If you’re looking for a place that helps you do the best work of your career, look no further than BILL.Make your impact within a rapidly growing Fintech CompanyBILL’s Information Security department is searching for an Information Security Risk Management Director to lead the security strategy for our growing Security Risk Management function, reporting to the Deputy CISO. The ideal candidate will bring a blend of technical acumen and strategic insight, capable of effectively communicating with stakeholders and guiding team members in alignment with our security culture and business priorities. The candidate will possess a strong background in cybersecurity and risk management, with working knowledge and experience in risk management frameworks such as NIST RMF, FAIR, and OWASP. Information Security is looking for a strong leader who is capable of working closely with cross-functional engineering teams and leadership to perform comprehensive security risk assessments, communicate identified risks effectively, and ensure timely remediation from a technical perspective, in addition to enhancing the security risk management program capabilities.Key Responsibilities:Lead the comprehensive cyber risk management program including strategy, framework, process, execution, and continuous maturityConduct security risk assessments to identify potential risks from threats and vulnerabilities within the organization's infrastructure and applications.Perform control effectiveness assessment by collaborating with cross-functional teams to understand technical implementations and assess control strengthCommunicate identified security risks and their potential impact to stakeholders, including technical and non-technical audiences.Develop and implement strategies for security risk remediation, ensuring alignment with technical, compliance and business requirements.Provide expert guidance on security controls and best practices to cross-functional teams and guide risk mitigationMaintain up-to-date knowledge of industry standards, regulatory requirements, and emerging threats to inform risk assessment and remediation processes.Lead the enhancement of the security risk management program, including policies, procedures, and frameworks.Track and report on the status of risk remediation efforts, ensuring timely resolution and compliance with organizational policies.Develop and present detailed reports on risk assessments, including identified threats, vulnerabilities, and the effectiveness of implemented mitigation measures. Ensure these reports are understandable to technical and non-technical stakeholders, including senior managementDemonstrate a process-oriented, results-driven approach to security risk engineering, employing effective problem-solving and communication skills to serve as a subject matter expert and trusted advisorWe’d love to chat if you have:Bachelor’s degree in Computer Science, Information Security, or a related field.10+ years of experience in security risk assessment, with a focus on qualitative analysis, or equivalent and relevant security experience.Strong technical knowledge of security controls, including but not limited to access controls, encryption, network security, and vulnerability management.Demonstrated experience working within a GRC framework, with an understanding of regulatory and compliance requirements (e.g., PCI DSS, SOC).Excellent communication skills at all levels, with the ability to articulate complex technical concepts to diverse audiences, including including C-SuiteProven ability to work collaboratively with engineering teams to assess and mitigate security risks.Experience with security risk remediation programs, including technical implementation and compliance considerations.Strong analytical and problem-solving skills, with attention to detail and accuracy.Preferred Skills:Experience with security assessment tools and methodologies.Knowledge of cloud
security best practices and technologies (e.g., AWS, Azure, GCP).Familiarity with security incident response, vulnerability triaging and threat assessmentsStrong project management skills with the ability to prioritize tasks and manage multiple projects simultaneously.The estimated salary
range for this role is noted below for our San Jose based role. Our ranges for each role and job level are based on a variety of factors including candidate experience, expertise, and geographic location and may vary from the amounts listed above. The role is also eligible for a competitive benefits package that includes: medical, dental, vision, life and disability insurance, 401(k) retirement plan, flexible spending & health savings account, paid holidays, paid time off, and other company benefits.San Jose pay range$185,100—$230,900 USD
Let’s talk about benefits100% paid employee health, dental, and vision plans (choose HMO, PPO, or HDHP)HSA & FSA accountsLife Insurance, Long & Short-term disability coverageEmployee Assistance Program (EAP)11+ Observed holidays and wellness days and flexible time offEmployee Stock Purchase Program with employee discountsWellness & Fitness initiativesEmployee recognition and referral programsAnd much moreFor positions that are in office we support a hybrid work environment with on-site and remote work days. Check out ourLinkedIn Life Page
for each location and discover BILL.We live our culture and values every dayAt BILL, we’re different by design—it's our culture. Our CEO is a trusted entrepreneur who lives our cultural values: Humble, Authentic, Passionate, Accountable, and Fun. People here love being their authentic selves, contributing unique experiences, sharing ideas, perspectives, and intellectual curiosity. We celebrate our diversity as the heart and soul of how we work, grow, and succeed together. Inspiring people with meaningful career experiences they love really does make the dream work and our successes just keep getting better. There’s no limit to what we can build and where we can go from here. We’d love you to join us.
BILL is proudly an Equal Opportunity Employer where everyone is welcome. Our innovation and technology are inspired by an inclusive culture unlike any other. Everyone brings a different personal story and perspective and this diverse mix of minds, backgrounds, and experiences is where our greatest ideas come from. We welcome people of all races, ethnicities, ages, religions, abilities, genders, and sexual orientations to make us an even more vibrant company. We want everyone to bring their authentic selves here, to share our values, shape our vision, drive innovation, and become part of a culture we celebrate every day.Our promise to our candidates is to be transparent, diligent, and engaging while guiding individuals through each step of our hiring process. At BILL we strive to achieve an inclusive and positive candidate experience that aligns with our core values and focuses on diversity.If you require a reasonable accommodation for your application, interviews, or another aspect of the hiring process, please contactinterviewaccommodations@hq.bill.com .BILL Culture:Humble
- We check our egos at the door. We are curious. We listen, accept feedback.Authentic
- We earn and show trust by being real—embracing our authentic selves.Passionate
- We care deeply about each other and our customers.Accountable
- We are duty-bound to each other, our customers, and society.Fun - We wrap it all together by building connections and enjoying time spent together.Our Applicant Privacy Notice
describes how BILL treats the personal information it receives from applicants
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
#J-18808-Ljbffr
BILL
The AP, AR, and spend & expense solution that lets you create and pay bills, manage expenses, control budgets, and get the credit your business/firm needs to grow.
View all jobs at BILL
Do the best work of your career as a champion for small and mid-size businesses.BILL is a leader in financial automation software for small and midsize businesses (SMBs). As a champion of SMBs, we are dedicated to automating the future of finance so businesses can thrive. Hundreds of thousands of businesses trust BILL solutions to manage financial workflows, including payables, receivables, and spend and expense management. With BILL, businesses are connected to a network of millions of members, so they can pay or get paid faster. Through our automated solutions, we help SMBs simplify and control their finances, so they can confidently manage their businesses, and succeed on their terms.BILL is a trusted partner of leading U.S. financial institutions, accounting firms, and accounting software providers. We have operations in San Jose, CA, Draper, UT, Houston, TX and are continuing to expand into other geographic locations. If you’re looking for a place that helps you do the best work of your career, look no further than BILL.Make your impact within a rapidly growing Fintech CompanyBILL’s Information Security department is searching for an Information Security Risk Management Director to lead the security strategy for our growing Security Risk Management function, reporting to the Deputy CISO. The ideal candidate will bring a blend of technical acumen and strategic insight, capable of effectively communicating with stakeholders and guiding team members in alignment with our security culture and business priorities. The candidate will possess a strong background in cybersecurity and risk management, with working knowledge and experience in risk management frameworks such as NIST RMF, FAIR, and OWASP. Information Security is looking for a strong leader who is capable of working closely with cross-functional engineering teams and leadership to perform comprehensive security risk assessments, communicate identified risks effectively, and ensure timely remediation from a technical perspective, in addition to enhancing the security risk management program capabilities.Key Responsibilities:Lead the comprehensive cyber risk management program including strategy, framework, process, execution, and continuous maturityConduct security risk assessments to identify potential risks from threats and vulnerabilities within the organization's infrastructure and applications.Perform control effectiveness assessment by collaborating with cross-functional teams to understand technical implementations and assess control strengthCommunicate identified security risks and their potential impact to stakeholders, including technical and non-technical audiences.Develop and implement strategies for security risk remediation, ensuring alignment with technical, compliance and business requirements.Provide expert guidance on security controls and best practices to cross-functional teams and guide risk mitigationMaintain up-to-date knowledge of industry standards, regulatory requirements, and emerging threats to inform risk assessment and remediation processes.Lead the enhancement of the security risk management program, including policies, procedures, and frameworks.Track and report on the status of risk remediation efforts, ensuring timely resolution and compliance with organizational policies.Develop and present detailed reports on risk assessments, including identified threats, vulnerabilities, and the effectiveness of implemented mitigation measures. Ensure these reports are understandable to technical and non-technical stakeholders, including senior managementDemonstrate a process-oriented, results-driven approach to security risk engineering, employing effective problem-solving and communication skills to serve as a subject matter expert and trusted advisorWe’d love to chat if you have:Bachelor’s degree in Computer Science, Information Security, or a related field.10+ years of experience in security risk assessment, with a focus on qualitative analysis, or equivalent and relevant security experience.Strong technical knowledge of security controls, including but not limited to access controls, encryption, network security, and vulnerability management.Demonstrated experience working within a GRC framework, with an understanding of regulatory and compliance requirements (e.g., PCI DSS, SOC).Excellent communication skills at all levels, with the ability to articulate complex technical concepts to diverse audiences, including including C-SuiteProven ability to work collaboratively with engineering teams to assess and mitigate security risks.Experience with security risk remediation programs, including technical implementation and compliance considerations.Strong analytical and problem-solving skills, with attention to detail and accuracy.Preferred Skills:Experience with security assessment tools and methodologies.Knowledge of cloud
security best practices and technologies (e.g., AWS, Azure, GCP).Familiarity with security incident response, vulnerability triaging and threat assessmentsStrong project management skills with the ability to prioritize tasks and manage multiple projects simultaneously.The estimated salary
range for this role is noted below for our San Jose based role. Our ranges for each role and job level are based on a variety of factors including candidate experience, expertise, and geographic location and may vary from the amounts listed above. The role is also eligible for a competitive benefits package that includes: medical, dental, vision, life and disability insurance, 401(k) retirement plan, flexible spending & health savings account, paid holidays, paid time off, and other company benefits.San Jose pay range$185,100—$230,900 USD
Do the best work of your career as a champion for small and mid-size businesses.BILL is a leader in financial automation software for small and midsize businesses (SMBs). As a champion of SMBs, we are dedicated to automating the future of finance so businesses can thrive. Hundreds of thousands of businesses trust BILL solutions to manage financial workflows, including payables, receivables, and spend and expense management. With BILL, businesses are connected to a network of millions of members, so they can pay or get paid faster. Through our automated solutions, we help SMBs simplify and control their finances, so they can confidently manage their businesses, and succeed on their terms.BILL is a trusted partner of leading U.S. financial institutions, accounting firms, and accounting software providers. We have operations in San Jose, CA, Draper, UT, Houston, TX and are continuing to expand into other geographic locations. If you’re looking for a place that helps you do the best work of your career, look no further than BILL.Make your impact within a rapidly growing Fintech CompanyBILL’s Information Security department is searching for an Information Security Risk Management Director to lead the security strategy for our growing Security Risk Management function, reporting to the Deputy CISO. The ideal candidate will bring a blend of technical acumen and strategic insight, capable of effectively communicating with stakeholders and guiding team members in alignment with our security culture and business priorities. The candidate will possess a strong background in cybersecurity and risk management, with working knowledge and experience in risk management frameworks such as NIST RMF, FAIR, and OWASP. Information Security is looking for a strong leader who is capable of working closely with cross-functional engineering teams and leadership to perform comprehensive security risk assessments, communicate identified risks effectively, and ensure timely remediation from a technical perspective, in addition to enhancing the security risk management program capabilities.Key Responsibilities:Lead the comprehensive cyber risk management program including strategy, framework, process, execution, and continuous maturityConduct security risk assessments to identify potential risks from threats and vulnerabilities within the organization's infrastructure and applications.Perform control effectiveness assessment by collaborating with cross-functional teams to understand technical implementations and assess control strengthCommunicate identified security risks and their potential impact to stakeholders, including technical and non-technical audiences.Develop and implement strategies for security risk remediation, ensuring alignment with technical, compliance and business requirements.Provide expert guidance on security controls and best practices to cross-functional teams and guide risk mitigationMaintain up-to-date knowledge of industry standards, regulatory requirements, and emerging threats to inform risk assessment and remediation processes.Lead the enhancement of the security risk management program, including policies, procedures, and frameworks.Track and report on the status of risk remediation efforts, ensuring timely resolution and compliance with organizational policies.Develop and present detailed reports on risk assessments, including identified threats, vulnerabilities, and the effectiveness of implemented mitigation measures. Ensure these reports are understandable to technical and non-technical stakeholders, including senior managementDemonstrate a process-oriented, results-driven approach to security risk engineering, employing effective problem-solving and communication skills to serve as a subject matter expert and trusted advisorWe’d love to chat if you have:Bachelor’s degree in Computer Science, Information Security, or a related field.10+ years of experience in security risk assessment, with a focus on qualitative analysis, or equivalent and relevant security experience.Strong technical knowledge of security controls, including but not limited to access controls, encryption, network security, and vulnerability management.Demonstrated experience working within a GRC framework, with an understanding of regulatory and compliance requirements (e.g., PCI DSS, SOC).Excellent communication skills at all levels, with the ability to articulate complex technical concepts to diverse audiences, including including C-SuiteProven ability to work collaboratively with engineering teams to assess and mitigate security risks.Experience with security risk remediation programs, including technical implementation and compliance considerations.Strong analytical and problem-solving skills, with attention to detail and accuracy.Preferred Skills:Experience with security assessment tools and methodologies.Knowledge of cloud
security best practices and technologies (e.g., AWS, Azure, GCP).Familiarity with security incident response, vulnerability triaging and threat assessmentsStrong project management skills with the ability to prioritize tasks and manage multiple projects simultaneously.The estimated salary
range for this role is noted below for our San Jose based role. Our ranges for each role and job level are based on a variety of factors including candidate experience, expertise, and geographic location and may vary from the amounts listed above. The role is also eligible for a competitive benefits package that includes: medical, dental, vision, life and disability insurance, 401(k) retirement plan, flexible spending & health savings account, paid holidays, paid time off, and other company benefits.San Jose pay range$185,100—$230,900 USD
Let’s talk about benefits100% paid employee health, dental, and vision plans (choose HMO, PPO, or HDHP)HSA & FSA accountsLife Insurance, Long & Short-term disability coverageEmployee Assistance Program (EAP)11+ Observed holidays and wellness days and flexible time offEmployee Stock Purchase Program with employee discountsWellness & Fitness initiativesEmployee recognition and referral programsAnd much moreFor positions that are in office we support a hybrid work environment with on-site and remote work days. Check out ourLinkedIn Life Page
for each location and discover BILL.We live our culture and values every dayAt BILL, we’re different by design—it's our culture. Our CEO is a trusted entrepreneur who lives our cultural values: Humble, Authentic, Passionate, Accountable, and Fun. People here love being their authentic selves, contributing unique experiences, sharing ideas, perspectives, and intellectual curiosity. We celebrate our diversity as the heart and soul of how we work, grow, and succeed together. Inspiring people with meaningful career experiences they love really does make the dream work and our successes just keep getting better. There’s no limit to what we can build and where we can go from here. We’d love you to join us.
BILL is proudly an Equal Opportunity Employer where everyone is welcome. Our innovation and technology are inspired by an inclusive culture unlike any other. Everyone brings a different personal story and perspective and this diverse mix of minds, backgrounds, and experiences is where our greatest ideas come from. We welcome people of all races, ethnicities, ages, religions, abilities, genders, and sexual orientations to make us an even more vibrant company. We want everyone to bring their authentic selves here, to share our values, shape our vision, drive innovation, and become part of a culture we celebrate every day.Our promise to our candidates is to be transparent, diligent, and engaging while guiding individuals through each step of our hiring process. At BILL we strive to achieve an inclusive and positive candidate experience that aligns with our core values and focuses on diversity.If you require a reasonable accommodation for your application, interviews, or another aspect of the hiring process, please contactinterviewaccommodations@hq.bill.com .BILL Culture:Humble
- We check our egos at the door. We are curious. We listen, accept feedback.Authentic
- We earn and show trust by being real—embracing our authentic selves.Passionate
- We care deeply about each other and our customers.Accountable
- We are duty-bound to each other, our customers, and society.Fun - We wrap it all together by building connections and enjoying time spent together.Our Applicant Privacy Notice
describes how BILL treats the personal information it receives from applicants
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
#J-18808-Ljbffr