Director of Information Security

At Nova Credit, our mission is to power a more fair and inclusive financial system for the world. We are on our way to accomplishing this mission by rewiring the financial industry with better credit infrastructure, analytics, and workflows, enabling more people to access credit opportunities. Our cross-border credit product, Credit Passport®, cash flow underwriting product, Cash Atlas™, and income verification product, Income Navigator, are trusted by leading organizations like American Express, Verizon, HSBC, SoFi, Scotiabank, and Yardi to help them reach valuable new applicants from traditionally credit excluded populations. With support from investors Canapi Ventures, Kleiner Perkins, General Catalyst, and Index Ventures, as well as industry veterans from Goldman Sachs, JP Morgan, and Citi, Nova Credit is revolutionizing the way lending is done. We were recently named Forbes' Best Startup Employers 2024 and Fast Company's World's Most Innovative Companies 2024.

Nova Credit offers a dynamic and inclusive work environment where you can meaningfully impact the lives of people historically excluded from the credit system. We value diversity, intellectual honesty, and innovation and are committed to supporting our team members' professional growth and development. If you're passionate about leveraging technology to drive financial inclusion, we want to hear from you!

As Nova Credit’s Director of Information Security, you will be the architect of our global information security vision, strategy, and compliance by shaping the continued growth and maturity of the sector. This includes coordinating internal and external cyber and information security audits and translating compliance requirements into actionable cyber and information security controls. Nova Credit’s information security and compliance needs span regulatory, information security, privacy, and more- so you will work cross-functionally with many stakeholders, including customer success, business development, legal, engineering, marketing, and product, to ensure our obligations are met, and the program matures as the company grows.

This full-time, remote role is based in Canada, reporting directly to Nova Credit’s General Counsel.

WITHIN THE FIRST MONTH YOU'LL:

• Develop a deep understanding of how our products and services work and are regulated.
• Conduct an assessment of our compliance and information security suite, developing ideas for documentation, improvement, and greater efficiencies in managing security incidents, technical risks, and vulnerabilities.
• Familiarize yourself with our control sets, frameworks, and requirements
• Support with IT help desk questions from Novans and customer questionnaires

WITHIN THE FIRST QUARTER YOU'LL:

• Lead the deployment, monitoring, maintenance, development, documentation, and support of high-quality, reliable IT systems and networks- using industry security standards into practical security operations.
• Provide hands-on technical expertise to maintain, configure, install, monitor, and support the Nova Credit team.
• Work closely with our business development and supply teams to coordinate the incoming due diligence, information security, and other regulatory compliance reviews from current and prospective customers and outgoing reviews of data suppliers, including credit bureaus.
• Lead and manage a team of IT security professionals, providing guidance, development, and support to ensure the effective execution of security initiatives.
• Be a key stakeholder in information security, driving critical initiatives to our customers and program maturity.
• Conduct regular risk assessments, audits, and vulnerability tests to identify potential security threats and develop mitigation strategies.

WITHIN THE FIRST YEAR YOU'LL:

• Develop and implement the organization's IT security strategy, policies, and procedures.
• Lead the development of a roadmap to enhance our information security and compliance operations.
• Prepare and present regular reports to leadership on the organization's IT security posture, including insights, recommendations, and metrics.
• Monitor and analyze security incidents, investigate breaches, and implement corrective actions as necessary.
• Develop and implement security awareness programs to educate employees about security best practices and promote a security culture within the organization.
• Work closely with our compliance program management software and auditors to drive continuous improvement of our compliance program.m

Your Skillset:

• Experience: Over 8 years of experience in compliance or information security roles, with a background in financial services, financial technology, startups, consulting, or other relevant fields.
• Program Management: Strong expertise in managing information security programs and risk management. Experience with frameworks such as SOC 2 Type II, ISO 27001, PCI-DSS, and others.
• Certifications: Professional certifications in security management, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or equivalent.
• Regulatory Compliance: Proficient in ensuring compliance with regulatory requirements and industry standards, including GDPR, NIST 800-53, NIST Cybersecurity Framework, HIPAA, and ISO 27001.
• Adaptability: Demonstrates an agile, responsive, and positive approach to managing shifting priorities.
• Security Knowledge and Awareness: A deep understanding of security risks, threats, and the latest industry trends and technologies to keep IT security operations current and effective, along with a track record in developing and implementing security awareness programs to educate employees about best practices and foster a strong security culture within the organization.
• Policy Development: Proven experience developing and implementing information security policies and procedures, successfully executing programs that achieve high standards in dynamic environments.
• Communication Skills: Excellent written and verbal communication skills with the ability to effectively convey security and risk-related concepts to both technical and non-technical audiences.
• Problem Solving: An ability to creatively problem solve and find ways to achieve goals with minimal resource use.
• Team Management: Ability to work independently and manage and develop a team.
• Cross-Functional Relationships: Skilled in maintaining strong, positive relationships across different functional areas.
• Mission-Driven: Genuine interest in advancing financial inclusion for underserved consumers.