Director+ Security

 Remote, OR

COVID Update - We are actively hiring for this position and are operating as a fully distributed organization across the United States. We anticipate a future where some Eveners will be in an office again, but many will continue to be remote for their entire tenure. We are building an organization that puts the health and wellbeing of our employees (and their families) first.

The Problem

More than half of American workers live paycheck-to-paycheck. Stuck in this cycle, they collectively lose over $120 billion each year on payday loans, bank overdrafts, and fees. We’re trying to fix that by building new financial services that make it easier to plan ahead, pay down debt, and save. And we’re doing it as a transparent, straightforward business that only profits when our members do. Learn more

The Role

This role focuses on the programmatic and compliance aspects of information security. A successful candidate for this role will help us maintain our SOC 2 and PCI-DSS compliance while expanding our use of standards like the NIST CSF. To qualify, a candidate should have relevant certifications (CISSP, CISM, or similar) and 5 years of experience managing an information security program, ideally in a tech company operating in a regulated space (especially finance or healthcare). Exceptional candidates will bring added depth in quantitative risk management, one or more domains in security engineering, or executive leadership.

What You'll Need:

  • 5 years of experience managing or leading information security functions.
  • Experience managing information security control standards, including SOC2, PCI-DSS, NIST CSF, ISO 27000, or COBIT.
  • Experience working with products or businesses in lending, banking, financial services, or other highly regulated sectors.
  • Exceptional written and verbal communication skills.
  • Bachelor’s degree; relevant certifications (CISSP, CISM, CISA, CCSP), advanced degree, or equivalent experience preferred.

What You'll Do:

  • Maintain policies, processes, and procedures to protect the confidentiality, integrity, and availability of Even’s data and services.
  • Define our overall information security risk exposure and its components. Build and manage systems and programs to continually discover, reassess, and mitigate risks as the business, product, and landscape change.
  • Grow a culture of information security risk awareness and accountability, meeting internal demand for education, training, and mentorship. Grow a team around you and serve as a technical mentor for new-hires.
  • Manage efficient programs to assess and onboard our vendors (TPRM) and to complete diligence processes with our partners as we scale.
  • Partner with the compliance, legal, finance, and other control functions to ensure adherence to applicable regulations, industry standards, and business partner contractual commitments.
  • Partner with Product and Engineering teams to ensure that Even achieves confidentiality, integrity, and availability outcomes for its products and services.
  • Maintain compliance with industry control standards including SOC2.

What You'll Get:

  • Competitive compensation, equity, and healthcare packages.
  • 401(k) with 50% match from Even on up to 6% of your salary.
  • A $5,000 annual educational stipend to invest in your learning and development.
  • A $500 annual stipend to use towards personal financial advice.
  • A $100 monthly stipend for health and wellness expenses.
  • A 5-year exercise window on stock options after 2 years at Even.
  • A flexible vacation policy and a team that understands building a company is a marathon, not a sprint.
  • 12 weeks of paid parental leave.

Even is used by people of all backgrounds, and we believe the best products are built by teams that represent their users. We value unique contributions and actively welcome people of all backgrounds, experiences, and perspectives to join us at Even. We are committed to working with and providing access and reasonable accommodation to applicants with mental and/or physical disabilities. If you think you may require an accommodation for any part of the recruitment process, please send a request to: All requests for accommodations are treated discreetly and confidentially, as practical and permitted by law.