Director of Information Security

At Nova Credit, our mission is to power a more fair and inclusive financial system for the world. We are on our way to accomplishing this mission by rewiring the financial industry with better credit infrastructure, analytics, and workflows, enabling more people to access credit opportunities. Our cross-border credit product, Credit Passport®, cash flow underwriting product, Cash Atlas, and income verification product, Income Navigator, are trusted by leading organizations like American Express, Verizon, HSBC, SoFi, Scotiabank, and Yardi to help them reach valuable new applicants from traditionally credit excluded populations. With support from investors Canapi Ventures, Kleiner Perkins, General Catalyst, and Index Ventures, as well as industry veterans from Goldman Sachs, JP Morgan, and Citi, Nova Credit is revolutionizing the way lending is done. We were recently named Forbes' Best Startup Employers 2024 and Fast Company's World's Most Innovative Companies 2024.

Nova Credit offers a dynamic and inclusive work environment where you can meaningfully impact the lives of people historically excluded from the credit system. We value diversity, intellectual honesty, and innovation and are committed to supporting our team members' professional growth and development. If you're passionate about leveraging technology to drive financial inclusion, we want to hear from you

As Nova Credit’s Director of Information Security, you will be the architect of our global information security vision, strategy, and compliance by shaping the continued growth and maturity of the sector. This includes coordinating internal and external cyber and information security audits and translating compliance requirements into actionable cyber and information security controls. Nova Credit’s information security and compliance needs span regulatory, information security, privacy, and more
- so you will work cross-functionally with many stakeholders, including customer success, business development, legal, engineering, marketing, and product, to ensure our obligations are met, and the program matures as the company grows.
- This full-time, remote role is based in Canada, reporting directly to Nova Credit’s General Counsel._

**WITHIN THE FIRST MONTH YOU'LL**:

- Develop a deep understanding of how our products and services work and are regulated.
- Conduct an assessment of our compliance and information security suite, developing ideas for documentation, improvement, and greater efficiencies in managing security incidents, technical risks, and vulnerabilities.
- Familiarize yourself with our control sets, frameworks, and requirements
- Support with IT help desk questions from Novans and customer questionnaires

**WITHIN THE FIRST QUARTER YOU'LL**:

- Lead the deployment, monitoring, maintenance, development, documentation, and support of high-quality, reliable IT systems and networks
- using industry security standards into practical security operations.
- Provide hands-on technical expertise to maintain, configure, install, monitor, and support the Nova Credit team.
- Work closely with our business development and supply teams to coordinate the incoming due diligence, information security, and other regulatory compliance reviews from current and prospective customers and outgoing reviews of data suppliers, including credit bureaus.
- Lead and manage a team of IT security professionals, providing guidance, development, and support to ensure the effective execution of security initiatives.
- Be a key stakeholder in information security, driving critical initiatives to our customers and program maturity.
- Conduct regular risk assessments, audits, and vulnerability tests to identify potential security threats and develop mitigation strategies.

**WITHIN THE FIRST YEAR YOU'LL**:

- Develop and implement the organization's IT security strategy, policies, and procedures.
- Lead the development of a roadmap to enhance our information security and compliance operations.
- Prepare and present regular reports to leadership on the organization's IT security posture, including insights, recommendations, and metrics.
- Monitor and analyze security incidents, investigate breaches, and implement corrective actions as necessary.
- Develop and implement security awareness programs to educate employees about security best practices and promote a security culture within the organization.
- Work closely with our compliance program management software and auditors to drive continuous improvement of our compliance program.m

**Your Skillset**:

- **Experience**: Over 8 years of experience in compliance or information security roles, with a background in financial services, financial technology, startups, consulting, or other relevant fields.
- ** Program Management**: Strong expertise in managing information security programs and risk management. Experience with frameworks such as SOC 2 Type II, ISO 27001, PCI-DSS, and others.
- ** Certifications**: P