Senior Director

About GoodLeap:

GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions, from solar panels and batteries to energy-efficient HVAC, heat pumps, roofing, windows, and more. Over 1 million homeowners have benefited from our simple, fast, and frictionless technology that makes the adoption of these products more affordable, accessible, and easier to understand. Thousands of professionals deploying home efficiency and solar solutions rely on GoodLeap’s proprietary, AI-powered applications and developer tools to drive more transparent customer communication, deeper business intelligence, and streamlined payment and operations. Our platform has led to more than $27 billion in financing for sustainable solutions since 2018.

GoodLeap is also proud to support our award-winning nonprofit, GivePower, which is building and deploying life-saving water and clean electricity systems, changing the lives of more than 1.6 million people across Africa, Asia, and South America.

Position Summary

GoodLeap is seeking an experienced and dynamic Senior Director of Information Security to join our team. This role is critical in ensuring the security and integrity of our innovative financial solutions, safeguarding our customers, and maintaining the trust and credibility of our platform. As Senior Director of Information Security, you will lead and mentor a team of security professionals within application security, cloud security, and compliance; collaborate with cross-functional teams, and drive the development and implementation of robust security strategies.

Leadership and Strategy:

Develop and execute a comprehensive information security and application security strategy aligned with GoodLeap’s business goals and regulatory requirements.

Lead, mentor, and grow a high-performing team of security professionals.

Foster a culture of security awareness and best practices across the organization.

Collaborate with executive leadership to prioritize security initiatives and investments.

Security Operations:

Direct the implementation and management of security technologies and tools to protect the organization's assets.

Lead the team to monitor and respond to security incidents, vulnerabilities, and threats in a timely and effective manner.

Ensure regular security assessments, audits, and penetration testing to identify and mitigate risks are conducted.

Ensure compliance with relevant regulatory requirements and industry standards (e.g., GDPR, CCPA, PCI-DSS).

Application Security:

Direct efforts to develop and guide secure coding practices and application security standards.

Collaborate with engineering and product teams to integrate security into the software development lifecycle (SDLC).

Supervise code reviews and security testing used to identify and remediate vulnerabilities.

Direct the security training and awareness programs for developers and other stakeholders.

Cloud Security:

Develop and implement cloud security strategy and roadmap aligned with organizational goals and regulatory requirements.

Direct the design, implementation, and monitoring of cloud security controls to protect cloud environments from threats and vulnerabilities.

Ensure compliance with industry standards (e.g., ISO 27001, NIST) and regulatory requirements related to cloud security.

Oversee of our suite of security tools, including SAST, SCA, DIST, and IIST.

Risk Management:

Lead the identification, assessment, and prioritization of security risks to the organization’s assets and operations.

Develop and implement risk management strategies and mitigation plans.

Create and maintain security policies, procedures, and documentation.

Stay abreast of emerging security threats, trends, and technologies to proactively address potential risks.

Collaboration and Communication:

Partner with cross-functional teams, including IT, legal, compliance, and operations, to ensure cohesive security efforts.

Communicate security risks, strategies, and initiatives to executive leadership

Represent GoodLeap in industry forums, conferences, and working groups related to information security.

Required Skills, Knowledge, and Abilities

• Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field.
• Minimum of 10 years of experience in information security, with at least 5 years in a leadership role.
• Proven track record of leading and managing security teams in a fast-paced, high-growth environment.
• In-depth knowledge of security principles, practices, and technologies, including encryption, authentication, and network security.
• Experience with Cloud Service Providers with an emphasis in AWS, including security configuration and tooling.
• Experience with secure software development practices and application security frameworks (e.g., OWASP).
• Strong understanding of regulatory requirements and industry standards (e.g., GDPR, CCPA, PCI-DSS).
• Excellent analytical, problem-solving, and decision-making skills.
• Strong communication and interpersonal skills, with the ability to influence and collaborate effectively at all levels of the organization.
• Relevant certifications such as CISSP, CISM, or CEH are highly desirable.

Additional Information Regarding Job Duties and Job Descriptions:

Job duties include additional responsibilities as assigned by one's supervisor or other managers related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties and other skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities, reassign or transfer job position or assign additional job responsibilities, subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by the law.

If you are an extraordinary professional who thrives in a collaborative work culture and values a rewarding career, then we want to work with you! Apply today!