What we're looking for:

We are seeking a Director of Information Security to own our information security strategy and policy. This individual will prioritize a strategic roadmap to mitigate risk against all relevant threat vectors (including application/product security and employee security), monitor the effectiveness of the security program, and interface with regulators and third parties to represent and defend Arcadia’s posture. The ideal candidate is detail-oriented and data-driven, with an excitement for problem-solving and working collaboratively with others in a fast-paced, highly dynamic environment.

This role is based in Washington, D.C., or New York City, NY, though we are open to considering a remote candidate and will report directly to the Head of Engineering. Additionally, this candidate will collaborate frequently with other engineers as well as the Product, Enterprise Solutions, IT, Legal and Regulatory, Operations, and Analytics & Data Science teams.

What you'll do:

• Define and drive Arcadia’s information security roadmap, strategy, tactics, and execution
• Lead and mentor a team of security engineers to implement a comprehensive security program
• Architect programs and processes that evaluate and enhance Arcadia's information security policies through monitoring, remediation, reporting, and auditing
• Partner with Arcadia’s engineering teams during scoping and execution of all roadmap deliverables to ensure that security concerns are treated as first-class product requirements
• Respond appropriately and effectively to security-related incidents and report back to key internal and external stakeholders
• Participate in externally requested security audits from partners
• Lead efforts to periodically review and update information security and privacy policy best practices across the company
• Work with a leading policy team on developing regulatory structures around utility data access and security
• Oversee and coordinate security efforts across the company alongside Engineering, IT, HR, Product, Legal, and more
• Stay up to date with IT/Security industry trends and evaluate new solutions & techniques
• Launch company-wide security initiatives and training

What will help you succeed:

Must-haves:

• 6+ years of prior experience in information security and/or risk management, preferably at a SaaS company
• 3+ years of management experience
• Experience working in a fast-paced, startup environment
• Experience implementing SOC II, GDPR and CCPA compliance
• Skill with collaboration, mentoring, learning from other engineers, and treating colleagues with empathy and respect
• Excellent verbal, written and interpersonal communication skills, including the ability to effectively communicate security and risk-related concepts to individuals with technical and non-technical backgrounds
• Deep knowledge and application of software development and quality assurance methodologies to application and infrastructure delivery
• Proven track record of designing, launching, and driving successful adoption of company-wide security initiatives and programs
• Passion for our mission, sustainability, and helping drive a clean-energy future

Nice-to-haves:

• Professional security management certification such as CISSP, CCISO, CISM, GIAC, and/or other CISA
• Familiarity with AWS (or an equivalent cloud-provider) and the related security best practices

Benefits:

• "Remote first" culture - work anywhere in the US as long as you have a reliable internet connection
• Flexible PTO - no accrued hours and no limit on the number of vacation days exempt employees can take each year
• 17 annual company-wide holidays, including a week-long "summer break"
• 10 days sick leave
• Up to 4 weeks bereavement leave
• 2 volunteer days off
• 2 professional development days off
• 12 weeks paid parental leave for all parents
• 80-95% employer cost coverage for medical, dental, and vision benefits for employees and dependents
• A supportive engineering culture that values diversity, empathy, teamwork, trust, and efficiency

Eliminating carbon footprints, eliminating carbon copies.

Here at Arcadia, we cultivate diversity, celebrate individuality, and believe unique perspectives are key to our collective success in creating a clean energy future. Arcadia is committed to equal employment opportunities regardless of race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, protected veteran status, or any status protected by applicable federal, state, or local law. Please note that we are unable to offer visa sponsorship for this position at this time

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Target Annual Compensation Range for this role will be $165,000 to $295,000. There will also be a competitive benefits and equity (bonus if applicable) component to the package. The exact compensation at which this job is filled will be determined by the skills, experience, and location of the qualified candidate.