Director of Security

About Earnest

Earnest empowers ambitious professionals to make confident financial decisions and build the life they envision.

Earnies are committed to helping borrowers move forward with confidence by offering smarter borrowing options with a clearer path to taking control of their debt. If you’re as passionate as we are about our mission, read more below, and let’s build something great together.

Role

The Director of Security will report to the Chief Technology Officer.

Key Responsibilities

• Lead and scale the security team: Directly manage, mentor, and grow emerging security leaders and engineers, including a Sr Security Engineer, Security Architect, and your existing team members.
• Define and evolve security strategy: Build and mature a comprehensive security program from an early stage, aligning security initiatives with overall business and product goals.
• Embed security into engineering workflows: Collaborate closely with engineering and product teams to integrate security early in system designs (such as threat and design reviews) and into CI/CD pipelines.
• Govern compliance and third-party risk: Own security architecture, operations, engineering, IT compliance, and third-party risk assessment programs to satisfy regulatory and fintech expectations.
• Act as a risk-management partner: Serve as a pragmatic advisor who assesses risk and provides business-enabling guardrails rather than acting as a strict gatekeeper.
• Communicate across stakeholders: Effectively translate complex security concepts and major risks to non-technical stakeholders, executive leadership, and cross-functional partners.

About You

• Experienced security leader: You have successfully led, mentored, and grown small security teams within highly-regulated, growth-stage businesses.
• Public company familiarity: You have likely operated within a public company environment and understand the distinct requirements that come with it.
• Strong communicator & influencer: You possess a strong ability to lead through influence, build alignment, and navigate corporate organizational structures effectively.
• Pragmatic risk balancer: You have a proven track record of understanding business growth needs and balancing risk mitigation with operational speed and employee experience.
• Technical & architectural depth: You understand cloud-native security principles (least privilege, zero trust, segmentation), IAM controls, and practical architectural trade-offs between usability, performance, and security.

Even Better

• Fintech or Insurtech background: You bring direct experience working in growth-stage Fintech or Insurtech companies.
• IPO experience: You have previously guided a security function through the process of a company going public.
• Framework expertise: You possess deep familiarity and hands-on experience with frameworks and regulations such as NIST, CIS, SOX, SOC2, PCI, and CCPA/CPRA.
• DevSecOps exposure: You are familiar with infrastructure-as-code (e.g., Terraform, Ansible) and embedding security automated controls into deployment pipelines.

Location

This role will be based in the US.