Director, Security & Compliance

About Fluxx:

At Fluxx our mission is to be the leading collaborative grantmaking platform in our global communities. We believe in building technology that drives positive impact in our world. Our platform helps foundations and agencies streamline the grantmaking process, making it easier to get funding to those that need it to support their mission. We are driven to help facilitate change through our solutions that automate grantmaking for organizations all over the world. Over the past decade Fluxx has built a boundary-pushing community of 330+ grantmakers who work with more 150,000 nonprofits worldwide who are responsible for transacting $15.7B in investments last year alone!

Fluxx is looking for a dynamic and experienced Director, Security & Compliance to lead and enhance the company's security and compliance initiatives. The key leadership is integral to fostering a culture of security awareness and collaboration across the company ensuring our practices align with the highest industry standards. This role involves leading corporate, product, and infrastructure security initiatives, as well as reviewing information security questionnaires, managing comprehensive security audits, developing policies, and maintaining a culture of security across the organization.

We are looking for people who are curious, tenacious, intellectually honest, and have a bias toward action. We welcome diverse perspectives and encourage you to apply if you think you can bring value to our team––even if your experience doesn't perfectly match the job description.

This is a full time exempt and remote position. Candidates must be located in the United States.

About Fluxx:

At Fluxx our mission is to be the leading collaborative grantmaking platform in our global communities.

We believe in building technology that drives positive impact in our world. Our platform helps foundations and agencies streamline the grantmaking process, making it easier to get funding to those that need it to support their mission. We are driven to help facilitate change through our solutions that automate grantmaking for organizations all over the world. Over the past decade, Fluxx has built a diverse and engaged community of 350+ grantmakers who work with over 150,000 foundations, government agencies and nonprofits worldwide. Through Fluxx, they have issued over $15B in grants in the past year alone."

How you will make an impact/What you will do:

• Security and Compliance Leadership: A systems-thinker who works cross-functionally to foster a culture of security awareness and partnership across the company.
• Policy Development, Implementation, and Audit: Develop, implement, and maintain security policies, procedures, and controls that align with industry standards such as SOC2, StateRAMP (Gov compliance) and GDPR.
• Conduct and coordinate internal and external security audits, risk assessments, and compliance monitoring. Ensure adherence to risk management protocols and respond to information security questionnaires from stakeholders.
• Incident Response and Management: Lead incident response efforts and manage the resolution of security incidents. Maintain and update incident response plans and procedures.
• Regulatory Compliance and Reporting: Ensure compliance with industry regulations such as GDPR, CCPA, and StateRAMP. Regularly report to executive staff and the board on cybersecurity/data privacy plans, progress, and risks.
• IT Partnership and Collaboration: Partner closely with HR and Engineering to integrate IT, security, and compliance best practices into current businesses and operational processes.
• Stakeholder Engagement: Collaborate with IT, Legal, Go-to-Market, Engineering, and other departments to ensure alignment on security and compliance initiatives. Represent the company with external stakeholders (customers, conferences, etc).
• Training and Awareness: Develop and maintain security training and awareness programs for employees.
  
  

What you bring to the team/ About you:

• Bachelor's or Master's degree in Information Security, Computer Science, or a related experience.
• At least 8 years of leadership experience in security and compliance
• Excellent analytical, problem-solving, communication, and project management skills.
• Ability to influence across teams/levels/departments - collaborative superstar!
• Strong understanding of and experience with security frameworks (NIST), cloud security (AWS, Azure, GCP), and privacy controls in an agile software environment.
• Demonstrated ability to integrate security measures in product development and deployment, along with an unwavering integrity and proficiency in technical controls implementation and monitoring
  
  

Salary:

The expected annual base salary for this role is $185,000-$210,000. The successful candidate's starting salary will be determined based on, but not limited to (a) location; (b) individual candidate skills and qualifications; and (c) individual candidate experience.

Fluxx is committed to fair and equitable compensation practices. We take a market-based approach to pay which may vary depending on your location. Locations are categorized into one of three zones based on a cost of labor index for that geographic location and our compensation philosophy.

Benefits:

Fluxx offers the following benefits for the position subject to applicable eligibility requirements: Medical, dental, and vision insurance; Flexible time off; Paid sick leave; 12 weeks of fully-paid parental leave; Annual learning and development stipend; Internet stipend; One-time home office set-up stipend; 401(k) retirement plan with company match. This position is also eligible for incentive stock options, subject to the terms of Fluxx's applicable stock plans.

More About Fluxx:

We are a people-first and inclusive workplace committed to continuous learning. We pride ourselves on having a diverse workforce and we do not discriminate against any employee or applicant because of race, creed, color, religion, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition, or any other basis protected by law. We respect the gender, gender identity and gender expression of our applicants and employees. It is our policy to comply with all applicable national, state and local laws pertaining to nondiscrimination and equal opportunity.