About GoodLeap:

GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions, from solar panels and batteries to energy-efficient HVAC, heat pumps, roofing, windows, and more. Over 1 million homeowners have benefited from our simple, fast, and frictionless technology that makes the adoption of these products more affordable, accessible, and easier to understand. Thousands of professionals deploying home efficiency and solar solutions rely on GoodLeap’s proprietary, AI-powered applications and developer tools to drive more transparent customer communication, deeper business intelligence, and streamlined payment and operations. Our platform has led to more than $27 billion in financing for sustainable solutions since 2018.

GoodLeap is also proud to support our award-winning nonprofit, GivePower, which is building and deploying life-saving water and clean electricity systems, changing the lives of more than 1.6 million people across Africa, Asia, and South America.

Position Summary

GoodLeap is seeking an experienced and dynamic Senior Director of Information Security to join our team. This role is critical in ensuring the security and integrity of our innovative financial solutions, safeguarding our customers, and maintaining the trust and credibility of our platform. As Senior Director of Information Security, you will lead and mentor a team of security professionals within application security, cloud security, and compliance; collaborate with cross-functional teams, and drive the development and implementation of robust security strategies.

Leadership and Strategy:

Develop and execute a comprehensive information security and application security strategy aligned with GoodLeap’s business goals and regulatory requirements.

Lead, mentor, and grow a high-performing team of security professionals.

Foster a culture of security awareness and best practices across the organization.

Collaborate with executive leadership to prioritize security initiatives and investments.

Security Operations:

Direct the implementation and management of security technologies and tools to protect the organization's assets.

Lead the team to monitor and respond to security incidents, vulnerabilities, and threats in a timely and effective manner.

Ensure regular security assessments, audits, and penetration testing to identify and mitigate risks are conducted.

Ensure compliance with relevant regulatory requirements and industry standards (e.g., GDPR, CCPA, PCI-DSS).

Application Security:

Direct efforts to develop and guide secure coding practices and application security standards.

Collaborate with engineering and product teams to integrate security into the software development lifecycle (SDLC).

Supervise code reviews and security testing used to identify and remediate vulnerabilities.

Direct the security training and awareness programs for developers and other stakeholders.

Cloud Security:

Develop and implement cloud security strategy and roadmap aligned with organizational goals and regulatory requirements.

Direct the design, implementation, and monitoring of cloud security controls to protect cloud environments from threats and vulnerabilities.

Ensure compliance with industry standards (e.g., ISO 27001, NIST) and regulatory requirements related to cloud security.

Oversee of our suite of security tools, including SAST, SCA, DIST, and IIST.

Risk Management:

Lead the identification, assessment, and prioritization of security risks to the organization’s assets and operations.

Develop and implement risk management strategies and mitigation plans.

Create and maintain security policies, procedures, and documentation.

Stay abreast of emerging security threats, trends, and technologies to proactively address potential risks.

Collaboration and Communication:

Partner with cross-functional teams, including IT, legal, compliance, and operations, to ensure cohesive security efforts.

Communicate security risks, strategies, and initiatives to executive leadership

Represent GoodLeap in industry forums, conferences, and working groups related to information security.