ePayPolicy offers easier payment tools, built for insurance. ePayPolicy's products bring insurance payments up to speed for agencies, carriers, MGAs, and PFCs, with secure online payment pages, automated check processing, and payables reconciliation. 6,500 insurance companies trust ePayPolicy and our expert, live support team to handle their payments every day.
We're based in Austin, TX, and have clients in all 50 US states and Canada. Founded in 2014, we have the support and backing of Serent Capital, one of the top private equity firms in the US that invests in high-growth software and services firms and manages over $2B in committed capital.

Job description
As the Head of Information Security, you will play a pivotal role in fortifying our organization's defenses, ensuring the confidentiality, integrity, and availability of our data, and establishing a security-first culture throughout the company. You will lead the development and execution of a comprehensive information security strategy to safeguard our organization's sensitive information, technology assets, and establish increased confidence in our products. Your expertise will be instrumental in identifying, assessing, and mitigating security risks while maintaining compliance with industry regulations and best practices. This role demands strong tactical skills and strategic skills and the ability to foster a culture of security awareness within the company.

In this role, you will:

• Information Security Strategy: Develop and implement a comprehensive information security strategy that aligns with the company's business goals and regulatory requirements.
• Risk Management: Identify, assess, and mitigate security risks across the organization, ensuring the effective management of vulnerabilities and threats.
• Policy and Compliance: Establish and maintain information security policies, standards, procedures, and guidelines to ensure compliance with industry regulations and best practices.
• Security Architecture: Oversee the design, implementation, and maintenance of secure technical architectures, including networks, systems, and applications.
• Incident Response: Develop and lead an incident response plan to promptly address and mitigate security incidents and breaches, minimizing their impact on the company's operations and reputation.
• Security Awareness: Foster a culture of security awareness and best practices among employees, contractors, and partners through training programs and communication initiatives.
• Vendor and Third-Party Risk Management: Evaluate the security posture of third-party vendors and partners and establish processes to manage their security risks effectively.
• Security Monitoring: Implement advanced security monitoring and threat detection systems to identify and respond to potential security breaches in real-time.
• Security Audits and Assessments: Coordinate and oversee regular security assessments and audits to identify weaknesses, monitor compliance, and drive continuous improvement.
• Reporting and Communication: Provide regular updates to the executive leadership and board of directors on the company's security posture, threats, vulnerabilities, and mitigation strategies.
• Corporate IT: Manage and guide the corporate IT function. Including executing a comprehensive information security strategy.
• Budget and Resource Management: Manage the information security budget, allocate resources effectively, and make strategic investments in security tools and technologies.

What you bring:

• Bachelor's or Master's degree in Computer Science, Information Security, or related field (advanced certifications such as CISSP, CISM, or CISA desirable).
• Proven experience (3 years) in information security leadership roles, preferably within the Fintech or financial services sector.
• In-depth knowledge of industry regulations and compliance standards (e.g., GDPR, PCI DSS, etc.).
• Strong understanding of security technologies, including firewalls, intrusion detection/prevention systems, authentication systems, etc along with understanding of the threat landscape and emerging trends.
• Exceptional leadership and people management skills with the ability to mentor and motivate cross-functional security teams.
• Excellent communication skills, including the ability to convey complex technical concepts to non-technical stakeholders.
• Track record of successfully managing security incidents and crisis situations.
• Strategic thinker with the ability to align security initiatives with business objectives.
• Strong problem-solving and decision-making capabilities in high-pressure situations.

Why ePayPolicy

• Competitive salary
• Comprehensive benefits package with employer-paid basic life and disability premiums
• 401K
• Unlimited PTO
• Company-sponsored quarterly "ePayItForward" initiatives
• Supportive and inclusive company culture with a focus on work/life balance
• Fully-stocked kitchen
• Free lunch stipend for those working onsite
• Open communication (We won't box you in! If you have a cool idea for a product improvement or a suggestion on how to improve the customer experience, let's talk about it. We value everyone's ideas and opinions.)
• Huge opportunity for growth

We operate on a hybrid schedule for in-office employees. Standard schedules are three days per week in the office, however, the cadence and days are determined by each team and manager.

ePayPolicy Hiring Practice
We value diversity at ePayPolicy. The company will hire, recruit, and promote without regard to race, color, religion, sex, sexual orientation, gender identity or expression, national origin, pregnancy or maternity, veteran status or any other status protected by applicable law. We understand the importance of creating a safe and comfortable work environment and encourage individualism and authenticity in every member of our team.