Information Security Risk Management Director

Information Security Risk Management Director

Do the best work of your career as a champion for small and mid-size businesses.

Find out more about this role by reading the information below, then apply to be considered.

BILL is a leader in financial automation software for small and midsize businesses (SMBs). As a champion of SMBs, we are dedicated to automating the future of finance so businesses can thrive. Hundreds of thousands of businesses trust BILL solutions to manage financial workflows, including payables, receivables, and spend and expense management.

Make your impact within a rapidly growing Fintech Company

BILL’s Information Security department is searching for an Information Security Risk Management Director to lead the security strategy for our growing Security Risk Management function, reporting to the Deputy CISO. The ideal candidate will bring a blend of technical acumen and strategic insight, capable of effectively communicating with stakeholders and guiding team members in alignment with our security culture and business priorities. The candidate will possess a strong background in cybersecurity and risk management, with working knowledge and experience in risk management frameworks such as NIST RMF, FAIR, and OWASP.

Key Responsibilities :

• Lead the comprehensive cyber risk management program including strategy, framework, process, execution, and continuous maturity.
• Conduct security risk assessments to identify potential risks from threats and vulnerabilities within the organization's infrastructure and applications.
• Perform control effectiveness assessment by collaborating with cross-functional teams to understand technical implementations and assess control strength.
• Communicate identified security risks and their potential impact to stakeholders, including technical and non-technical audiences.
• Develop and implement strategies for security risk remediation, ensuring alignment with technical, compliance and business requirements.
• Provide expert guidance on security controls and best practices to cross-functional teams and guide risk mitigation.
• Maintain up-to-date knowledge of industry standards, regulatory requirements, and emerging threats to inform risk assessment and remediation processes.
• Lead the enhancement of the security risk management program, including policies, procedures, and frameworks.
• Track and report on the status of risk remediation efforts, ensuring timely resolution and compliance with organizational policies.
• Develop and present detailed reports on risk assessments, including identified threats, vulnerabilities, and the effectiveness of implemented mitigation measures.
• Demonstrate a process-oriented, results-driven approach to security risk engineering, employing effective problem-solving and communication skills to serve as a subject matter expert and trusted advisor.

We’d love to chat if you have :

Preferred Skills :

Let’s talk about benefits

We live our culture and values every day

At BILL, we’re different by design—it's our culture. Our CEO is a trusted entrepreneur who lives our cultural values : Humble, Authentic, Passionate, Accountable, and Fun. People here love being their authentic selves, contributing unique experiences, sharing ideas, perspectives, and intellectual curiosity.

BILL is proudly an Equal Opportunity Employer where everyone is welcome. Our innovation and technology are inspired by an inclusive culture unlike any other. Everyone brings a different personal story and perspective and this diverse mix of minds, backgrounds, and experiences is where our greatest ideas come from.

J-18808-Ljbffr