Information Security Lead

About The Role

Allocate is looking for an Info Sec Lead to own and evolve our information security program as we scale. As a fintech company handling sensitive investor data and financial transactions, security and compliance are foundational to everything we do. This role will consolidate security responsibilities currently distributed across our Product and Engineering leadership, allowing them to focus on their core functions while you build out a mature security practice.

• Own and evolve the GRC program in partnership with Legal and our CCO
• Lead all efforts to achieve and maintain critical compliance certifications (SOC 2, potentially ISO 27001)
• Manage external SOC2 audits and coordinate with third-party auditors (currently 4-6 week intensive periods annually)
• Conduct quarterly user access reviews and maintain comprehensive access control documentation
• Lead responses to due diligence questionnaires (DDQs) for information security matters

• Develop, maintain, and enforce clear, practical security policies across all departments
• Work cross-functionally with IT and HR to ensure consistent policy adherence
• Monitor compliance with laptop MDM requirements, 2FA, policy attestations, and security training
• Manage policy updates and communicate changes effectively to the organization
• Review logs, access permissions, and information sharing practices to identify compliance gaps

• Develop and execute a comprehensive information security roadmap aligned with business objectives
• Lead the organization's migration to a Zero Trust security approach
• Drive cultural change around data protection practices across all business units
• Plan for and implement security improvements to support company growth

• Select, implement, and manage endpoint detection and response (EDR) solutions
• Lead rollout of security technologies across all employee devices
• Establish continuous monitoring protocols for endpoint security
• Manage BYOD policies and company device distribution
• Implement virtual office network capabilities for Allocate devices

• Oversee relationship with our managed IT service provider
• Act as a security-focused intermediary for IT requests, ensuring appropriate access controls
• Manage general IT operations, including email, machine compliance, and onboarding/offboarding
• Manage support ticket flow and ensure sensitive information is properly protected
• Evaluate and implement ticket management systems for security-sensitive support requests

• Conduct vendor security reviews, risk assessments, and ongoing monitoring
• Evaluate SaaS tools and API connectors for security implications
• Lead the due diligence evaluation of our vendors
• Manage vendor access and integration security
• Research, evaluate, and select security tools to build a mature, cost-effective security stack

• Develop and execute security awareness training programs for all employees
• Coordinate phishing tests and manage remediation for failing results
• Ensure cyber security and AML training requirements are met for all employees
• Implement training programs for new hires and ongoing education initiatives
• Build a security-conscious culture, especially around PII handling and phishing awareness

• 5+ years of experience in information security, with at least 2 years in a leadership or senior individual contributor role
• Experience in fintech, banking, healthcare, payments, or other highly regulated industries
• Proven track record managing SOC 2 compliance, including audit preparation and evidence gathering
• Deep understanding of GRC frameworks and compliance requirements for fintech companies
• Experience developing and enforcing security policies in a rapidly growing organization
• Strong knowledge of endpoint security, including EDR solutions and mobile device management
• Experience conducting vendor security assessments and managing third-party risk
• Hands‑on experience with security tools and technologies (SIEM, EDR, vulnerability management, etc.)
• Demonstrated ability to…