We are looking for an experienced Director of Information Security to manage and oversee company wide information security strategy, architecture, policies and programs to ensure information assets are protected.


  • Direct and manage the activities and personnel of the information security team focused on product security, security engineering, security operations, incident response, and governance and risk management.
  • Enhance and execute the company-wide global cybersecurity strategy & roadmap
  • Oversee the development, implementation, and maintenance of global security policy, enterprise security standards, guidelines and procedures; develop emergency procedures and incident response protocols; acts as the control point during significant privacy and security incidents.
  • Responsible for global regulatory compliance and lead compliance efforts relating to SOC2, ISO 27002, GDPR, etc.
  • Work with product, engineering & enterprise services teams to mitigate risks, enhance application security and ensure customer data protection.
  • Respond to customer security/compliance questionnaires.
  • Lead and prioritize security initiatives/investments impacting Archipelago's security posture, based on appropriate risk/financial analysis.
  • Serve as an expert advisor to executive leadership in the development, implementation, and maintenance of a strong cybersecurity program and infrastructure, including network access and monitoring policies.
  • Understand potential threats, vulnerabilities, and control techniques. Monitor network of vendors and employees to ensure the safeguarding of information assets.

    Experience and Qualifications

    • Bachelor’s degree and five or more years of experience or an equivalent in a combination of risk management, information security and security engineering roles.
    • Relevant experience working in the SaaS industry with a deep understanding of cybersecurity frameworks such as ISO, NIST, CIS, CSA, etc.
    • Experience with securing AWS deployments
    • Experience with identity management (JumpCloud) and endpoint protection tools (Sophos).
    • Proven experience of preparing and executing for a SOC2 audit.
    • Experience working with enterprise regulated customers.
    • Certified Information System Security Professional (CISSP) or equivalent certification from a recognized professional organization
    • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences.

    We have an office in San Francisco, but most of your teammates work remotely from around the world. Pre-existing remote work experience would be a big plus. If you’d like to work remotely, please note that we’re only able to consider applicants based in the US at this time.

    About Archipelago

    Archipelago is a start-up working to revolutionize how risk is insured. Our founders are tech & finance entrepreneurs with several IPOs and acquisitions under their belts. We are headquartered in San Francisco, have raised three rounds of funding to date, and currently employ over 50 people across the US & Europe.