Director, Fraud Incident Response

Why Join Q2?

Q2 is a leading provider of digital banking and lending solutions to banks, credit unions, alternative finance companies, and fintechs in the U.S. and internationally. Our mission is simple: build strong and diverse communities through innovative financial technology—and we do that by empowering our people to help create success for our customers.

What Makes Q2 Special?

The Job At-A-Glance: As the Director of Fraud Incident Response, you will be responsible for overseeing the security of our financial software products from design to deployment. You will provide strategic leadership and direction for a team of security professionals, ensuring security standards and practices are embedded throughout the entire product development lifecycle. This role requires a mix of deep technical expertise, a solid understanding of security architecture, and strong leadership skills to guide teams through complex security challenges.

A Typical Day:

Security Architecture & Strategy:

• Design and implement security frameworks and solutions to safeguard our financial software products.

• Lead the security strategy for product development, ensuring alignment with industry best practices, regulatory compliance (e.g., GDPR, PCI-DSS), and organizational security goals.

• Build scalable security solutions for cloud-based environments (AWS, Azure, Google Cloud, etc.) and ensure integration into the development pipeline.

Leadership & Team Development:

• Lead, mentor, and develop a high-performing team of security engineers, analysts, and architects.

• Foster a collaborative environment and maintain a culture of security awareness across cross-functional teams including product development, engineering, and operations.

• Provide guidance and direction for the team to develop skills in emerging security threats, technologies, and practices.

Cloud Security:

• Oversee the implementation of cloud-native security best practices and secure cloud infrastructure in multi-cloud environments.

• Develop and enforce cloud security policies, identity and access management (IAM), vulnerability management, and threat detection systems in large cloud platforms.

• Security Risk Management & Incident Response:

• Identify and mitigate risks related to product security and ensure proactive security measures are in place.

• Lead incident response planning and drive root cause analysis of security breaches or vulnerabilities. Develop and maintain a comprehensive security incident response plan for products and cloud environments.

Collaboration & Stakeholder Engagement:

• Partner with product, engineering, and operations leadership to ensure that security considerations are part of product roadmaps and release cycles.

• Collaborate with other senior leaders in engineering, IT, and compliance to ensure unified approaches to product security across the company.

• Continuous Improvement & Innovation:

• Stay up-to-date with the latest developments in cybersecurity threats, industry trends, and emerging technologies to proactively address future security needs.

• Recommend improvements in processes and tools to increase the overall security posture and efficiency of the product development lifecycle.

Here's what we're looking for:

• Typically requires a Bachelor’s degree in cyber security or computer science and a minimum of 12 years of related experience; or an advanced degree with 8+ years of experience; or equivalent relevant work experience. 

• Typically requires 5-7 years managing and developing employees.

• Strong experience with security in large cloud environments (AWS, Azure, Google Cloud, etc.) and cloud security architecture.

• Proven experience in designing and implementing secure software architecture and understanding of secure software development lifecycle (SDLC).

• Hands-on experience with modern threat detection, vulnerability management, and cloud-native security tools.

Technical Skills:

• Expertise in security frameworks (e.g., NIST, ISO 27001, OWASP Top 10).

• Strong knowledge of encryption, identity and access management (IAM), and secure coding practices.

• Proficiency in cloud platforms (AWS, Azure, Google Cloud) and securing cloud-native applications, APIs, and microservices.

• Familiarity with container security, DevSecOps practices, and automation of security controls.

Leadership:

• Strong people leadership skills, with experience managing, mentoring, and developing high-performing teams.

• Excellent communication skills with the ability to explain complex security concepts to non-technical stakeholders.

• Strategic thinker with a proven track record of driving security initiatives in large-scale organizations.

#LI-ET1

This position requires fluent written and oral communication in English.

Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this time.

Health & Wellness

• Hybrid Work Opportunities

• Flexible Time Off 

• Career Development & Mentoring Programs 

• Health & Wellness Benefits, including competitive health insurance offerings and generous paid parental leave for eligible new parents 

• Community Volunteering & Company Philanthropy Programs 

• Employee Peer Recognition Programs – “You Earned it”

Click here to find out more about the benefits we offer.

Our Culture & Commitment:

We’re proud to foster a supportive, inclusive environment where career growth, collaboration, and wellness are prioritized. And our benefits go beyond healthcare—offering resources for physical, mental, and professional well-being. Click here to find out more about the benefits we offer. Q2 employees are encouraged to give back through volunteer work and nonprofit support through our Spark Program (see more). We believe in making an impact—in the industry and in the community.

We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, genetic information, or veteran status.

Applicants in California or Washington State may not be exempt from federal and state overtime requirements