Head of Security & IT

Head of Security & IT
Hey there! We are Jump, AI for Financial Advisors. We are growing super fast, have a culture of kindness and ownership, and we’re looking for someone who is absolutely obsessed with security take ownership of it here at Jump.

This is currently a very 70/30 player/coach role where you’ll manage a small security team while helping with the work yourself. Of course, this could change as we grow.

What you’ll do

• Manage a team of security engineers (ranging in skill from IT, GRC, CloudSec & AppSec)

• Provide guidance, training, and tools to developers on secure coding principles, common vulnerabilities, and secure design patterns.

• Analyze, fix, and test vulnerabilities.

• Do code reviews, audit and analyze source code for vulnerabilities.

• Monitor the security industry for new developments.

• Evaluate, recommend, and implement security tools and technologies to improve our application security posture.

• Conduct threat modeling exercises for new and existing applications and systems.

• Ensure systems and processes adhere to relevant security standards, regulations (e.g., ISO 27001, SOC 2, GDPR, HIPAA), and internal policies.

• Implement and manage security controls for cloud environments (e.g., AWS, GCP), including identity and access management (IAM), network security, and data protection.

• Maintain comprehensive documentation for security processes, tools, and configurations.

• SOC 2 Type II report continues to be delivered with zero high‑risk exceptions.

• Mean‑time‑to‑detect (MTTD) < 15 min and mean‑time‑to‑resolve (MTTR) < 2 hrs for priority‑1 security events.

• ≥ 90 % of employees complete annual security training and phishing tests.

• Security is a documented, automated part of CI/CD (build fails on critical vulns).

• Our largest enterprise customers cite security as a strength in renewals.

• Our sales team loves working with you because you kick butt in sales calls and help us close deals.

• Have 5+ years hands‑on security engineering in cloud‑native (AWS/GCP/Azure) product environments.

• Can demonstrate end‑to‑end ownership of at least one compliance framework (SOC 2, ISO 27001, HIPAA, PCI DSS, etc.).

• Are fluent in modern DevSecOps tooling (Terraform, Kubernetes, GitHub Actions, OIDC/OAuth).

• Write code well enough to build internal tooling or fix a critical bug (we use Elixir & Terraform).

• Communicate complex risks in plain language to engineers, execs, and customers.

• Are comfortable being a “team of one” at first and progressively hiring/mentoring teammates.

Nice‑to‑haves: experience with multi‑tenant data isolation, SAML/SCIM integrations, or selling to regulated industries (FinTech, HealthTech, GovTech).

Element Details Base salary (USD) $220 k – $270 k Benefits Health/dental/vision, 401k (no match yet) Time‑off Flexible PTO with manager approval Gear Top‑spec laptop, stipend for home office/security hardware Learning $2,000 annual training/certifications budget

1. 30m interview — Where we can answer your questions about the role

2. Longer interview (60 min) — with CTO

3. Paid Trial — Come work with us for a few days on site. Help with DDQs, go to lunch, etc.

4. 5 reference checks

5. Offer