Director, Security Risk and Resilience

About the team + role

Robinhood’s Security, Privacy and Corporate Engineering organization is seeking an experienced Director of Security Risk Management and Enterprise Resilience to lead our efforts in overseeing security risk management and policy governance, ensuring regulatory compliance, and improving our enterprise resilience. This pivotal leadership role will coordinate our strategic response to security challenges, lead all aspects of policy and exception management, and ensure robust business continuity and disaster recovery frameworks are in place and operationalized. As a key member of the leadership team, this role will provide crucial insights surrounding the company’s security risk posture and reports directly to the CSO.

The role is located in the office location(s) listed on this job description which will align with our in-office working environment. Please connect with your recruiter for more information regarding our in-office philosophy and expectations.

What you’ll do

Security Risk Management:

• Establish and maintain a comprehensive risk management framework, leading from the front in risk assessment activities and mitigation strategy development.
• Be responsible for the handling of high-stakes risk mitigation efforts, ensuring alignment with business objectives.
• Elevate critical risks to the board and senior management, preparing detailed reports and strategic recommendations while leading key discussions.

Regulatory Response & Compliance:

• Lead a team in developing and implementing the organization’s regulatory response strategy, actively participating in critical discussions and reviews to ensure compliance with legal and regulatory standards.
• Facilitate cross-functional collaboration among legal, compliance, and operational teams to adapt to regulatory changes and audits efficiently.
• Champion proactive compliance initiatives, stepping in to guide complex compliance issues and strategic planning sessions.

Policy and Exception Management:

• Direct the creation and enforcement of security policies, actively engaging in the drafting, vetting, and rollout phases to ensure robustness and applicability.
• Supervise the policy exception process, with decision making authority in high-risk or high-impact decisions to lead and mitigate potential threats effectively.
• Cultivate a security-aware culture, providing leadership and direct involvement in training and awareness campaigns.

Enterprise Resilience:

• Lead the development and continuous improvement of business continuity and disaster recovery plans, actively participating in simulations and drills.
• Collaborate closely with various department heads to strengthen the resilience of operational and IT systems, directly troubleshooting and strategizing in critical areas.
• Engage hands-on in the evaluation and enhancement of resilience measures to ensure they meet the evolving needs of the business.

Leadership & Team Management:

• Lead an impactful risk and resilience team, setting clear goals and expectations while actively supporting their professional development and daily challenges.
• Create an environment of shared knowledge and mutual support, stepping in to resolve conflicts and facilitate collaboration.
• Demonstrate leadership through hands-on involvement in critical projects and pivotal initiatives, setting a standard for commitment and excellence.

Board Reporting & Stakeholder Engagement:

• Develop high-impact security presentations for the board, personally driving the creation of content and essential messaging.
• Serve as the primary liaison for security matters with internal and external partners, engaging directly in negotiations and critical communications.
• Lead by example in external engagements, representing the organization in industry forums and regulatory discussions, and forging strong relationships with key partners.

These responsibilities emphasize a balance between strategic leadership and hands-on involvement, ensuring that the Director of Security Risk Management is not only a guiding force but also an active participant in critical activities

What you bring

• A minimum of 10 years of experience in a senior security role with a strong focus on risk management, policy development, and enterprise resilience.
• A minimum of 5 years of experience directly engaging with financial regulatory organizations
• Demonstrated leadership experience with the ability to lead and inspire a team.
• Consistent track record in developing and implementing comprehensive security risk management and governance programs.
• Excellent communication and interpersonal skills, capable of working with executive-level stakeholders and board members.
• Deep understanding of global security regulations, compliance frameworks, and industry standards.
• Professional certifications such as CISSP, CISM, CRISC, or similar.
• Experience in a highly regulated environment and/or public companies.
• Experience with off-the-shelf GRC and program management tools (e.g., Jira)

Our team is committed to providing an inclusive and welcoming interview experience for all candidates. If you require a specific accommodation during the application or interview process due to a physical or mental condition, please complete this Applicant Accommodation Form to notify our team. The form should only be completed if you need a specific accommodation.

We use Covey as part of our hiring and / or promotional process for jobs in NYC and certain features may qualify it as an AEDT. As part of the evaluation process we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound on September 19, 2024.

Please see the independent bias audit report covering our use of Covey here.