Join a leading fintech company that’s democratizing finance for all.
Robinhood Markets was founded on a simple idea: that our financial markets should be accessible to all. With customers at the heart of our decisions, Robinhood and its subsidiaries and affiliates are lowering barriers and providing greater access to financial information. Together, we are building products and services that help create a financial system everyone can participate in.
With growth as the top priority...
The business is seeking curious, growth-minded thinkers to help shape our vision, structures and systems; playing a key-role as we launch into our ambitious future. If you’re invigorated by our mission, values, and drive to change the world — we’d love to have you apply.
About the team + role
Robinhood’s Security, Privacy and Corporate Engineering organization is seeking an experienced Director of Security Risk Management and Enterprise Resilience to lead our efforts in overseeing security risk management and policy governance, ensuring regulatory compliance, and improving our enterprise resilience. This pivotal leadership role will coordinate our strategic response to security challenges, lead all aspects of policy and exception management, and ensure robust business continuity and disaster recovery frameworks are in place and operationalized. As a key member of the leadership team, this role will provide crucial insights surrounding the company’s security risk posture and reports directly to the CSO.
The role is located in the office location(s) listed on this job description which will align with our in-office working environment. Please connect with your recruiter for more information regarding our in-office philosophy and expectations.
What you’ll do
Security Risk Management:
1. Establish and maintain a comprehensive risk management framework, leading from the front in risk assessment activities and mitigation strategy development.
2. Be responsible for the handling of high-stakes risk mitigation efforts, ensuring alignment with business objectives.
3. Elevate critical risks to the board and senior management, preparing detailed reports and strategic recommendations while leading key discussions.
Regulatory Response & Compliance:
4. Lead a team in developing and implementing the organization’s regulatory response strategy, actively participating in critical discussions and reviews to ensure compliance with legal and regulatory standards.
5. Facilitate cross-functional collaboration among legal, compliance, and operational teams to adapt to regulatory changes and audits efficiently.
6. Champion proactive compliance initiatives, stepping in to guide complex compliance issues and strategic planning sessions.
Policy and Exception Management:
7. Direct the creation and enforcement of security policies, actively engaging in the drafting, vetting, and rollout phases to ensure robustness and applicability.
8. Supervise the policy exception process, with decision making authority in high-risk or high-impact decisions to lead and mitigate potential threats effectively.
9. Cultivate a security-aware culture, providing leadership and direct involvement in training and awareness campaigns.
Enterprise Resilience:
10. Lead the development and continuous improvement of business continuity and disaster recovery plans, actively participating in simulations and drills.
11. Collaborate closely with various department heads to strengthen the resilience of operational and IT systems, directly troubleshooting and strategizing in critical areas.
12. Engage hands-on in the evaluation and enhancement of resilience measures to ensure they meet the evolving needs of the business.
Leadership & Team Management:
13. Lead an impactful risk and resilience team, setting clear goals and expectations while actively supporting their professional development and daily challenges.
14. Create an environment of shared knowledge and mutual support, stepping in to resolve conflicts and facilitate collaboration.
15. Demonstrate leadership through hands-on involvement in critical projects and pivotal initiatives, setting a standard for commitment and excellence.
Board Reporting & Stakeholder Engagement:
16. Develop high-impact security presentations for the board, personally driving the creation of content and essential messaging.
17. Serve as the primary liaison for security matters with internal and external partners, engaging directly in negotiations and critical communications.
18. Lead by example in external engagements, representing the organization in industry forums and regulatory discussions, and forging strong relationships with key partners.
These responsibilities emphasize a balance between strategic leadership and hands-on involvement, ensuring that the Director of Security Risk Management is not only a guiding force but also an active participant in critical activities
What you bring
19. A minimum of 10 years of experience in a senior security role with a strong focus on risk management, policy development, and enterprise resilience.
20. A minimum of 5 years of experience directly engaging with financial regulatory organizations
21. Demonstrated leadership experience with the ability to lead and inspire a team.
22. Consistent track record in developing and implementing comprehensive security risk management and governance programs.
23. Excellent communication and interpersonal skills, capable of working with executive-level stakeholders and board members.
24. Deep understanding of global security regulations, compliance frameworks, and industry standards.
25. Professional certifications such as CISSP, CISM, CRISC, or similar.
26. Experience in a highly regulated environment and/or public companies.
27. Experience with off-the-shelf GRC and program management tools (e.g., Jira)
Click to learn more about available Benefits, which vary by region and Robinhood entity.
We’re looking for more growth-minded and collaborative people to be a part of our journey in democratizing finance for all. If you’re ready to give 100% in helping us achieve our mission—we’d love to have you apply even if you feel unsure about whether you meet every single requirement in this posting. At Robinhood, we're looking for people invigorated by our mission, values, and drive to change the world, not just those who simply check off all the boxes.
Robinhood embraces a diversity of backgrounds and experiences and provides equal opportunity for all applicants and employees. We are dedicated to building a company that represents a variety of backgrounds, perspectives, and skills. We believe that the more inclusive we are, the better our work (and work environment) will be for everyone. Additionally, Robinhood provides reasonable accommodations for candidates on request and respects applicants' privacy rights. Please review the specific applicable to the country where you are applying.