Listing Description

Who We Are

Ellevest is a fast-growing, venture-backed financial services start-up built by women, for women. Our mission is to get more money in the hands of women, no matter where they’re starting or how far they’ve come. We started by building the only gender-aware online investing platform that takes totally un-ignorable realities (like pay gaps, different salary curves, and women’s longer lifespans) into account. Then we added banking, learning, and money and career coaching services for Ellevest members, plus a full-service private wealth management service that helps high net worth people, families, and institutions align their financial power with their values.

Ellevest was co-founded by Wall Street veteran Sallie Krawcheck after she realized that the financial services industry was built by men, for men, systemically leaving women behind. During her Wall Street days, she served as CEO of Smith Barney, CEO of Merrill Lynch Wealth Management, and CFO of Citi. Ellevest has raised $145 million from investors including Rethink Impact, Pivotal Ventures, Valerie Jarrett, Salesforce Ventures, PayPal Ventures, MasterCard, Khosla Ventures, Morningstar, and Venus Williams.

Diversity, Equity & Inclusion

Ellevest is an equal opportunity employer and we value diversity at our company. Data shows that diverse teams are more innovative, make better decisions, and lead to greater employee engagement. When hiring, we look for culture add, not culture fit. That means hiring people who bring new perspectives and different experiences to our team. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. 

About This Position

As the Head of Security at Ellevest, you will work to design, build, and implement strategies for preventing and managing cybersecurity threats that could impact our clients and the company. You will take responsibility for both tactical response and strategic direction. You will work collaboratively across the larger Ellevest organization to prevent threats and mitigate security challenges. 

From our web and mobile applications to internal systems, the work you will be tasked with in this role is integral to ensuring a best-in-class experience for our clients and also vital to ensuring our infrastructure, databases, and systems are secure. You will bring deep knowledge of methodologies and best practices in the cybersecurity space, and have experience leveraging your knowledge of security risks. You have hands-on management capabilities and knowledge of tools and techniques for building an engaged and proactive team. 

This position reports to the CTO. 

Day-to-day you will:

• Be hands-on in protecting infrastructure and users from cybersecurity threats


• Manage a small team in a player/coach capacity


• Keep leadership informed and aware of the latest threats and security challenges that the company is encountering 


• Be responsible for governance, policies, procedures, and reporting, in both an internal and external capacity


• Analyze information from a variety of sources to proactively identify risks, such as coalescing data from multiple systems and logs to identify suspicious activity


• Manage and lead resources across all risk, privacy, and security programs, including engineering, operations, legal, compliance, application security, incident response, continuous monitoring, responsible disclosure, and vulnerability management


• Identify, mitigate, and prevent attacks with a web application firewall


• Proactively monitor for developing risks and prevent escalation


• Conduct forensic investigation, if needed, or coordinate with a third party

We’re looking for: 

• 12+ years of cybersecurity experience including application, infrastructure, and vendor risk management


• Expert level of understanding and experience of forensics, malware analysis, vulnerability management, and software development cycles


• Proven knowledge of technical infrastructure, networks, databases, operating systems, and threat modeling; and how they affect an organization's cybersecurity risk


• Comfort with AWS and linux security best practices 


• Proven knowledge of security governance, methodologies, policies, standards and best practices


• Experience with public facing consumer finance or payments applications and the associated risks


• Ability to identify OWASP Top 10 issues in application source code, and coaching others to be able to do the same (with or without tooling) 


• Experience with protecting employee devices from threats, such as early identification of misconfigured security software or presence of unapproved software


• Experience with conducting a forensic investigation or coordinating with an external team


• Experience with conducting a penetration test or coordinating with an external team


• Passion for our women-oriented mission

Ellevest's compensation framework is based on relevant data, benchmarking and research for comparable companies and on our internal pay equity policies. The prospective annual salary range for this role is $200,000-250,000. In addition to base salary, Ellevest compensation offering for full-time employees will also include the following benefits: equity, 401k plan with employer contribution, medical, dental and vision health insurance (80% of premiums covered by employer), unlimited paid time off and flexible scheduling, paid parental leave, learning and development opportunities, financial support for accessing reproductive healthcare, free access to Ellevest membership and discounts on Private Wealth Management offering. The actual offer, reflecting the total compensation package and benefits, will be determined by a number of factors including (but not limited to) the applicant's experience, skills, certifications, as well as internal equity among our team. 

Working at Ellevest

Ellevest was founded in New York City, but today, our fully remote team is spread across the whole United States. As a member of the team, you can expect to do work that directly impacts our mission and the lives of real women every day.

We’re also dedicated to building a work environment where everyone on our team can grow and thrive, with flexible working hours and time off; remote work policies designed for transparency and effective cross-team collaboration; ongoing team building and professional development; and more.

Do you think you could thrive in this role?

Please send us your application — even if you don’t check every single box. No two people’s career paths look exactly alike, and skill sets come in many different forms. We can’t wait to hear about yours.

Note: Instead of a cover letter, we ask you to answer the questions at the bottom of this application.