Allocate · 1 hour ago
Information Security Lead (Remote)
United States
Full-time
Remote
Senior Level
$175K/yr - $195K/yr
5+ years expAllocate is a fintech company focused on making investing in private technology alternatives more accessible. They are seeking an InfoSec Lead to own and evolve their information security program, ensuring compliance and security practices are in place as the company scales.
FinanceFinancial ServicesImpact Investing
Responsibilities
Own and evolve the GRC program in partnership with Legal and our CCO
Lead all efforts to achieve and maintain critical compliance certifications (SOC 2, potentially ISO 27001)
Manage external SOC2 audits and coordinate with third-party auditors (currently 4-6 week intensive periods annually)
Conduct quarterly user access reviews and maintain comprehensive access control documentation
Lead responses to due diligence questionnaires (DDQs) for information security matters
Develop, maintain, and enforce clear, practical security policies across all departments
Work cross-functionally with IT and HR to ensure consistent policy adherence
Monitor compliance with laptop MDM requirements, 2FA, policy attestations, and security training
Manage policy updates and communicate changes effectively to the organization
Review logs, access permissions, and information sharing practices to identify compliance gaps
Develop and execute a comprehensive information security roadmap aligned with business objectives
Lead the organization's migration to a Zero Trust security approach
Drive cultural change around data protection practices across all business units
Plan for and implement security improvements to support company growth
Select, implement, and manage endpoint detection and response (EDR) solutions
Lead rollout of security technologies across all employee devices
Establish continuous monitoring protocols for endpoint security
Manage BYOD policies and company device distribution
Implement virtual office network capabilities for Allocate devices
Oversee relationship with our managed IT service provider
Act as a security-focused intermediary for IT requests, ensuring appropriate access controls
Manage general IT operations, including email, machine compliance, and onboarding/offboarding
Manage support ticket flow and ensure sensitive information is properly protected
Evaluate and implement ticket management systems for security-sensitive support requests
Conduct vendor security reviews, risk assessments, and ongoing monitoring
Evaluate SaaS tools and API connectors for security implications
Lead the due diligence evaluation of our vendors
Manage vendor access and integration security
Research, evaluate, and select security tools to build a mature, cost-effective security stack
Develop and execute security awareness training programs for all employees
Coordinate phishing tests and manage remediation for failing results
Ensure cyber security and AML training requirements are met for all employees
Implement training programs for new hires and ongoing education initiatives
Build a security-conscious culture, especially around PII handling and phishing awareness
Qualification
Required
5+ years of experience in information security, with at least 2 years in a leadership or senior individual contributor role
Experience in fintech, banking, healthcare, payments, or other highly regulated industries
Proven track record managing SOC 2 compliance, including audit preparation and evidence gathering
Deep understanding of GRC frameworks and compliance requirements for fintech companies
Experience developing and enforcing security policies in a rapidly growing organization
Strong knowledge of endpoint security, including EDR solutions and mobile device management
Experience conducting vendor security assessments and managing third-party risk
Hands-on experience with security tools and technologies (SIEM, EDR, vulnerability management, etc.)
Demonstrated ability to work cross-functionally with Legal, HR, Engineering, and Product teams
Excellent written and verbal communication skills, with the ability to explain complex security concepts to non-technical stakeholders
Strong project management skills and ability to manage multiple initiatives simultaneously
Experience working with managed IT service providers or in-house IT teams
Ability to travel to our Palo Alto and/or NYC on a quarterly basis
Bachelor's degree in Computer Science, Information Security, Cybersecurity, or related field, or equivalent practical experience
Preferred
CISSP, CISM, or similar security certifications
Experience with ISO 27001 certification and maintenance
Familiarity with Zero Trust security architecture principles and implementation
Knowledge of SEC compliance requirements for investment advisers
Experience implementing VPN solutions and network security controls
Familiarity with AWS security services and best practices
Experience with Secureframe or similar GRC platforms
Background in security awareness training program development
Previous experience building out a security team from scratch
An advanced degree or relevant security certifications are a plus
Benefits
Medical
Dental
Vision
401(k)
Responsible time off
Company
Allocate
Allocate provides a private markets platform that enables advisors and family offices to manage tailored investment portfolios.
51-200 employees
Funding
Current Stage
Growth StageTotal Funding
$60.8MKey Investors
Portage VenturesM13
2025-09-03Series B· $30.5M
2023-09-21Series Unknown· $10M
2022-05-04Series A· $15.3M
Leadership Team
Samir Kaji
CEO and co-founder
Recent News
Alternative Credit Investor
2026-01-07
Alternative Credit Investor
2026-01-07
Company data provided by crunchbase