Information Security Risk Management Director
Do the best work of your career as a champion for small and mid-size businesses.
BILL is a leader in financial automation software for small and midsize businesses (SMBs). As a champion of SMBs, we are dedicated to automating the future of finance so businesses can thrive. Hundreds of thousands of businesses trust BILL solutions to manage financial workflows, including payables, receivables, and spend and expense management. With BILL, businesses are connected to a network of millions of members, so they can pay or get paid faster. Through our automated solutions, we help SMBs simplify and control their finances, so they can confidently manage their businesses, and succeed on their terms.
BILL is a trusted partner of leading U.S. financial institutions, accounting firms, and accounting software providers. We have operations in San Jose, CA, Draper, UT, Houston, TX and are continuing to expand into other geographic locations. If you’re looking for a place that helps you do the best work of your career, look no further than BILL.
Make your impact within a rapidly growing Fintech Company
BILL’s Information Security department is searching for an Information Security Risk Management Director to lead the security strategy for our growing Security Risk Management function, reporting to the Deputy CISO. The ideal candidate will bring a blend of technical acumen and strategic insight, capable of effectively communicating with stakeholders and guiding team members in alignment with our security culture and business priorities. The candidate will possess a strong background in cybersecurity and risk management, with working knowledge and experience in risk management frameworks such as NIST RMF, FAIR, and OWASP. Information Security is looking for a strong leader who is capable of working closely with cross-functional engineering teams and leadership to perform comprehensive security risk assessments, communicate identified risks effectively, and ensure timely remediation from a technical perspective, in addition to enhancing the security risk management program capabilities.
Key Responsibilities:
- Lead the comprehensive cyber risk management program including strategy, framework, process, execution, and continuous maturity.
- Conduct security risk assessments to identify potential risks from threats and vulnerabilities within the organization's infrastructure and applications.
- Perform control effectiveness assessment by collaborating with cross-functional teams to understand technical implementations and assess control strength.
- Communicate identified security risks and their potential impact to stakeholders, including technical and non-technical audiences.
- Develop and implement strategies for security risk remediation, ensuring alignment with technical, compliance, and business requirements.
- Provide expert guidance on security controls and best practices to cross-functional teams and guide risk mitigation.
- Maintain up-to-date knowledge of industry standards, regulatory requirements, and emerging threats to inform risk assessment and remediation processes.
- Lead the enhancement of the security risk management program, including policies, procedures, and frameworks.
- Track and report on the status of risk remediation efforts, ensuring timely resolution and compliance with organizational policies.
- Develop and present detailed reports on risk assessments, including identified threats, vulnerabilities, and the effectiveness of implemented mitigation measures. Ensure these reports are understandable to technical and non-technical stakeholders, including senior management.
- Demonstrate a process-oriented, results-driven approach to security risk engineering, employing effective problem-solving and communication skills to serve as a subject matter expert and trusted advisor.
We’d love to chat if you have:
- Bachelor’s degree in Computer Science, Information Security, or a related field.
- 10+ years of experience in security risk assessment, with a focus on qualitative analysis, or equivalent and relevant security experience.
- Strong technical knowledge of security controls, including but not limited to access controls, encryption, network security, and vulnerability management.
- Demonstrated experience working within a GRC framework, with an understanding of regulatory and compliance requirements (e.g., PCI DSS, SOC).
- Excellent communication skills at all levels, with the ability to articulate complex technical concepts to diverse audiences, including C-Suite.
- Proven ability to work collaboratively with engineering teams to assess and mitigate security risks.
- Experience with security risk remediation programs, including technical implementation and compliance considerations.
- Strong analytical and problem-solving skills, with attention to detail and accuracy.
Preferred Skills:
- Experience with security assessment tools and methodologies.
- Knowledge of cloud security best practices and technologies (e.g., AWS, Azure, GCP).
- Familiarity with security incident response, vulnerability triaging, and threat assessments.
- Strong project management skills with the ability to prioritize tasks and manage multiple projects simultaneously.
The estimated salary range for this role is noted below for our San Jose based role. Our ranges for each role and job level are based on a variety of factors including candidate experience, expertise, and geographic location and may vary from the amounts listed above. The role is also eligible for a competitive benefits package that includes: medical, dental, vision, life and disability insurance, 401(k) retirement plan, flexible spending & health savings account, paid holidays, paid time off, and other company benefits.
San Jose pay range: $185,100—$230,900 USD
Let’s talk about benefits
- 100% paid employee health, dental, and vision plans (choose HMO, PPO, or HDHP).
- HSA & FSA accounts.
- Life Insurance, Long & Short-term disability coverage.
- Employee Assistance Program (EAP).
- 11+ Observed holidays and wellness days and flexible time off.
- Employee Stock Purchase Program with employee discounts.
- Wellness & Fitness initiatives.
- Employee recognition and referral programs.
- And much more.
We live our culture and values every day
At BILL, we’re different by design—it's our culture. Our CEO is a trusted entrepreneur who lives our cultural values: Humble, Authentic, Passionate, Accountable, and Fun. People here love being their authentic selves, contributing unique experiences, sharing ideas, perspectives, and intellectual curiosity. We celebrate our diversity as the heart and soul of how we work, grow, and succeed together. Inspiring people with meaningful career experiences they love really does make the dream work and our successes just keep getting better. There’s no limit to what we can build and where we can go from here. We’d love you to join us.
BILL is proudly an Equal Opportunity Employer where everyone is welcome. Our innovation and technology are inspired by an inclusive culture unlike any other. Everyone brings a different personal story and perspective and this diverse mix of minds, backgrounds, and experiences is where our greatest ideas come from. We welcome people of all races, ethnicities, ages, religions, abilities, genders, and sexual orientations to make us an even more vibrant company. We want everyone to bring their authentic selves here, to share our values, shape our vision, drive innovation, and become part of a culture we celebrate every day.
If you require a reasonable accommodation for your application, interviews, or another aspect of the hiring process, please contact interviewaccommodations@hq.bill.com.
#J-18808-Ljbffr