Earnest empowers ambitious professionals to make confident financial decisions and build the life they envision.

Earnies are committed to helping borrowers move forward with confidence by offering smarter borrowing options with a clearer path to taking control of their debt. If you’re as passionate as we are about our mission, read more below, and let’s build something great together. 

The Director of Security will report to the Chief Technology Officer. 

As the Director of Security, you will:

Lead and scale the security team: Directly manage, mentor, and grow emerging security leaders and engineers, including a Sr Security Engineer, Security Architect, and your existing team members.

Define and evolve security strategy: Build and mature a comprehensive security program from an early stage, aligning security initiatives with overall business and product goals.

Embed security into engineering workflows: Collaborate closely with engineering and product teams to integrate security early in system designs (such as threat and design reviews) and into CI/CD pipelines.

Govern compliance and third-party risk: Own security architecture, operations, engineering, IT compliance, and third-party risk assessment programs to satisfy regulatory and fintech expectations.

Act as a risk-management partner: Serve as a pragmatic advisor who assesses risk and provides business-enabling guardrails rather than acting as a strict gatekeeper.

Communicate across stakeholders: Effectively translate complex security concepts and major risks to non-technical stakeholders, executive leadership, and cross-functional partners.

About You: 

Experienced security leader: You have successfully led, mentored, and grown small security teams within highly-regulated, growth-stage businesses.

Public company familiarity: You have likely operated within a public company environment and understand the distinct requirements that come with it.

Strong communicator & influencer: You possess a strong ability to lead through influence, build alignment, and navigate corporate organizational structures effectively.

Pragmatic risk balancer: You have a proven track record of understanding business growth needs and balancing risk mitigation with operational speed and employee experience.

Technical & architectural depth: You understand cloud-native security principles (least privilege, zero trust, segmentation), IAM controls, and practical architectural trade-offs between usability, performance, and security.

Even Better:

Fintech or Insurtech background: You bring direct experience working in growth-stage Fintech or Insurtech companies (such as Upstart, SoFi, Chime, etc.).

IPO experience: You have previously guided a security function through the process of a company going public.

Framework expertise: You possess deep familiarity and hands-on experience with frameworks and regulations such as NIST, CIS, SOX, SOC2, PCI, and CCPA/CPRA.

DevSecOps exposure: You are familiar with infrastructure-as-code (e.g., Terraform, Ansible) and embedding security automated controls into deployment pipelines.

Where:

• This role will be based in the US.

Compensation: 

A little about our pay philosophy: We take pride in compensating our employees fairly and equitably. We are showcasing a range of your potential base salary based on the roles location. The successful candidate’s starting pay will also be determined based on job-related qualifications, internal compensation, candidate location and budget. This range may be modified in the future.

Salary Range: $240,000 - $300,000 USD. Employees are also eligible for an annual performance-based bonus and equity.

#LI-KB