Director of Cyber Threat Intelligence

Employee Applicant Privacy Notice

Who we are:

Shape a brighter financial future with us.

Together with our members, we’re changing the way people think about and interact with personal finance.

We’re a next-generation financial services company and national bank using innovative, mobile-first technology to help our millions of members reach their goals. The industry is going through an unprecedented transformation, and we’re at the forefront. We’re proud to come to work every day knowing that what we do has a direct impact on people’s lives, with our core values guiding us every step of the way. Join us to invest in yourself, your career, and the financial world.

Role Overview

The Director of Cyber Threat Intelligence is responsible for leading the development and execution of a financial institution's cyber threat intelligence program. This role involves acting as the key point of contact for cyber intelligence issues, anticipating future security needs, and managing multi-disciplinary teams of technical and contextual analysts to protect the organization, its employees, and its members from cyber threats. This position serves as a cross functional glue that enables security to integrate closely with stakeholders across the business through threat informed decision making based off of intelligence and data driven analyses.This role acts as a crucial, cross-functional link, enabling the security team to seamlessly integrate with business stakeholders. This is achieved through data-driven analyses and intelligence that allow decision making to be threat informed.

Key Responsibilities

Program Leadership & Strategy

• Develop the CTI Program: Lead the creation and maturation of a comprehensive threat intelligence program tailored specifically to the financial services industry, ensuring it aligns with business requirements and regulatory environments.

• Team Management: Oversee, train, and mentor a team of threat intelligence engineers and analysts, fostering a culture of continuous learning. This includes managing personnel actions, budgets, and operational projects.

• Strategic Direction: Clearly define program roadmap through gap analysis, provide thought leadership to improve awareness across the organization, and act as a strategic advisor to management and steering committees.

Intelligence Collection & Analysis

• Threat Intelligence Platform: Deploy and maintain a threat intelligence platform responsible for the intake, structuring, and distribution of threat intelligence to relevant teams.

• Data Ingestion & Aggregation: Manage the engineering processes for ingesting threat intelligence data from commercial, open-source, and internal resources.

• Threat Monitoring & Research: Continuously monitor the threat landscape to identify emerging threats, vulnerabilities, and the macroeconomic interests of attackers.

• Requirements Management: Lead collection strategies focusing on Priority Intelligence Requirements (PIR) and Strategic Intelligence Requirements (SIR), identifying intelligence gaps and developing plans to mitigate risks.

• Data Analysis: Conduct qualitative and quantitative analysis of large datasets and multiple data sources to assess potential risks to the organization's international operations and assets.

Reporting & Dissemination

• Product Review: Draft, review, and edit intelligence products and briefings from multiple sources.

• Stakeholder Communication: Present complex technical data and risk assessments in clear, non-technical terms to diverse audiences, including senior executives and incident response teams.

• Documentation: Write and revise policies, standards, guidelines, and procedures related to cyber risk and intelligence.

Cross-Functional & External Collaboration

• Internal Partnership: Work closely with security operations, IT, Legal, Fraud Risk, and other stakeholders to integrate intelligence into enterprise workflows and address control gaps.

• External Networking: Collaborate with external partners, industry forums, and government agencies to share intelligence and enhance the bank's capabilities.

Required Qualifications and Skills

• 7+ years of experience in cybersecurity, threat intelligence, operations, or risk management.

• Bachelor’s or advanced degree in Cybersecurity, Computer Science, or a related field.

• Demonstrated ability to lead teams effectively within a dynamic operational setting.

• Proven experience in deploying and maintaining Threat Intelligence Platforms (TIP) and open-source intelligence (OSINT) tools.

• Candidates must demonstrate a proven track record in engineering robust and scalable cybersecurity or threat intelligence solutions. This includes developing tools, integrating services, and building platforms specifically for areas such as threat detection, hunting, and vulnerability management, or related disciplines..

• In-depth knowledge of cyber threats, attack methodologies (such as the MITRE ATT&CK framework or the cyber kill chain), and vulnerabilities relevant to financial networks.

• Familiarity with Security Information and Event Management (SIEM), SOAR tools, dissemination of intelligence through automation to security controls.

• Exceptional written and verbal communication and presentation skills, capable of negotiating and influencing stakeholders at a senior level.

• Strong critical reasoning, problem-solving, and project management abilities.

• Ability to remain calm under pressure, handle multiple conflicting tasks, and maintain strict confidentiality regarding sensitive intelligence.

• Experience integrating artificial intelligence or machine learning capabilities into cybersecurity or threat intelligence workflows, such as automation of threat analysis, detection enrichment, or large-scale data analysis.

Compensation and Benefits

The base pay range for this role is listed below. Final base pay offer will be determined based on individual factors such as the candidate’s experience, skills, and location.

To view all of our comprehensive and competitive benefits, visit our Benefits at SoFi page!

SoFi provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion (including religious dress and grooming practices), sex (including pregnancy, childbirth and related medical conditions, breastfeeding, and conditions related to breastfeeding), gender, gender identity, gender expression, national origin, ancestry, age (40 or over), physical or medical disability, medical condition, marital status, registered domestic partner status, sexual orientation, genetic information, military and/or veteran status, or any other basis prohibited by applicable state or federal law.

The Company hires the best qualified candidate for the job, without regard to protected characteristics.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

New York applicants: Notice of Employee Rights

SoFi is committed to an inclusive culture. As part of this commitment, SoFi offers reasonable accommodations to candidates with physical or mental disabilities. If you need accommodations to participate in the job application or interview process, please let your recruiter know or email [email protected].

Due to insurance coverage issues, we are unable to accommodate remote work from Hawaii or Alaska at this time.

Internal Employees

If you are a current employee, do not apply here - please navigate to our Internal Job Board in Greenhouse to apply to our open roles.