Director of Security

Jeeves is a groundbreaking financial operating system built for global businesses that provides corporate cards, cross-border payments, and spend management software within one unified platform. The company operates across 20+ countries including Brazil, Canada, Colombia, Mexico, the United Kingdom, across Europe, and the United States, and serves over 5,000 clients ranging from venture-backed startups to SMBs around the world. With a mission to empower businesses with more efficient and cost-effective financial solutions worldwide, Jeeves combines cutting-edge financial technology with exceptional team expertise to transform the business financial landscape. Jeeves has been recognized as one of The Information's 50 Most Promising Startups in 2023, as well as a Y Combinator Top Company 2021-2023 and won “Fintech of the Year" at the European Fintech Awards.

Since graduating from Y Combinator in 2020, Jeeves has successfully raised over $380 million and is backed by top world-class investors including Andreessen Horowitz, Y Combinator, CRV, Tencent, Stanford University, Clocktower Ventures, and founders of more than 15 unicorns including David Velez (Nubank), Carlos Garcia (Kavak) and Sebastián Mejía (Rappi).

We are looking for a visionary and hands-on Director of Information Security to join our dynamic team. Reporting into the CTO, this critical role will be responsible for defining, implementing, and overseeing the company's comprehensive information and cyber security strategy, ensuring the protection of our sensitive data, systems, and client information across all our global markets. You will be a key leader, working closely with executive leadership, engineering, product, and operations teams to embed security into every facet of our business.

Location: This role is based out of São Paulo, Brazil, and is a full-time position where it is required to come into our office at complexo JK Iguatemi (2-3 days/week). #LI-Hybrid

Key Responsibilities::
• Strategic Leadership: Develop, implement, and maintain a robust global information security strategy aligned with business objectives, regulatory requirements (e.g., GDPR, LGPD, NIST, ISO 27001, local financial regulations), and industry best practices. Lead the evolution of our security roadmap, identifying emerging threats, vulnerabilities, and opportunities for improvement. Provide expert guidance and leadership on all aspects of information security to executive management and key stakeholders.
• Security Program Management: Oversee the design, implementation, and continuous improvement of security policies, standards, procedures, and guidelines across the organization. Manage and mature our security awareness and training programs for all employees, fostering a security-conscious culture. Develop and manage the information security budget and resource allocation.
• Risk Management & Compliance: Establish and maintain an enterprise-wide information security risk management framework, conducting regular risk assessments and managing mitigation plans. Ensure compliance with relevant international, regional, and local data privacy and security regulations (e.g., PCI DSS, SOC 2, various financial regulatory requirements in Mexico, Colombia, Brazil, North America, and EMEA). Lead and coordinate external security audits and assessments, facilitating responses to findings and ensuring timely remediation.
• Security Operations & Incident Response: Oversee security operations, including vulnerability management, penetration testing, security monitoring, and incident detection and response. Develop and regularly test the incident response plan, ensuring effective communication, containment, eradication, recovery, and post-incident analysis. Manage and optimize security tools and technologies (SIEM, EDR, WAF, DLP, etc.).
• Architecture & Engineering Security: Collaborate closely with engineering and product teams to integrate security by design principles throughout the software development lifecycle (SDLC) and infrastructure provisioning. Provide security architecture guidance for new and existing systems, applications, and cloud environments (AWS, Azure, GCP).
• Vendor Security Management: Develop and manage the third-party security risk assessment program, ensuring that vendors and partners adhere to our security standards.
• Team Leadership & Development: Build, mentor, and lead a high-performing team of security professionals (if applicable, or set the foundation for building a team). Foster a culture of continuous learning and professional development within the security function.

Qualifications::
• Bachelor's degree in Computer Science, Information Security, or a related field; Master's degree preferred.
• 10+years of progressive experience in information security, with at least 5 years in a leadership or management role, preferably within a B2B SaaS or FinTech environment.
• Proven experience operating in a global organization with a strong understanding of diverse regulatory landscapes across North America, EMEA, and Latin America (Mexico, Colombia, Brazil).
• Strong understanding of financial industry security regulations and compliance frameworks (e.g., PCI DSS, SOC 2, ISO 27001, NIST Cybersecurity Framework, GDPR, LGPD).
• Deep technical expertise across a broad range of security domains, including network security, cloud security (AWS, Azure, GCP), application security, data security, identity and access management, and incident response.
• Experience with various security tools and technologies (SIEM, EDR, WAF, DLP, vulnerability scanners, etc.).
• Excellent communication, interpersonal, and presentation skills, with the ability to articulate complex security concepts to technical and non-technical audiences,3 including executive leadership.
• Strong analytical and problem-solving skills, with a proactive and pragmatic approach to security.
• Relevant industry certifications such as CISSP, CISM, CISA, CSSLP, CCSP are highly desirable.
• Fluency in English required; proficiency in Spanish and/or Portuguese is a significant advantage.