Director, Security & Compliance
Forma
About Forma
The employee benefits market is broken. Companies invest millions annually in benefits that employees neither value nor use regularly. Forma, founded in 2017, set out to challenge this one-size-fits-all approach.
Forma's flexible benefits software enables companies to offer competitive packages while reducing costs and inefficiencies. It gives employees more choice and flexibility in spending their benefit allowances. The platform also saves HR professionals countless hours managing and supporting various solutions.
With Forma, companies can choose from a suite of products, including Lifestyle Spending Accounts, Health Spending Accounts, Health Reimbursement Arrangements, Flexible Spending Accounts, and more. These products allow companies to design and deliver customized benefits programs through a single platform. Employees can then spend account funds in three ways: The Forma Store, The Forma Visa Card, or claim reimbursement.
Forma has helped hundreds of renowned companies, including Stripe, Zoom, Lululemon, and Affirm, design inclusive, flexible benefits programs for nearly a million employees. We have a 98% customer retention rate, 75 NPS, and 98 CSAT ratings from members.
Forma is backed by Emergence Capital and Ribbit Capital. It has received numerous awards for its exponential growth, software innovation, and as a "Great Place to Work."
About the Role
As Director, Security & Compliance, you’ll play a critical role in maintaining and improving security across Forma's product. In this leadership role, we are looking for an experienced professional who is able to operate efficiently and effectively in a growth-stage type of environment.
Collaboration will be key in leading our security efforts toward our compliance goals. You’ll manage key relationships with Engineering, IT, and executive leadership as we scale within the flexible benefits and reimbursements space.
You Will
Coordinate our response to security challenges and ensure robust business continuity and disaster recovery frameworks are in place.
Evaluate and provide ongoing insights surrounding Forma’s product security risks.
Build an effective strategy for security in a cloud native environment (Kubernetes, container scanning, manage WAF policies, etc.)
Build and lead audit / compliance efforts across data, security and privacy (SOC2, ISO 27001, GDPR)
Collaborate with other teams (Operations, People, Engineering) to implement and maintain security policies.
Champion proactive compliance initiatives, stepping in to guide complex compliance issues and strategic planning sessions
Preferred Skills
University degree in Information Systems, Computer Science, or related focus.
Professional certifications such as CISSP, CISM, CRISC, or similar.
Knowledge of security issues with web applications.
6+ years of experience being a people manager, and having remote management experience a big plus
At least 10 years professional hands-on experience with threat hunting, incident response, forensics, security analysis, security engineering, malware behavioral analysis, and broader system forensics.
Experience implementing comprehensive security compliance programs.
Startup experience in financial, benefits, or SaaS is a plus.
Benefits and Perks
Remote-first working environment
Medical, dental and vision insurance plans
Employee wellness program
One-time home office stipend
401(k) savings plan
Flexible PTO policy
12 weeks Parental Leave + 4 additional weeks for the Birthing Parent
At Forma, we value diversity, and always treat all employees and job applicants based on merit, qualifications, competence, and talent. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Duties and responsibilities may not all be covered in the description, or may change over time at the discretion of Forma. You're encouraged to apply even if your experience doesn't precisely match the job description. Your skills and passion will stand out—and set you apart—especially if your career has taken some extraordinary twists and turns. At Forma, we welcome diverse perspectives, and people who think rigorously / aren't afraid to challenge assumptions. Join us!