We invest in people who change the way the world works.

Interested in working with them?
Tell us about your professional DNA and get discovered by the amazing companies in our network.

Director, Security & Compliance



United States
Posted on Friday, June 21, 2024

About Forma

The employee benefits market is broken. Companies invest millions annually in benefits that employees neither value nor use regularly. Forma, founded in 2017, set out to challenge this one-size-fits-all approach.

Forma's flexible benefits software enables companies to offer competitive packages while reducing costs and inefficiencies. It gives employees more choice and flexibility in spending their benefit allowances. The platform also saves HR professionals countless hours managing and supporting various solutions.

With Forma, companies can choose from a suite of products, including Lifestyle Spending Accounts, Health Spending Accounts, Health Reimbursement Arrangements, Flexible Spending Accounts, and more. These products allow companies to design and deliver customized benefits programs through a single platform. Employees can then spend account funds in three ways: The Forma Store, The Forma Visa Card, or claim reimbursement.

Forma has helped hundreds of renowned companies, including Stripe, Zoom, Lululemon, and Affirm, design inclusive, flexible benefits programs for nearly a million employees. We have a 98% customer retention rate, 75 NPS, and 98 CSAT ratings from members.

Forma is backed by Emergence Capital and Ribbit Capital. It has received numerous awards for its exponential growth, software innovation, and as a "Great Place to Work."

About the Role

As Director, Security & Compliance, you’ll play a critical role in maintaining and improving security across Forma's product. In this leadership role, we are looking for an experienced professional who is able to operate efficiently and effectively in a growth-stage type of environment.

Collaboration will be key in leading our security efforts toward our compliance goals. You’ll manage key relationships with Engineering, IT, and executive leadership as we scale within the flexible benefits and reimbursements space.

You Will

  • Coordinate our response to security challenges and ensure robust business continuity and disaster recovery frameworks are in place.

  • Evaluate and provide ongoing insights surrounding Forma’s product security risks.

  • Build an effective strategy for security in a cloud native environment (Kubernetes, container scanning, manage WAF policies, etc.)

  • Build and lead audit / compliance efforts across data, security and privacy (SOC2, ISO 27001, GDPR)

  • Collaborate with other teams (Operations, People, Engineering) to implement and maintain security policies.

  • Champion proactive compliance initiatives, stepping in to guide complex compliance issues and strategic planning sessions

Preferred Skills

  • University degree in Information Systems, Computer Science, or related focus.

  • Professional certifications such as CISSP, CISM, CRISC, or similar.

  • Knowledge of security issues with web applications.

  • 6+ years of experience being a people manager, and having remote management experience a big plus

  • At least 10 years professional hands-on experience with threat hunting, incident response, forensics, security analysis, security engineering, malware behavioral analysis, and broader system forensics.

  • Experience implementing comprehensive security compliance programs.

  • Startup experience in financial, benefits, or SaaS is a plus.

Benefits and Perks

  • Remote-first working environment

  • Medical, dental and vision insurance plans

  • Employee wellness program

  • One-time home office stipend

  • 401(k) savings plan

  • Flexible PTO policy

  • 12 weeks Parental Leave + 4 additional weeks for the Birthing Parent

At Forma, we value diversity, and always treat all employees and job applicants based on merit, qualifications, competence, and talent. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Duties and responsibilities may not all be covered in the description, or may change over time at the discretion of Forma. You're encouraged to apply even if your experience doesn't precisely match the job description. Your skills and passion will stand out—and set you apart—especially if your career has taken some extraordinary twists and turns. At Forma, we welcome diverse perspectives, and people who think rigorously / aren't afraid to challenge assumptions. Join us!