Head of Security


Rocket Lawyer


Hybrid - California / Arizona / North Carolina / Utah / Colorado


As the Head of Security, you will champion and elevate the security standards of Rocket Lawyer. This role requires an individual who can integrate a robust security mindset across all departments, ensuring that every aspect of our operation and product development adheres to the highest security standards. This is a pivotal, player-coach role involving hands-on development of security roadmaps and strategies, managing a team of security professionals, and driving projects to completion, not just identifying risks.


  • Own and continuously improve the security framework of Rocket Lawyer's platform, ensuring alignment with industry best practices and certifications and protection of critical Rocket Lawyer and customer information against cybersecurity threats.
  • Develop and oversee the implementation of detailed security strategies for general operations, AI security, and payments security, including ownership of the respective roadmaps.
  • Lead the security team in achieving and maintaining PCI compliance and other critical security certifications.
  • Establish and maintain secure software development life cycle (SDLC) practices across the product development organization. Transition to a secure agile delivery methodology that supports the strategic goals of the company.
  • Act as a player-coach by directly engaging in the creation of strategies and detailed roadmaps, ensuring their execution and alignment with organizational objectives.
  • Build and nurture relationships with key stakeholders across all departments to ensure integration of security practices.
  • Conduct security control gap analysis, risk assessments, internal penetration tests, and code reviews.
  • Coordinate with external security service providers and support the selection of future security services vendors and suppliers.

Please see complete job description online.


  • Minimum 10 years experience in Information Security at a consumer-facing online business, with a proven track record of leading security initiatives and protecting critical customer information.
  • Must hold one or more of the following certifications: CISSP, CISM, CRISC, CISA.
  • Strong understanding and practical experience in implementing security frameworks and secure SDLC practices.
  • Experience with Managed Security Services and SOC implementations.
  • Demonstrated ability to manage multiple concurrent projects and deliver results analytically and methodically.
  • Excellent verbal and written communication skills with the ability to write clear technical specifications.M.li>


How to Apply:

Apply online





Return to list of jobs.