Director of Information Security

The Company You’ll Join

Carta connects founders, investors, and limited partners through world-class software, purpose-built for everyone in venture capital, private equity and private credit. 

Carta’s fund administration platform supports nearly 7,000 funds and SPVs, representing  $150B in assets under administration in venture capital and private equity. Trusted by more than 40,000 companies, Carta also helps private businesses in over 160 countries manage their cap tables, valuations, taxes, equity programs, compensation, and more.

Together, Carta is creating the end-to-end ERP platform for private markets. Traditional ERP solutions don’t work for Private Funds. Private capital markets need a comprehensive software solution to replace outdated spreadsheets and fragmented service providers. Carta’s software for the Office of the Fund CFO does just that - it’s a new category of software to make private markets look more like public markets - a connected ERP for private capital. 

For more information about our offices and culture, check out our Carta careers page.

The Problems You'll Solve

At Carta, our employees set out on a mission to unlock the power of equity ownership for more people in more places. We believe that the problems we solve today unlock the opportunities of tomorrow.

As a Director of Information Security, you’ll work to mature our operational security capabilities, evolve our threat detection and response program, and drive strategic improvements to our identity architecture and governance. 

Here are some of the problems you’ll help us solve:

• Own, lead, and continuously improve our incident response program, including playbook development, cross-functional readiness, and post-incident reviews, ensuring rapid, effective, and transparent handling of security events.
• Oversee the architecture and continuous improvement of our Zero Trust security strategy, guiding cross-functional implementation across users, devices, and applications.
• Evolve our identity lifecycle and access governance model, ensuring the right access for the right users across cloud infrastructure and business applications.
• Build and operationalize a threat intelligence and threat modeling program that continually assesses our attack surface, informs key security investments, and proactively mitigates future risks.
• Cultivate and evangelize a culture of security across Carta through training, internal communications, and stakeholder engagement, making security a shared responsibility at every level.
• Serve as a strategic partner to Engineering, IT, Legal, and Finance to drive cross-functional security initiatives, reduce technical debt, and implement pragmatic, risk-based and scalable solutions.

The Team You'll Work With

You will be part of a security-minded team that believes in progress over perfection and where both security culture and mindset are key. Our team is rethinking how  security operations can be accomplished in innovative ways. We focus on solving business problems while minimizing and managing risk exposure for Carta.

About You

You will act as a technical leader on security operations to help and empower the team in making technical decisions.   You will work closely with IT, Legal, Compliance, and Engineering to protect Carta.  If you are excited by the idea of developing a scalable, efficient, and business-enabling security program, come join us!

We are looking for candidates who have:

• Proven experience in developing and deploying Zero Trust architectures, including technologies and processes around identity, device trust, access control, and segmentation.
• Strong understanding of modern cloud and network security principles, especially in AWS.
• Experience with enterprise IAM capabilities such as SSO, MFA, privileged access management, and access reviews.
• Operational knowledge of SIEM/SOAR, endpoint protection and management, and threat intelligence platforms.
• Demonstrated ability to lead technical teams, scale processes, and influence change across complex technical environments.
• Excellent communication skills, with the ability to translate risk to non-technical stakeholders and align security initiatives with business objectives.
• 10+ years of experience in information security with deep expertise in security operations.

Salary

Carta’s compensation package includes a market competitive salary, equity for all full time roles, exceptional benefits, and, for applicable roles, commissions plans. Our minimum cash compensation (salary + commission if applicable) range for this role is: 

• $237,000 - $316,000 in San Francisco, CA; Santa Clara, CA
• $225,150 - $300,200 in Seattle, WA

Final offers may vary from the amount listed based on geography, candidate experience and expertise, and other factors.

Disclosures:

• We are an equal opportunity employer and are committed to providing a positive interview experience for every candidate. If accommodations due to a disability or medical condition are needed, please connect with the talent partner via email. 
• Carta uses E-Verify in the United States for employment authorization. See the E-Verify and Department of Justice websites for more details.
• For information on our data privacy policies, see Privacy, CA Candidate Privacy, and Brazil Transparency Report.
• Please note that all official communications from us will come from an @carta.com or @carta-external.com domain. Report any contact from unapproved domains to security@carta.com.