Information Security Lead; Remote

About Allocate

We founded Allocate with the simple mission of making investing in top‑tier private alternatives within the technology sector more accessible for a broader set of investors. We believe that the mark of healthy and efficient markets requires the financial inclusion of all qualified market participants. However, despite significant demand, investing in private technology‑focused alternatives is more complex than ever as discovery, investment diligence and selection, access, and deal execution all serve as substantial roadblocks.

With Allocate, investors can find, invest (through Allocate SPV feeders), and track highly vetted opportunities through our turnkey digital platform in a single easy‑to‑use interface.

Allocate is looking for an Info Sec Lead to own and evolve our information security program as we scale. As a fintech company handling sensitive investor data and financial transactions, security and compliance are foundational to everything we do. This role will consolidate security responsibilities currently distributed across our Product and Engineering leadership, allowing them to focus on their core functions while you build out a mature security practice.

You’ll be responsible for policy enforcement, compliance management (SOC
2), vendor security assessments, and developing our security roadmap, including migration to a Zero Trust architecture. You’ll also oversee our relationship with our IT managed service provider and handle some basic IT functions. This is a high‑impact role with both leadership and IC aspects and significant growth potential; the right person could eventually build out and lead an entire Info Sec team here at Allocate.

• Own and evolve the GRC program in partnership with Legal and our CCO
• Lead all efforts to achieve and maintain critical compliance certifications (SOC 2, potentially ISO 27001)
• Manage external SOC2 audits and coordinate with third‑party auditors (currently 4‑6 week intensive periods annually)
• Conduct quarterly user access reviews and maintain comprehensive access control documentation
• Lead responses to due diligence questionnaires (DDQs) for information security matters

• Develop, maintain, and enforce clear, practical security policies across all departments
• Work cross‑functionally with IT and HR to ensure consistent policy adherence
• Monitor compliance with laptop MDM requirements, 2FA, policy attestations, and security training
• Manage policy updates and communicate changes effectively to the organization
• Review logs, access permissions, and information sharing practices to identify compliance gaps

• Develop and execute a comprehensive information security roadmap aligned with business objectives
• Lead the organization’s migration to a Zero Trust security approach
• Drive cultural change around data protection practices across all business units
• Plan for and implement security improvements to support company growth

• Select, implement, and manage endpoint detection and response (EDR) solutions
• Lead rollout of security technologies across all employee devices
• Establish continuous monitoring protocols for endpoint security
• Manage BYOD policies and company device distribution
• Implement virtual office network capabilities for Allocate devices

• Oversee relationship with our managed IT service provider
• Act as a security‑focused intermediary for IT requests, ensuring appropriate access controls
• Manage general IT operations, including email, machine compliance, and onboarding/offboarding
• Manage support ticket flow and ensure sensitive information is properly protected
• Evaluate and implement ticket management systems for security‑sensitive support requests

• Conduct vendor security reviews, risk assessments, and ongoing monitoring
• Evaluate SaaS tools and API connectors for security implications
• Lead the due diligence evaluation of our vendors
• Manage vendor access and integration security
• Research, evaluate, and select security tools to build a mature,…