Republic is a financial technology firm that allows everyone to invest in private markets. Republic operates several distinct business lines including a retail investment platform, a private capital division, and a blockchain advisory practice. The Republic ecosystem has deployed over $900 million in investments, has supported over 600 companies, and comprises a community of over 1.5M users across 100 countries. Republic is backed by dozens of leading investment firms and financial institutions and its affiliated entities have co-invested with the best names in venture and private equity. Founded in 2016, Republic is headquartered in New York City with offices worldwide.

What you 'll do

We have a fantastic opportunity for an Information Security Officer to join us on a part time/full time basis.
You’ll support the Global Information Security Manager working in a supportive team to assist with providing oversight of all information security, governance, risk and compliance activities and issues for Republic’s EU/US entities.

If you have a passion for promoting InfoSec awareness and GRC standards, complying with ISO 27001 and SOC 2 requirements, while learning new skills, then this could be the ideal opportunity for you!

Key Responsibilities:

Security Strategy & Governance:

• Develop, maintain and improve the company’s information security policies, standards, and procedures.
• Maintain compliance with security frameworks aligned with industry best practices (ISO 27001, NIST, SOC 2).
• Assist with internal and external ISO 27001 and SOC 2 audits.
• Conduct regular risk assessments and security audits to identify vulnerabilities and recommend mitigation strategies.
• Assist with producing monthly reports to executive and senior management detailing the overall security posture and management of Information Security.

Cybersecurity Operations:

• Monitor and respond to security threats, incidents, and breaches in a timely manner.
• Responding to alerts generated by Republic’s SOC team and SIEM/MDR services. While liaising with relevant teams and personnel as part of the investigation.
• Work closely with IT and engineering teams to implement recommended security controls in cloud environments and software development processes.
• Ensure and review the configuration of security tools, including intrusion detection systems, endpoint protection, etc.

Incident Response & Risk Management:

• Maintain and improve the incident response plan, ensuring quick identification and resolution of security incidents.
• Perform post-incident reviews, documentation/logging and recommend improvements to security measures.
• Perform risk assessments and supplier due diligence evaluations.
• Assist with maintaining and updating security related risks within the Risk Register
• Collaborate with legal and compliance teams on regulatory security reporting requirements.
• Manage and conduct security risk assessments to ensure that all information systems comply with Republic’s security requirements

Security Awareness & Training:

• Develop and deliver security awareness training programs and phishing simulations for employees.
• Promote a security-first culture throughout the organization by establishing best practices and regular security updates/articles.
• Ensure company-wide adherence to security policies through ongoing education and training initiatives.

Collaboration & Compliance:

• Work closely with product, engineering, and IT teams to embed security best practices into development and operational workflows.
• Serve as the security liaison with external auditors, regulators, and third-party vendors.
• Respond to client/partner security due diligence questions
• Conduct regular security reviews of company systems and infrastructure.

Our ideal candidate

Musts for us to match:

• 2+ years of experience in information security, risk management, or cybersecurity roles.
• Strong GRC background with knowledge of ISO 27001 requirements
• ISO 27001:2022 Lead Implementer Certification
• CompTIA Security+ Certification

Nice to have:

• Blue Team Level 1 Certification
• ISO 27001:2022 Lead Auditor Certification
• Hands-on experience with security tools, including SIEM/SOC, endpoint protection, MDM, and vulnerability management.
• Experience with cloud security systems (AWS, Azure, or Google Cloud)
• Achieved or working towards CISSP, CISM, or CISA.
• Knowledge of blockchain security and smart contract auditing is a plus.
• Ability to work across global teams to standardize security policies and procedures.

Why Republic?
Republic is a place for innovators and visionaries. We empower employees to build what hasn’t been built before and support opportunities for growth. Our mission to democratize access to investing, capital raising, and community building is pushed forward by every team, from legal to engineering. Republic is a venture-backed company, we most recently closed a $150M Series B funding led by Valor Equity Partners.

A standard offer from Republic includes base compensation, and a highly competitive benefits and perks package. Offers are determined by a number of factors including (but not limited to) the applicant’s experience, skills, certifications, as well as internal equity among our team.