Director, Risk Engineering

Basic Function

​​The Director of Risk Engineering is responsible for developing and leading teams of creators that build risk, security, and privacy capabilities into Lumin Digital’s technology platforms and business processes. This leader owns the design and implementation of scalable technical detective and preventative controls, automation, and cross-functional engineering solutions that manage risk while enabling development velocity, client delivery, satisfaction, and innovation.  In some cases, this involves creating ‘paved roads, bright lines, and guard rails’ that become standard and reusable patterns for other teams within the company to follow.  In others, this function serves the Risk Operations function as one of its customers to deliver the capabilities it needs to detect and defend against threats.  The Director of Risk Engineering will shape the future of how Lumin builds secure-by-default systems and drives measurable improvements in both the ERM function and engineering practices company-wide.

Essential Functions and Responsibilities:

Strategic Leadership

Own the engineering strategy for preventative and detective risk controls, including automation pipelines, telemetry collection, and response mechanisms

Translate strategic goals from the CRO into actionable risk engineering approaches and long-term roadmaps

Lead enterprise engineering initiatives that proactively reduce security and privacy debt, minimize exposure, and increase observability of risk

Continuously assess technology shifts and organizational changes to drive risk adaptations

Technical Oversight

Guide the design and standardization of scalable controls for data protection, identity, secrets management, and infrastructure integrity

Build and maintain infrastructure that supports Risk Operations, including threat detection, log aggregation, alerting, automated remediation, and control monitoring

Serve as a technical stakeholder in architecture reviews, threat modeling sessions, and infrastructure design efforts to ensure security and privacy are embedded early

People & Team Leadership

Lead and grow a team of engineers and managers focused on scaling secure-by-default and private-by-default infrastructures.  Act as the bridge between risk strategy and platform execution by partnering closely with Development and Operations teams.  Develop a high-performance culture focused on clarity, ownership, and continuous improvement to fulfill the company’s values of trust, respect, and boldness.

Collaborate closely with teams within ERM and across Lumin Digital to drive technical alignment and shared goals, tools, and workflows. Champion security-by-design and privacy-by-design (PbD) principles in technical architecture, deployment models, and shared platforms.

Influence peers and leaders to align with business priorities, meaningfully improve risk posture, and remove systemic barriers to security and privacy.

Serve as a credible voice on engineering topics in both functional and cross-functional settings.

Engineering Excellence & Metrics

Use engineering data to identify architectural hotspots, systemic risks, or latent security debt

Define and track relevant engineering metrics, such as time-to-remediate, secure defaults adoption rate, and platform control coverage, to inform leadership of changes in aggregate risk and effectiveness of efforts

Ensure tooling, processes, and workflows are efficient, balanced, and fit for scale in a highly regulated and highly targeted industry

Supervisory Responsibility:

Set clear expectations, offer direction, and ensure alignment with organizational goals while fostering a supportive environment that encourages collaboration, accountability, and growth.

Coach, mentor, and provide training opportunities to build team members’ skills, promote internal growth, and prepare staff for future roles and responsibilities.

Manage hiring, onboarding, performance evaluations, promotions, compensation, and terminations, ensuring fair and consistent application of policies and procedures.

Assess team performance regularly, address gaps, and ensure duties are completed efficiently and effectively in alignment with department and organizational objectives.

Position Specifications

Education: 

Bachelor's degree in Computer Science, Information Assurance, Information Security, Cybersecurity, or related field is required; or equivalent combination of education and leadership experience of high-impact cybersecurity teams.  A master’s degree in business administration, information security management, or engineering management is preferred.

Certifications that demonstrate technical competency in security engineering, software engineering, systems audit, or management, such as the GCSA, GSOM, CISA, or CISM, are strongly preferred.

Experience:

Ten (10) years of professional experience in software engineering, including leadership of multiple technical teams, is required.  Candidates with hands-on software engineering or infrastructure deployment skills that they actively maintain are strongly preferred.

Ten (10) years of professional experience in information security engineering, information security management, or cybersecurity is required.  Previous hands-on technical experience with cybersecurity tools, software engineering, or system administration is strongly preferred.

Demonstrated experience with program management, including contributing to functional strategy, budgeting, capacity planning, and reporting.

Experience with large-scale virtualized or container-based cloud environments required

Experience in high-growth and regulated SaaS fintech environments is strongly preferred

Knowledge, Skills, & Abilities:

Excellent communication and relationship-building skills across technical and business stakeholders, including clients and vendors.

Excellent teamwork skills, including the ability to lead with compassion, command, and confidence under pressure and uncertainty

Expert knowledge of customary business budgetary, planning, review, and reporting processes

Strong capacity planning, resource management, and project management skills to predictably deliver outcomes that address the needs of the company

Excellent presentation delivery skills, including the ability to speak confidently to underlying data and data-driven insights to internal technical and management teams, and, as needed, to technical or management teams inside and outside the company

Ability to read, comprehend, and contextualize technical requirements and specifications accurately.  A Director of Risk Engineering does not delegate technical understanding; they are accountable for it.

Ability to respectfully challenge norms and appropriately question assumptions and approaches to uncover and critically evaluate systematic blind spots, design flaws, or procedural weaknesses

Expert knowledge of common systems hardening approaches, such as STIGs or CIS benchmarks

Strong knowledge of a wide variety of common security concepts, approaches, and technologies to meaningfully contribute to the solutions to complex, undefined problems.  This role is not just administrative.

Calm and serious attitude, technical aptitude, appropriate sense of urgency, and communication skills to effectively coordinate with internal team members to remediate vulnerabilities and reduce risks with technical controls

Must be able to pass requisite background checks to access sensitive information

Must have strong client orientation and demonstrate professional demeanor that earns the trust and respect of individuals inside and outside Lumin Digital

Ability to prioritize tasks, exercise sound judgment, and maintain confidentiality with sensitive information

Ability to work remotely while maintaining a high level of productivity and effectiveness, managing a highly performing team with limited or no supervision

Travel: 

Minimal, generally 12 days or less per year

LIFE AT LUMIN DIGITAL

Lumin Digital is a trailblazer in digital banking solutions, driven by a unique approach to technology, service, and people. We empower credit unions and banks by creating cutting-edge digital experiences that continuously serve, engage, and grow their membership base. Lumin is 100% cloud-native, purpose-built to unlock the full advantages of the cloud for financial institutions and their users.

At Lumin, we thrive on curiosity and innovation. Our culture fosters trust - in our expertise and decisions, respect - for diverse perspectives and talents, and boldness - in pursuing innovative paths. These values guide us, shaping a workplace where collaboration thrives, ideas flourish, and new possibilities are discovered. Focused on continuous improvement and innovation, we encourage our team to explore, experiment, and put new ideas into action, challenging the usual way of doing things.

All qualified applicants, including those with arrest or conviction records, will be considered for employment. Any conditional offer will include a notice regarding the review of the candidate’s criminal history as part of the hiring process.

For more information, visit lumindigital.com.