Director of Information Security

Washington, DC

We are ambitious, well-funded, and plan to change a $1 trillion-dollar global industry. This is no ordinary startup. We’ve brought on some of the most passionate, intelligent, and seasoned founding team members on the planet. We are building a product that will innovate business travel, delivering the cost savings that companies demand and a new level of great incentives that business travelers deserve. 


    • You have a Bachelor's or Master's Degree in a relevant field of work or equivalent work experience and one or more security-related certifications, such as CISSP, CEH, CISA, CISM, SECURITY+ or OSCP.
    • You have 8-10 years’ experience in Information Technology and 5+ years’ experience leading and managing team.
    • You possess a diverse technical background in Security and Risk Management combined with significant organizational and industry awareness and knowledge.  As a plus, you have specific experience with threat modeling and risk assessment for web applications and web APIs.
    • You have a conceptual understanding with deep and broad expertise over multiple security subject areas and significant applied experience, especially cloud (AWS) security architecture.  
    • You have demonstrated knowledge on how business enabling technology (e.g. IoT, Nano, A.I.) increases the threat landscape, while understanding how to apply technology (IoT, biometrics, A.I.) to mitigate cyber risk.
    • You have knowledge and understanding of relevant legal and regulatory requirements, such as the Payment Card Industry/Data Security Standard Personally Identifiable Information (PII).
    • You can manage multiple projects while staying current with emerging security technology.


    • Build, lead, manage and support the  team to drive best of breed security with cloud based technologies.
    • Ensure that the security of all systems is actively maintained and hardened against industry, legal and compliance standards.
    • Develops and maintain the overall security architecture, technical security standards/guidelines/procedures for infrastructure and Upside's Secure Software Development Lifecycle (S-SDLC).
    • Collaborate with other business units to build and maintain compliance standards, especially PCI and PII.
    • Managed proof-of-concepts that enable the business to continue to grow while reducing risk and maintain security roadmap.
    • Develop and support Upside's cybersecurity strategy through assessment of appropriate vendor relationships related to information security tools, technology and services.
    • Build and maintain the security incident management program including incident response, recover, communications and forensic investigation.
    • Contribute to the development of the engineering culture including Agile, test driven development and DevOps.

We are positive, passionate, playful, and always pushing to be better. Our team is a hodgepodge of challenge seekers, travel gurus, startup junkies, and data-miners who see the big picture.

We love to ship. We're completely on the CI/CD train, shipping code multiple times a day. We've developed a clustered container environment in AWS using Docker and Kubernetes to manage dozens of microservices written primarily in Node and Go. Our web frontend is written in React/Redux and we're building native iOS and Android apps that take full advantage of the powerful platforms they run on. View our blog at:

·       You are motivated by disrupting the norm.
·       You have a great sense of humor and take your profession seriously, but not yourself.
·       Your entrepreneurial spirit drives your bias for action.
·       You are all about constructive feedback - you can dish it out and you can take it.
·       You thrive in the frenetic energy of a startup.

·       Competitive salary + equity
·       Full health, vision, and dental coverage
·       401K plan
·       Open paid time off
·       Impromptu Nerf gun battles

Upside Travel is an equal opportunity employer and encourages people of all backgrounds, genders, ethnicities, abilities, and sexual orientations to apply. We are committed to being an inclusive place to work, while maintaining a workforce that represents the communities we serve.