Director, Cybersecurity


Remote job description

A home is the biggest investment most people make, and yet, it doesn't come with a manual. That's why we're building the only app homeowners need to effortlessly manage their homes ?" knowing what to do, when to do it, and who to hire. With Thumbtack, millions of people care for what matters most, and pros earn billions of dollars through our platform. And as one of the fastest-growing companies in a $600B+ industry ?" we must be doing something right.

We are driven by a common goal and the deep satisfaction that comes from knowing our work supports local economies, helps small businesses grow, and brings homeowners peace of mind. We're seeking people who continually put our purpose first: advocating for pros and customers, embracing change, and choosing teamwork every day.

At Thumbtack, we're creating a new era of home care. If making an impact and the chance to do good inspires you, join us. Imagine what we'll build together.

Thumbtack by the Numbers

  • Available nationwide in every U.S. county
  • 80 million projects started on Thumbtack
  • 10 million 5-star reviews and counting
  • Pros earn billions on our platform
  • 1000+ employees
  • $3.2 billion valuation (June, 2021)

About the Cybersecurity Team

The Cybersecurity team at Thumbtack serves as an internal cybersecurity advisory and auditing body, dedicated to preserving the confidentiality, integrity, and accessibility of information systems, identities, and data assets. Our primary objectives include offering proactive security guidance, establishing and upholding a robust and secure infrastructure, and promoting a culture of security consciousness and adherence across the organization. We are responsible for supervising the implementation and management of all cybersecurity initiatives.

About the Role

The Director of Cybersecurity oversees all aspects of the organization's cybersecurity strategy, including risk management, incident response, compliance, and awareness training. They make quick and effective decisions to address security challenges and provide recommendations to mitigate risks. Collaborating with various departments and external stakeholders, they ensure alignment with organizational goals and regulatory requirements. Ultimately, they foster a culture of security awareness and compliance to protect data and information systems for employees, pros, and customers.


  • Lead and manage the cybersecurity team, including hiring, training, and performance management.
  • Provide strategic direction and guidance on cybersecurity initiatives, ensuring alignment with business objectives.
  • Develop and implement cybersecurity policies, procedures, and standards in alignment with industry best practices and regulatory requirements.
  • Oversee incident response activities, including detection, analysis, containment, eradication, and recovery from cybersecurity incidents.
  • Stay abreast of emerging cyber threats, vulnerabilities, and technologies to continuously improve the organization's security posture.
  • Collaborate with internal stakeholders, including IT, legal, compliance, and business units, to ensure cybersecurity requirements are integrated into business processes.
  • Serve as the primary point of contact for cybersecurity-related inquiries from internal and external stakeholders, including clients, auditors, and regulators.

What you'll need

If you don't think you meet all of the criteria below but still are interested in the job, please apply. Nobody checks every box, and we're looking for someone excited to join the team.

  • Bachelor's degree in Computer Science, Information Security, or related field. Master's degree preferred.
  • Certified Information Systems Security Professional (CISSP) or equivalent certification.
  • Minimum of 10 years of experience in cybersecurity, with a proven track record of leadership and team management.
  • Strong understanding of cybersecurity and privacy frameworks and standards, including NIST CSF, NIST RMF, ISO27001, SOC 2, PCI DSS.
  • Experience leading incident response activities, including forensics, investigations, and coordination with law enforcement.
  • Deep technical knowledge of cybersecurity technologies, tools, and techniques, including intrusion detection/prevention systems, SIEM, endpoint protection, and encryption.
  • Excellent communication and interpersonal skills, with the ability to effectively communicate cybersecurity risks and recommendations to non-technical stakeholders.

Bonus points if you have

  • Programming knowledge (Golang, Python, PHP, UNIX shell scripting, etc)
  • Understanding of IT and information security principles and best practices (e.g., ITIL, CAN-SPAM, TCPA)

Thumbtack is a virtual-first company, meaning you can live and work from any one of our approved locations across the United States, Canada or the Philippines.* Learn more about our virtual-first working model here.

For candidates living in San Francisco / Bay Area, New York City, or Seattle metros, the expected salary range for the role is currently $300,000 - $350,000. Actual offered salaries will vary and will be based on various factors, such as calibrated job level, qualifications, skills, competencies, and proficiency for the role.

For candidates living in all other US locations, the expected salary range for this role is currently $260,000 - $300,000. Actual offered salaries will vary and will be based on various factors, such as calibrated job level, qualifications, skills, competencies, and proficiency for the role.


Benefits & Perks
  • Virtual-first working model coupled with in-person events
  • 20 company-wide holidays including a week-long end-of-year company shutdown
  • Library (optional use collaboration & connection hub) in San Francisco
  • WiFi reimbursements
  • Cell phone reimbursements (North America)
  • Employee Assistance Program for mental health and well-being

Learn More About Us

Thumbtack embraces diversity. We are proud to be an equal opportunity workplace and do not discriminate on the basis of sex, race, color, age, pregnancy, sexual orientation, gender identity or expression, religion, national origin, ancestry, citizenship, marital status, military or veteran status, genetic information, disability status, or any other characteristic protected by federal, provincial, state, or local law. We also will consider for employment qualified applicants with arrest and conviction records, consistent with applicable law.

Thumbtack is committed to working with and providing reasonable accommodation to individuals with disabilities. If you would like to request a reasonable accommodation for a medical condition or disability during any part of the application process, please contact:

If you are a California resident, please review information regarding your rights under California privacy laws contained in Thumbtack's Privacy policy available at .

Company name: Thumbtack
Remote job title: Director, Cybersecurity
Job tags: SOC 2, PHP, CISSP

Share or copy

Job alerts