If you're a Security Professional I would think twice
Pros
Some genuinely smart individuals who work here. Modern tools like Rapid7 were being used and there was potential to build something strong if leadership aligned behind a clear plan.
Cons
Day to day security felt reactive instead of strategic. Basic things like access, approvals, and tool enablement often took far longer than they should have. I raised specific issues with clear recommendations, was told they weren’t a priority, and then months later we ended up implementing the same suggestions after problems surfaced. Leadership seemed heavily operations focused but lacked longterm vision for maturing the program. There was difficulty clearly identifying critical assets or agreeing on a maturing roadmap. Framework discussions were dismissed as unnecessary for our size, which was surprising in a regulated financial environment. Communication across teams was inconsistent, priorities shifted frequently, and accountability was limited. It often felt like rework instead of progress. If you’re a security professional who values structured leadership with a clear vision, clear ownership and proactive planning, this environment may be frustrating and I would not recommend it for growth career wise.