Chief Information Security Officer

The Chief Information Security Officer (CISO) is responsible for designing and implementing an information security program at Pushpay. This role involves protecting the company's products, systems, and personnel from both external and internal threats. The CISO will work alongside company executives to establish and enforce policy, assess security risks, and implement mitigation plans. It is a VP/Sr VP level role and requires formal qualifications and considerable application experience in the field of cybersecurity, data privacy, and internal security policy.

• Supervise information security personnel.
• Design, implement, and monitor a company-wide information security program.
• Develop, socialize, approve, and implement procedures, standards, and policies to protect the privacy and integrity of Pushpay products, systems, and data.
• Ensure compliance with regulations and security policies, such as PCI compliance and data privacy regulations.
• Manage the internal PCI program and compliance.
• Identify and maintain compliance with relevant standards and frameworks, such as SOC2, ISO 27001, NIST cybersecurity framework.
• Establish a "Security by Design" practice with product and engineering, including secure coding practices, threat modeling, and response and recovery plans.
• Collaborate with other executive functions to establish policies, assess risk, and implement mitigations.
• Develop and maintain up-to-date information security policies, standards, and guidelines.
• Conduct company-wide training on data privacy and security practices.
• Develop and execute security-related incident response plans and procedures.
• Continuously evaluate overall information security capabilities and needs of the company.
• Develop budget plans for personnel and non-personnel resources.
• Act as the appointed Data Protection Officer for the company.
• Collaborate with internal contacts such as VP and C-Suite staff, IT and Operations leadership, Engineering and product leadership.
• Engage with external contacts such as PCI Auditors, Regulatory agencies, and 3rd party counsel.
• Possess formal qualifications and considerable application experience in the field of cybersecurity, data privacy, and internal security policy.

• Supervise information security personnel
• Design, implement, and monitor a company-wide information security program
• Develop, socialize, approve, and implement procedures, standards, and policies to protect the privacy and integrity of Pushpay products, systems, and data
• Ensure compliance with regulations and security policies, such as PCI compliance and data privacy regulations
• Manage the internal PCI program and compliance
• Identify and maintain compliance with relevant standards and frameworks, such as SOC2, ISO 27001, NIST cybersecurity framework
• Establish a "Security by Design" practice with product and engineering teams
• Work with other executive functions to establish policies, assess risk, and implement mitigations
• Develop and maintain up-to-date information security policies, standards, and guidelines
• Provide company-wide training on data privacy and security practices
• Develop and execute security-related incident response plans and procedures
• Evaluate overall information security capabilities and needs of the company
• Develop budget plans for personnel and non-personnel resources
• Act as the appointed Data Protection Officer for the company
• Formal qualifications and considerable application experience in the field of cybersecurity, data privacy, and internal security policy.

• 100% employer-paid premiums for Medical, Dental, and Vision for employee
• 75%+ employer-paid premiums for Medical, Dental, and Vision for dependents
• 401K match
• Flexible / remote working program
• 12 paid company holidays
• 25 days PTO
• Paid parental and adoption leave
• Compensation Range: $210,000- $270,000
• 10% STI