Chief Information Security Officer (CISO)

About The Position

Requirements

• 15+ years in Information Security, including 5+ years in a CISO or senior security leadership role in financial services, fintech, or SaaS.
• Bachelor's degree in a relevant field such as computer science, information technology, or cybersecurity,
• Deep expertise in API Security, Cloud Security, Product Security, and Identity/Fraud Detection systems.
• Proven experience implementing FFIEC-aligned compliance frameworks and managing regulatory engagements.
• Hands-on familiarity with AI/ML security, data protection, and DevSecOps practices.
• Strong understanding of financial data privacy, Open Banking standards, and API threat prevention.
• Strategic and execution-focused; able to bridge compliance rigor with agile innovation.
• Strong collaborator with the CTO, CPO, and Engineering leadership to embed trust and security into the product DNA.
• Credible communicator with regulators, boards, and financial institution CISOs.
• Passionate about advancing AI-enabled security and fraud detection as differentiators in digital banking.

Nice To Haves

• Certifications such as CISSP, CISM, CCSP, or CRISC preferred.

Responsibilities

• Security & Compliance Leadership Lead enterprise-wide information security strategy and governance aligned to FFIEC, GLBA, NIST CSF, SOC2, ISO 27001, PCI-DSS, and GDPR. Manage regulatory relationships and ensure audit readiness with customers, regulators, and independent assessors. Define and monitor security risk metrics, dashboards, and board-level reporting. Partner with Legal, Risk, and Compliance teams to maintain proactive adherence to evolving banking and fintech regulations.
• Product, Platform, and API Security Build and mature Secure SDLC practices integrating SAST/DAST, dependency scanning, and threat modeling. Lead a comprehensive API Security program addressing authentication, authorization, token management, rate limiting, payload inspection, and anomaly detection. Secure Open Banking and Fintech APIs, ensuring compliance with data security and privacy standards. Oversee penetration testing and bug bounty programs, emphasizing API and data-layer resilience. Collaborate with Product and Engineering to ensure secure-by-design principles are applied to all services, including microservices deployed in GCP and AWS. Embed fraud detection and identity protection mechanisms — such as device fingerprinting, behavioral analytics, and AI-based anomaly detection — directly into platform and product architectures.
• Identity, Fraud Detection & Trust Oversee the architecture, compliance, and integrity of Candescent’s Identity and Fraud Detection products. Partner with Product and Engineering to enhance fraud prevention models and partner integrations for fraud detection. Establish governance and controls around customer identity data protection, in compliance with privacy frameworks.
• AI Governance & Responsible AI Define and implement AI security and compliance frameworks covering model and AI tooling development, deployment, and monitoring. Partner with Candescent AI Labs to secure AI pipelines and defend against prompt injection, model inversion, and data leakage. Lead Responsible AI initiatives, aligning with regulatory guidance and customer expectations. Serve as an executive sponsor for AI risk management, bridging security, ethics, and compliance.
• Cloud & Infrastructure Security Oversee identity and access management (IAM), encryption, key management (KMS), and Zero Trust Architecture across hybrid environments. Lead incident response, root cause analysis, and business continuity exercises. Collaborate with SRE and Platform teams to strengthen resiliency, observability, and reliability in production systems.
• Fintech Ecosystem & Third-Party Risk Govern security and compliance for fintech integrations, payment networks, and core banking partners. Strengthen and lead a Vendor Risk Management (VRM) and Third-Party Assurance program. Engage directly with customer CISOs, auditors, and regulatory stakeholders to communicate Candescent’s security posture and roadmap. Ensure all third-party integrations meet FFIEC and GLBA security requirements.

Benefits

• Report directly to the CTO and help define security and compliance strategy for a market-leading fintech platform.
• Build and scale AI-driven identity and fraud detection capabilities powering trust across our digital banking ecosystem.
• Lead a modern, API-first, multi-cloud security organization that enables secure innovation at scale.
• Influence the future of AI, security, and compliance in the financial technology industry.