Chief Information Security Officer (CISO)

FloatMe•San Antonio, TX

1d•$200,000 - $250,000

About The Position

We’re hiring a Chief Information Security Officer (CISO) to own and elevate our security program at FloatMe. We are looking for someone who can help us as we scale through bank partnerships, pursue SOC2 compliance, and maintain the highest security for our users. As our CISO, you’ll be both a strategic leader and a hands-on practitioner. This role isn’t a purely executive seat — we need someone who can sit in a compliance review one hour and be configuring security tooling the next. You’ll own our security roadmap, our compliance certifications, our partner security reviews, and the day-to-day technical operations that keep our members’ data safe. We’re a small, nimble team, which means this role requires the flexibility to switch gears between tactical execution and strategic planning. This role reports to our SVP, Engineering. If you’re excited to join a fast-moving fintech where you can build something meaningful, we’d love to hear from you!

Requirements

10+ years’ of progressive experience in information security, with at least 2 years in a senior IC or leadership role. Prior CISO title preferable but proximity to CISO activities is sufficient. The key here is that you can both be the thinker and leader we need, but also still feel very comfortable being hands-on.
Demonstrated hands-on experience leading SOC 2 Type I/II audits from scoping through certification.
Practical knowledge of GLBA, PCI DSS, and other financial services compliance requirements.
Direct experience managing bank partner or enterprise security reviews (e.g., SIG, CAIQ, VSA questionnaires).
Proficiency with cloud security (AWS and Cloudflare preferred), including IAM, VPCs, CloudTrail, GuardDuty, or equivalents.
Hands-on experience with penetration testing methodologies or managing third-party pen test engagements.
Strong working knowledge of SIEM, EDR, vulnerability management, and secrets management tooling.
Experience building and running an incident response program, including playbooks and tabletop exercises.
Excellent written and verbal communication skills — you can explain technical risk to non-technical stakeholders.
Experience in fintech, neobank, lending, or another consumer financial services environment strongly preferred.

Nice To Haves

CISSP, CISM, CISA, or equivalent certification are a plus.

Responsibilities

Serve as the primary security point of contact for our bank and fintech partners, completing security questionnaires, third-party risk assessments, and due diligence requests.
Steer the architecture of our Cloud, Device, and Network infrastructure with a mind for security-first designs and plans.
Set the direction for a small number of our staff regarding our infrastructure design, security, integrations and partnerships, and more (IT, Data, and Security).
Own our SOC 2 Type II program end-to-end, including scoping, control design, evidence collection, and auditor management.
Maintain and strengthen our compliance posture across GLBA, PCI DSS, and other applicable financial services regulatory frameworks.
Manage and improve our core security infrastructure: SIEM, EDR, WAF, IAM, secrets management, and vulnerability scanning tools.
Conduct or manage regular penetration testing and vulnerability assessments, and drive remediation to closure.
Lead incident response efforts — including hands-on triage, containment, forensics, post-incident review, and breach notification processes.
Build and run security awareness training and phishing simulations across the company.
Review and negotiate security requirements in partner and vendor contracts.
Partner cross-functionally with Product, Engineering, Finance, and Legal to embed security into everything we build.
Develop and maintain our multi-year security roadmap and report security posture and risk to executive leadership.