Chief Information Security Officer

About The Position

Requirements

• Strong knowledge of compliance regimes including ISO 27001, SOC 2 Type II, and PCI-DSS.
• Experience with privacy regimes including GDPR and state laws like CCPA.
• Familiarity with state security regulations such as NYDFS.
• Ability to navigate and monitor governance published by OCC, Treasury Department, FFIEC, FDIC, and NCUA.
• Understanding of SDLC and CI/CD, with the ability to integrate security processes within them
• Strong knowledge of SaaS and Fintech industry security requirements.
• Proven experience in developing and implementing security policies and procedures.
• Excellent understanding of current legislation and regulations relevant to information security and data privacy.
• Bachelor’s degree in computer science, Information Technology, or a related field required; master’s degree preferred.
• Minimum of 10 years of experience in information security, with at least 5 years in a leadership role.
• At least 5 years of experience leading a security business function.
• Strong knowledge of SaaS and Fintech industry security requirements.
• Proven experience in developing and implementing security policies and procedures.
• Excellent understanding of current legislation and regulations relevant to information security and data privacy.
• Strong leadership, communication, and interpersonal skills.
• Ability to work effectively in a fast-paced, rapidly changing environment.
• Leading SAFe Agilist (SA) certification required to understand SAFe principles, building an agile mindset, and leading Agile transformation; or the ability to obtain within the first 90 days of employment

Nice To Haves

• master’s degree preferred
• Certifications such as CISSP, CISM, or CISA are highly desirable.

Responsibilities

• Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program.
• Lead the development and implementation of a robust cybersecurity strategy to protect the company’s information assets.
• Manage the Information Security Management System (ISMS) and Artificial Intelligence Management System (AIMS).
• Lead monthly Information Security and AI Governance meetings.
• Assess and manage security risks from vendors, partners and sub processors.
• Conduct annual business continuity and disaster recovery exercises/simulations.
• Orchestrate phishing simulations and education.
• Author, maintain and prepare policy documents for external auditors and client due diligence.
• Ensure compliance with relevant regulations and standards, including SOC 2 Type II control objectives and PCI-DSS.
• Conduct regular security assessments and audits to identify vulnerabilities and mitigate risks.
• Lead audits and assessments to ensure ongoing compliance and security improvements.
• Oversee incident response planning and the investigation of security and operational incidents.
• Collaborate with the IT department to ensure security is integrated into all system architecture and processes.
• Provide leadership and guidance to employees, fostering a culture of security awareness across the organization.
• Develop and deliver security training programs for employees.
• Stay current with the latest cybersecurity trends, threats, and technology solutions.
• Responding to client and prospect inquiries regarding assurance and security programs.
• Use AI responsibly and in alignment with policy, including ongoing learning, and incorporate AI into routine tasks such as drafting communications, summarizing meetings, and organizing information.