Deputy Chief Information Security Officer

About The Position

Requirements

• 10–15+ years of cybersecurity experience, including 3+ years in a senior leadership or director-level role
• Broad security background across multiple domains, not a single-specialty profile
• Strong application security experience and ability to assess technical risk without needing to be hands-on coding daily
• Experience operating in a startup, scale-up, or similarly resource-constrained environment where prioritization and pragmatism are critical
• Ability to evaluate risk, stack-rank priorities, and focus on the highest-impact security work
• Strong working knowledge of compliance frameworks such as SOC 2, PCI DSS, ISO 27001, GDPR, CCPA, DORA, and ideally FedRAMP
• Experience participating in or leading security incidents
• Strong cloud, SaaS security, IAM, endpoint security, and zero-trust fundamentals
• Familiarity with AI-assisted workflows and emerging AI/ML security risks
• Customer-facing communication skills, with the ability to support sales, security reviews, and executive-level customer conversations
• A collaborative, business-enabling approach to security — someone who helps teams find safe paths forward rather than defaulting to “no”
• Strong leadership presence and ability to build trust with security, engineering, executive, and go-to-market teams
• Must be based in the United States and authorized to work in the US without sponsorship

Nice To Haves

• Experience in fintech, payments, security, bot mitigation, or regulated industries is a plus, but not required

Responsibilities

• Partner with the CISO on Sardine’s overall security strategy, roadmap, priorities, and execution
• Help identify, prioritize, and address the highest-risk areas across the business
• Support security reporting, executive updates, budgeting, vendor evaluation, and planning
• Partner on key compliance initiatives, including PCI, SOC 2, ISO 27001, DORA, and future FedRAMP readiness
• Support incident response and act as a deputy incident lead when needed
• Work closely with Engineering on application security, secure SDLC, vulnerability management, threat modeling, and remediation
• Assess and improve security across cloud infrastructure, SaaS tools, IAM, endpoint management, and corporate IT systems
• Bring strong AppSec fluency, including understanding how code moves from design through production, CI/CD, testing, SAST/DAST, dependency scanning, and secrets management
• Partner with Product and Engineering on security considerations for AI/ML systems, bot mitigation, and abuse prevention
• Support customer-facing security conversations, RFPs, due diligence, security reviews, and executive briefings
• Help build trust with enterprise customers by translating technical security concepts into clear business language
• Partner cross-functionally with Legal, Sales, Engineering, Product, People, and IT
• Champion a pragmatic security culture that enables the business while managing risk

Benefits

• Generous compensation in cash and equity
• Early exercise for all options, including pre-vested
• Work from anywhere: Remote-first Culture
• Flexible paid time off and Year-end break
• Health insurance, dental, and vision coverage for employees and dependents - US and Canada specific
• 4% matching in 401k / RRSP - US and Canada specific
• MacBook Pro delivered to your door
• One-time stipend to set up a home office — desk, chair, screen, etc.
• Monthly meal stipend
• Monthly social meet-up stipend
• Annual health and wellness stipend
• Annual Learning stipend