Director of Information Security and Technical Operations

About The Position

Requirements

• Bachelor’s degree in computer science, engineering, business or similar relevant field; master’s degree preferred.
• At least 4 years in a senior leadership role (Director, Senior Director, Head of Security, CISO, or similar) in a cloud centric or SaaS/fintech environment.
• Minimum 8 years of progressive experience in information security and IT operations.
• Strong working knowledge of SOC 2 compliance, leading audits, meeting NYDFS and FTC information security requirements or similar financial sector regulations, including governance and reporting obligations, NIST security frameworks (e.g., NIST CSF, NIST 800 53).
• Experience mapping and implementing controls across hybrid/cloud environments.
• Understanding of modern cloud architectures (AWS/Azure/GCP), DevSecOps practices, identity and access management, endpoint security, and security monitoring / SIEM platforms.

Nice To Haves

• Relevant certifications such as CISSP, CISM, CISA, CCSP, or equivalent and experience with additional frameworks and regulations (e.g., ISO 27001, PCI DSS, GLBA) preferred.

Responsibilities

• Develop, own, and continuously improve the Company’s enterprise-wide Information Security Program, including strategy, policies, standards and roadmap, in alignment with business and regulatory requirements (FTC Safeguards Rule, SOC 2, NIST 800‑53/CSF, NYDFS 23 NYCRR 500).
• Direct and lead day‑to‑day security operations and maintain ongoing operation of secure network architectures, including segmentation, firewalls, VPNS, connectivity with vendors, threat detection, incident response, vulnerability management, and security monitoring across cloud and on‑prem environments.
• Oversee core technology operations, including IT infrastructure, network administration, endpoint management, identity and access management and core productivity/tech services platforms.
• Own the security and technology controls required for SOC 2 audits, including evidence collection, control operation, remediation plans, and engagement with external auditors and customer due diligence teams.
• Implement and maintain a risk management framework aligned to NIST and serve as the Company’s designated Qualified Individual for purposes of the FTC Safeguards Rule, overseeing compliance with NYDFS 23 NYCRR Part 500, including risk assessments, incident response coordination, treatment plans, and regular reporting of risk posture to executive leadership and the board.
• Partner closely with Product, Engineering, and Data teams to embed security‑by‑design, conduct security architecture reviews, and manage application and API security across the fintech platform.
• Lead third‑party and vendor security risk management, including due diligence, contract security requirements, ongoing monitoring, and exception management.
• Define and track security and operational KPIs/KRIs (e.g., incident MTTR, patching SLAs, control coverage, uptime/availability) and present regular metrics and program updates to senior leadership and the board.
• Develop and manage the information security and operations budget including resource planning and tooling strategy, as well as establish training programs tailored for a fintech workforce to support scalable and efficient growth.
• Other duties as assigned by management.
• Must be able to come to work promptly and regularly.
• Must be able to take direction and work well with others.
• Must be able to work under the stress of deadlines.
• Must be able to concentrate and perform accurately.
• Must be able to react to change productively.

Benefits

• Day-one Health Benefits (medical, dental, vision, and flexible spending options like HSA or FSA accounts).
• 401(k) with company match enrollment on day-one.
• Paid, Sick and Volunteer Time Off
• Paid Parental Leave Options
• Employer Paid Life and Disability
• Wellbeing on Demand Program
• Flexible Work Environment with a casual dress code