Director of Security Risk Engineering

About The Position

Requirements

• Bachelor's degree required in Computer Science, Information Security, or a related technical field.
• 12+ years of progressive experience in information security, IT risk management, or cyber defense roles.
• Must be an active technical practitioner with a proven track record of independently performing manual penetration testing, vulnerability exploitation, detection/response activities, and code reviews across cloud and application infrastructures, without relying solely on automated commercial tools.
• 3+ years of proven experience in senior leadership or management roles specifically within a security engineering organization, managing people, cross-functional teams and complex security programs.
• In-depth technical knowledge of security architecture, secure cloud infrastructure (e.g., AWS/Azure/GCP), application security principles, and adversarial emulation (Red Teaming).
• Highly hands-on and technically skilled.
• Strong strategic thinker with the ability to contribute to and translate the CISO’s high-level vision into actionable plans and drive successful execution.
• Balances technical risk reduction with business enablement, ensuring security infrastructure serves as a competitive advantage that unblocks global revenue and enterprise-client acquisition.
• Exceptional communication and stakeholder management skills, with a demonstrated ability to articulate complex security risks and technical concepts to both engineering teams and executive management/the Board.
• Robust capability to operate as a strategic second-line risk leader.
• Proven experience defining enterprise security risk appetites, establishing governance frameworks, and executing independent control testing to validate that the first line (engineering/product teams) effectively manages cyber risk.
• Comprehensive understanding of modern system security design principles, intrusion prevention, API security, and automated vulnerability management.
• Demonstrated capability to prioritize tasks, maintain cross-functional transparency, and make critical risk decisions under pressure during live security incidents.
• Ability to collaborate effectively as a trusted partner across the global organization, promoting a collaborative culture of continuous resilience and security awareness.

Nice To Haves

• A Master's degree is highly preferred.
• CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager)
• CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information Systems Auditor), or ISACA AAISM™ (Advanced in AI Security Management)
• OffSec OSAI (Offensive Security AI Red Teamer), OSCP (Offensive Security Certified Professional), OSCE (Offensive Security Certified Expert), or SANS GXPN (GIAC Exploit Researcher and Advanced Penetration Tester)

Responsibilities

• Define, implement, and monitor a comprehensive security engineering strategy across Application Security, AI Security, Cloud Security, Corporate Security, Security Operations (SecOps/Incident Detection & Response), and Red Teaming (Penetration Testing), aligning initiatives with global business objectives and emerging financial threats.
• Support the CISO to lead and manage the global security engineering organization, including hiring, training, mentoring, performance management, and budget oversight.
• Oversee the design and continuous improvement of secure architecture for systems, cloud infrastructure, networks, and applications, ensuring strict alignment with security best practices.
• Partner with Business, Development, DevOps, Product, Program, Risk/Compliance, and IT leaders to seamlessly integrate security controls into all phases of the engineering and CI/CD lifecycle. Engage actively with external stakeholders, auditors and global regulators on related fronts.
• Leverage AI and automated tooling to develop proactive measures, threat intelligence capabilities, and scalable defenses against vulnerabilities across all engineering domains.
• Personally adopt an attacker's mindset to identify complex attack chains, logic flaws, and zero-day vulnerabilities within financial platforms and product architectures.
• Direct and coordinate responses to critical enterprise security incidents, managing containment, forensic investigation, and rapid remediation efforts alongside SecOps.
• Maintain an information security framework that ensures continuous readiness for strict industry audits and regulatory compliance requirements globally (e.g., NIST CSF 2.0, ISO 27001, PCI-DSS 4.0, DORA).
• Define and maintain metrics that communicate security posture, program progress, and incident risk analysis to the CISO, senior executive leadership, and the Board.
• Stay ahead of global fintech trends, adopting cutting-edge technologies and methodologies—specifically regarding secure AI deployment—to continuously strengthen the organization's security posture.

Benefits

• Competitive compensation
• Employee Stock Purchase Plan (ESPP)
• Competitive time off, including Digital Disconnect and FlyBetter Days to volunteer in a cause you believe in.
• Wellbeing Programs (Mental Health, Wellness, Yoga/Pilates/HIIT Classes) with Global FlyMates