Head of Information Security (CISO)

About The Position

Requirements

• 5 - 10 years of progressive experience in Information Security and Cyber Risk Management, with at least 3-5 years in a senior leadership role (Director, VP, or CISO).
• Demonstrable experience working within the Fintech or a closely regulated financial services industry is required.
• Deep expertise in regulatory frameworks relevant to financial data (PCI DSS, ISO 27001, SOC 2, or similar).
• Proven hands-on experience securing modern, cloud-native environments (e.g., AWS, GCP).
• Exceptional leadership, communication, and interpersonal skills, with the ability to influence technical teams, executive management, and external stakeholders.
• Bachelor's degree in Computer Science, Information Technology, or a related field.

Nice To Haves

• Advanced degree (e.g., Master's in a relevant field or MBA).
• Relevant professional certifications (e.g., CISSP, CISM, CRISC, CISA).
• Experience with advanced security techniques such as offensive security/penetration testing and threat intelligence.
• Familiarity with securing high-velocity workflows and microservices architecture.

Responsibilities

• Develop, own, and continually refine the comprehensive Information Security and Cyber Risk Management strategy and roadmap for the company, aligning it with business goals and regulatory requirements.
• Lead, mentor, and scale a high-performing security organization, fostering a culture of security-first thinking across all departments.
• Manage the security budget, technology investments, and vendor relationships to ensure cost-effective and robust security controls.
• Establish and maintain an enterprise-wide risk management framework to identify, assess, and prioritize security risks across the technology stack and business operations.
• Ensure rigorous compliance with all relevant financial regulations and standards (e.g., PCI DSS, SOC 2, ISO 27001, CCPA, CSF/NIST, and any specific regional financial regulatory bodies).
• Oversee all security audits, compliance assessments, and regulatory examinations, and manage the timely remediation of findings.
• Collaborate with the legal, compliance and privacy functions to conduct reviews/audits, RFPs, recommend policies and procedures, monitor status and report violations to appropriate management.
• Define and govern the security architecture for our cloud-native environment [AWS/GCP].
• Implement and manage a robust set of security tools and technologies (SIEM, Endpoint Detection & Response, Vulnerability Scanners, Firewalls, Data Loss Prevention, etc.).
• Champion DevSecOps principles, partnering closely with Engineering to embed security controls (SAST, DAST, SCA) into the CI/CD pipeline and Software Development Lifecycle (SDLC).
• Oversee all aspects of data protection, identity and access management (IAM), and network security.
• Develop, test, and lead the Security Incident Response Plan (SIRP), ensuring the team can rapidly detect, contain, and recover from security incidents.
• Manage the Disaster Recovery (DR) and Business Continuity Plan (BCP) efforts to ensure business resilience.
• Provide clear, concise, and regular reporting on the organization's security posture, key risks, and security metrics to the Executive Team and Board of Directors.
• Serve as the key security subject matter expert across the organization to implement changes and best practices to continuously improve the security posture of the enterprise.
• Represent the organization with external stakeholders to confidently articulate our security controls.

Benefits

• unlimited paid time off
• 401(k) match
• a monthly wellness stipend
• health/ dental/ vision insurance options
• disability coverage
• paid parental leave
• flexible spending account (for childcare and healthcare)
• life insurance
• a remote-friendly work environment