Head of Security

Eisen•New York City, NY

3d•Hybrid

About The Position

As our first security hire, you will design, build, and present Eisen's security program to the largest financial institutions in the U.S. Eisen processes 16M rows of consumer financial account data each week for 50+ financial institutions, with the goal of covering every consumer account in America. Getting there requires a security program that meets the bar of Tier 1 banks - and a leader who can own it across the table from their CISOs, third-party risk teams, and auditors. You'll own the full lifecycle: designing the controls, operating them across our backend, infrastructure, and vendor ecosystem, and presenting the program externally in a way that wins and retains Tier 1 customers, including enabling Eisen to launch AI features inside the back office of the most security-conscious institutions in the country. This is a greenfield role so nothing to inherit. You'll report directly to our CTO.

Requirements

7+ years in security engineering or leadership, ideally including a B2B company serving financial services or another regulated industry.
Ability to present a security program directly to Tier 1 financial institutions or comparable enterprise customers - leading reviews, responding to RFPs, engaging CISO orgs and third-party risk teams.
Track record driving SOC 2 Type II (and ideally ISO 27001) from design through audit, owning the auditor relationship.
Working knowledge of FFIEC, NIST CSF, GLBA, NYDFS Part 500, and state financial privacy regimes, and how each translates into concrete technical controls.
Hands-on experience designing IAM, RBAC, and privilege-escalation systems in cloud-native environments (AWS, GCP, or similar), and secure-systems design across APIs, backend services, and data stores.
Hands-on disaster recovery experience: backups, restore testing, and defining and measuring RPO/RTO.
Excellent written and verbal communication - you can write a whitepaper a bank's CISO will respect and hold the room in a live security review.
A doer mentality. You'll have a budget for consultants and tooling, but the judgment and architecture are yours.

Nice To Haves

Even if you don’t feel like you meet 100% of the qualifications outlined above.

Responsibilities

Present the security program to Tier 1 FIs.
Lead security reviews, due-diligence cycles, and architecture deep-dives with CISO orgs, third-party risk teams, and their auditors.
Translate our controls into the frameworks FIs use to evaluate vendors (FFIEC, NIST CSF, SOC 2, ISO 27001), and make our posture a reason to choose Eisen - not a hurdle to clear.
Own compliance and audit. Drive SOC 2 Type II as the foundation, layer on ISO 27001 as customers require, and own the auditor relationship.
Turn security questionnaires from a deal-blocking bottleneck into a days-not-weeks motion.
Partner with product and engineering to launch Eisen's AI features inside Tier 1 financial institutions - defining the controls, data handling, and review processes that let banks say yes to AI in their compliance workflows.
Set and enforce the controls that protect 16M+ rows of consumer financial account data per week - encryption, key management, classification, retention, deletion, and access to production data logged to a standard a Tier 1 auditor would accept.
Own identity and access. Service accounts, IAM, RBAC, and privilege escalation across production - least privilege, time-bound, immediate offboarding.
Evaluate, onboard, and continuously monitor every vendor and sub-processor that touches Eisen or customer data. Hold the supply chain to the same bar.
Design DR so no failure, incident, or human error causes irreversible loss; define RPO/RTO for every critical system and prove the numbers through restore testing.
Make every security-relevant action attributable.
Own incident response. Detection, response, customer notification, and post-mortem. Be the person who runs the room when something goes wrong, and the person FIs trust to tell them the truth quickly.