Principal, Corporate Information Security

About The Position

Requirements

• 7+ years in Information Security, Risk Management, or Business Continuity, preferably within a regulated financial environment.
• Deep understanding of encryption standards, access controls, and data protection compliance.
• Strong working knowledge of SOC 2, ISO 27001, and NIST CSF.
• Familiarity with Lean Six Sigma, ITIL, or PMP frameworks.
• M&A Experience preferred
• Ability to perform "risk storytelling," translating technical vulnerabilities into business impact to secure buy-in from the C-suite and Board.
• Connect InfoSec, Business Continuity, and Vendor Risk strategies to broader corporate objectives.
• A proven track record of building consensus, securing resources, and navigating conflicting priorities between external vendors and internal executives.
• Ability to influence organizational culture and drive the adoption of new security behaviors across diverse business units.

Nice To Haves

• CISSP, CISM, or CBCP (Business Continuity) are highly preferred.

Responsibilities

• Act as a primary advisor to business owners, using data-driven insights to influence vendor selection and security investment decisions.
• Provide expert security judgment and technical evaluations for vendor partnerships. Lead security posture reviews and negotiate remediation action plans with external partners.
• Partner with Sourcing and Procurement teams to ensure vendor contracts include necessary security SLAs and align with corporate risk appetite.
• Design and evaluate compensating controls and alternative security strategies when standard requirements cannot be met, balancing risk with business velocity.
• Align business units with global continuity frameworks (e.g., ISO 22301, NIST). Author and maintain Business Impact Analyses (BIAs) and recovery plans.
• Drive continuous improvement of security and continuity workflows using Lean Six Sigma or similar process-design techniques.
• Lead the development of Incident Management teams; coordinate IT disaster recovery testing and scenario validation.
• Maintain high-visibility dashboards (Power BI, Tableau) to track security KPIs and project milestones.
• Manage complex security task lifecycles within enterprise ticketing platforms (e.g., Jira, ServiceNow).
• Facilitate issue resolution using root-cause analysis (RCA) frameworks to resolve dependencies across IT and Business departments.
• Provide security SME support for M&A activities as needed, performing risk assessments for potential acquisitions.
• Assist in designing security integration roadmaps to ensure newly acquired entities meet corporate security standards.

Benefits

• Generous PTO and 11 paid holidays, plus well-being and volunteer time off.
• Up to 16 weeks of fully paid parental leave and a baby stipend.
• Multiple medical plan options with mental health and wellness support offerings.
• 401(k) with company match and vesting after one year.
• $400 annual well-being stipend and tuition assistance up to $5,250.
• Recognition Rewards, Referral bonuses, exclusive discounts and more!