Vice President, Chief Information Security Officer (CISO)

Upbound Group•Plano, TX

About The Position

Vice President, Chief Information Security Officer (CISO) Position Overview The Vice President, Chief Information Security Officer (CISO) is responsible for establishing and leading the enterprise-wide strategy and vision for information security across Upbound. This executive-level role ensures the confidentiality, integrity, and availability of digital assets, data, and technology infrastructure by proactively assessing threats, setting strategic direction, and implementing robust security frameworks and architectures. The CISO is a trusted advisor to the executive leadership team and the Board of Directors on cybersecurity risk and compliance matters and is Upbound’s primary authority on information security. The CISO is an executive-level position that reports directly to the Executive Vice President, Chief Technology Officer and serves as a key executive leader. This position is responsible for the oversight, development, implementation, and maintenance of Upbound’s information security strategy and governance framework. The CISO leads cross-functional efforts to assess risk, ensure compliance with industry standards, and protect Upbound’s mission-critical systems, sensitive member data, and confidential financial information. This role requires an accomplished leader with strategic foresight, deep cybersecurity acumen, and the ability to navigate and influence at the highest levels. The CISO builds collaborative relationships across business units, drives cultural change regarding cybersecurity awareness, and leads the company in responding to emerging threats in an ever-evolving threat landscape.

Requirements

Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or a related field
Ten (10) years of progressively responsible experience in cybersecurity and information technology, including at least five (5) years in a senior leadership or executive-level role
Proven experience in designing and managing enterprise-wide security programs, policies, and risk mitigation initiatives
Demonstrated expertise in compliance, data privacy laws, risk management, incident response, and security frameworks
Executive-level leadership, strategic planning, and governance practice
Enterprise risk management methodologies and cybersecurity frameworks
Emerging technologies (e.g., AI, blockchain, zero trust) and their cybersecurity implications
Security architecture and engineering, cloud security, endpoint protection, and encryption standards
Business continuity and disaster recovery planning
Procurement and contract negotiation for security technologies and services
Plan, organize, and manage cyber security infrastructure development, operations, and support
Communicate complex security concepts clearly to both technical and non-technical audiences
Inspire, manage, and grow a high-performing cybersecurity team
Build an enterprise security architecture aligned with business strategy
Develop policies and practices that balance security with operational efficiency
Remain calm under pressure and make decisions during high-impact incidents
Manage and prioritize multiple projects while maintaining a high standard of professionalism, confidentiality, and ethical conduct
Exercise sound judgment, maintain confidentiality, and act with integrity and professionalism
Applicants must be authorized to work for ANY employer in the U.S. We are unable to sponsor or take over sponsorship of an employment visa at this time.

Nice To Haves

Master’s degree (MS, MBA, MPA) highly desirable
Certifications such as CISSP, CISM or CISA preferred

Responsibilities

Lead the development, implementation, and continuous improvement of a long-term, risk-based cybersecurity strategy aligned with Upbound’s mission, vision, values, and business goals
Define and lead Upbound’s cybersecurity strategy for Artificial Intelligence (AI), including AI governance, secure AI adoption, and risk management for AI-enabled products, platforms, and business processes
Establish and oversee a DevSecOps program, embedding security controls, automation, and assurance into the software development lifecycle (SDLC), CI/CD pipelines, and cloud engineering practices
Serve as Upbound’s executive authority on cybersecurity matters, providing strategic guidance to the Board of Director’s, executive leadership, and other stakeholders
Build and oversee a governance structure that includes policies, standards, guidelines, and procedures that align with industry frameworks (e.g., NIST, ISO, COBIT).
Direct enterprise-wide security risk assessments, gap analyses, and audits, ensuring the timely mitigation of identified vulnerabilities and risks
Lead the creation, implementation, and testing of the enterprise Cybersecurity Incident Response Plan (CSIRP), and oversee forensics, investigations, and post-incident reviews
Oversee compliance efforts related to privacy, regulatory mandates, and cybersecurity frameworks
Foster a cybersecurity-aware culture across all levels of the organization through ongoing education, training, and communication strategies
Direct the implementation of advanced security technologies, including threat intelligence platforms, security orchestration, and automated response tools
Actively monitor the external threat landscape and anticipate shifts in regulatory or operational risks to proactively safeguard Upbound’s infrastructure
Lead the security architecture function, ensuring that all new and existing systems are designed with appropriate security controls and protocol
Develop, mentor, and retain top cybersecurity talent and manage vendor and third-party relationships to ensure delivery of critical security services
Collaborate with business leadership to integrate cybersecurity into enterprise projects, digital transformation efforts, and vendor procurements
Prepare and present cybersecurity updates, threat intelligence briefings, and annual security reports to executive leadership and the Board of Directors
Develop and manage the cybersecurity annual strategic plan and operating budget