Chief Information Security Officer

Company Overview: We are a rapidly growing SaaS company in the Fintech industry, dedicated to providing innovative financial solutions to our clients.  We are poised for significant growth and are looking for a dynamic and experienced CISO to join our leadership team.

Job Summary: The Chief Information Security Officer (CISO) will be responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO will work closely with the COO / CTO and other members of the IT and Product Development leadership to align security initiatives with business objectives and ensure compliance with regulatory requirements.

Key Responsibilities:

• Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program.
• Lead the development and implementation of a robust cybersecurity strategy to protect the company’s information assets.
• Manage the Information Security Management System (ISMS).
• Ensure compliance with relevant regulations and standards, including SOC 2 Type II control objectives and PCI-DSS.
• Conduct regular security assessments and audits to identify vulnerabilities and mitigate risks.
• Lead audits and assessments to ensure ongoing compliance and security improvements.
• Oversee incident response planning and the investigation of security incidents.
• Collaborate with the IT department to ensure security is integrated into all system architecture and processes.
• Provide leadership and guidance to employees, fostering a culture of security awareness across the organization.
• Develop and deliver security training programs for employees.
• Stay current with the latest cybersecurity trends, threats, and technology solutions.
• Responding to client and prospect inquiries regarding assurance and security programs.

Key Skills and Experience:

• At least 5 years of experience leading a security business function.
• Strong knowledge of compliance regimes including ISO 27001, SOC 2 Type II, and PCI-DSS.
• Experience with privacy regimes including GDPR and state laws like CCPA.
• Familiarity with state security regulations such as NYDFS.
• Ability to navigate and monitor governance published by OCC, Treasury Department, FFIEC, FDIC, and NCUA.
• Understanding of SDLC and CI/CD, with the ability to integrate security processes within them.

Qualifications:

• Bachelor’s degree in Computer Science, Information Technology, or a related field; Master’s degree preferred.
• Minimum of 10 years of experience in information security, with at least 5 years in a leadership role.
• Strong knowledge of SaaS and Fintech industry security requirements.
• Proven experience in developing and implementing security policies and procedures.
• Excellent understanding of current legislation and regulations relevant to information security and data privacy.
• Certifications such as CISSP, CISM, or CISA are highly desirable.
• Strong leadership, communication, and interpersonal skills.
• Ability to work effectively in a fast-paced, rapidly changing environment.