Chief Information Security Officer

As our companys Chief Information Security Officer (CISO), you will own and lead all aspects of Information Security for our company. Reporting to the CTO, you will lead and manage three teams which are individually responsible for Governance Risk and Compliance, Product Security and Security Operations. As CISO, you will shape and execute our security strategy and roadmap, ensuring trust, resilience, and compliance at scale. You will grow and lead the security department and work closely with our company leadership to balance business growth with risk management. Externally, you will represent our company to customers, auditors, and regulators, reinforcing our commitment to security and trust. Above all, you will ensure that our customers, data, and operations remain secure as we scale.
Overall Security Governance Strategy
Define and execute the company-wide security strategy and roadmap
Align security initiatives with our companys business objectives and risk appetite
Report on security posture to company executives and te board
Security Operations
Infrastructure Security - Collaborate with DevOps and IT teams to secure our infrastructure and cloud environment
Endpoint Security - Protect employee devices and access points
SaaS Security - Monitor and secure third-party SaaS applications
Data Loss Prevention - Implement controls to prevent unauthorized data access, sharing, and exfiltration across systems and endpoints
Identity and Access Management - Manage the companys access policy and controls
Threat Detection & Incident Response - Establish SIEM, threat intelligence, and forensic capabilities
Incident Response - Respond to security events, conduct investigations, and lead mitigation efforts
GRC (Governance, Risk, and Compliance)
Risk Management & Assessments - Perform regular risk assessments on our companys systems, processes, and infrastructure, and drive mitigation plans
Certifications & Compliance - Maintain compliance with SOC 2, ISO 27001, DORA, NYDFS, and other regulations
Audits & Regulatory Compliance - Lead security audits, manage interactions with external auditors, government agencies, and regulatory bodies
Third-Party & Vendor Security Assessments - Conduct security evaluations of vendors and partners to ensure data protection standards are met
Security Policies & Frameworks - Maintain and enforce company-wide security policies, ensuring cross-functional adoption
Product Security
Secure Software Development Lifecycle (SSDLC) - Integrate security into our development processes, shift left on security through the entire product lifecycle
Application Security & Penetration Testing - Manage the product security posture, oversee regular penetration tests, and drive vulnerability remediation
API & Data Security - Secure API endpoints, implement best-practices and data protection controls
Privacy & Compliance by Design - Ensure compliance with privacy regulations (GDPR, CCPA, etc.) in product development
Customer Assurance & Trust - Manage security reviews, customer security questionnaires, and trust center
Security Culture & Leadership
Lead and build the security team
Create and roll out periodic security awareness training programs for employees
Maintain a security-first culture through awareness programs, phishing simulations, and ongoing education
Partner with business units across Engineering, IT, Legal, Compliance, and Operations to embed security across all functions.