Head of Information Security CISO

About The Role

We e looking for a detail-oriented problem-solver, collaborative relationship-builder, and expert cybersecurity leader to join our Risk & Compliance team as the Head of Information Security (CISO). As The Head Of Information Security (CISO), you will be the senior-most leader responsible for defining, implementing, and overseeing our enterprise-wide information security and risk management strategy. This is a critical leadership position that requires a strong balance of technical expertise, business acumen, and regulatory knowledge, particularly within the highly regulated financial services sector. You will report directly to the CTO and serve as a key advisor to the executive team and Board of Directors on all matters related to cyber risk.

Strategy & Leadership

• Develop, own, and continually refine the comprehensive Information Security and Cyber Risk Management strategy and roadmap for the company, aligning it with business goals and regulatory requirements.
• Lead, mentor, and scale a high-performing security organization, fostering a culture of security-first thinking across all departments.
• Manage the security budget, technology investments, and vendor relationships to ensure cost-effective and robust security controls.

Risk Management & Compliance (Fintech Focus)

• Establish and maintain an enterprise-wide risk management framework to identify, assess, and prioritize security risks across the technology stack and business operations.
• Ensure rigorous compliance with all relevant financial regulations and standards (e.g., PCI DSS, SOC 2, ISO 27001, CCPA, CSF/NIST, and any specific regional financial regulatory bodies).
• Oversee all security audits, compliance assessments, and regulatory examinations, and manage the timely remediation of findings.
• Collaborate with the legal, compliance and privacy functions to conduct reviews/audits, RFPs, recommend policies and procedures, monitor status and report violations to appropriate management.

Security Operations & Architecture

• Define and govern the security architecture for our cloud-native environment [AWS/GCP].
• Implement and manage a robust set of security tools and technologies (SIEM, Endpoint Detection & Response, Vulnerability Scanners, Firewalls, Data Loss Prevention, etc.).
• Champion DevSecOps principles, partnering closely with Engineering to embed security controls (SAST, DAST, SCA) into the CI/CD pipeline and Software Development Lifecycle (SDLC).
• Oversee all aspects of data protection, identity and access management (IAM), and network security.

Incident Response & Business Continuity

• Develop, test, and lead the Security Incident Response Plan (SIRP), ensuring the team can rapidly detect, contain, and recover from security incidents.
• Manage the Disaster Recovery (DR) and Business Continuity Plan (BCP) efforts to ensure business resilience.

Communication & Stakeholder Management

• Provide clear, concise, and regular reporting on the organization's security posture, key risks, and security metrics to the Executive Team and Board of Directors.
• Serve as the key security subject matter expert across the organization to implement changes and best practices to continuously improve the security posture of the enterprise.
• Represent the organization with external stakeholders to confidently articulate our security controls.

Minimum Qualifications

• 5 - 10 years of progressive experience in Information Security and Cyber Risk Management, with at least 3-5 years in a senior leadership role (Director, VP, or CISO).
• Demonstrable experience working within the Fintech or a closely regulated financial services industry is required.
• Deep expertise in regulatory frameworks relevant to financial data (PCI DSS, ISO 27001, SOC 2, or similar).
• Proven hands-on experience securing modern, cloud-native environments (e.g., AWS, GCP).
• Exceptional leadership, communication, and interpersonal skills, with the ability to influence technical teams, executive management, and external stakeholders.
• Bachelor's degree in Computer Science, Information Technology, or a related field.

Preferred Qualifications

• Advanced degree (e.g., Master's in a relevant field or MBA).
• Relevant professional certifications (e.g., CISSP, CISM, CRISC, CISA).
• Experience with advanced security techniques such as offensive security/penetration testing and threat intelligence.
• Familiarity with securing high-velocity workflows and microservices architecture.

Key skills/competency

• Information Security
• Cyber Risk Management
• Fintech Security
• Regulatory Compliance (PCI DSS, SOC 2, ISO 27001)
• Cloud Security (AWS/GCP)
• Security Architecture
• Incident Response
• DevSecOps
• Leadership
• Risk Management