Chief Information Security Officer

Skills

About the Role

You will lead and execute the information security program and IT operations. You will develop security policies and metrics, manage incident response and business continuity, oversee vendor and third-party risk, coordinate audits and regulatory compliance, and hire coach and grow IT and security staff. You will collaborate with executives and stakeholders to align security with business priorities and continuously monitor trends to anticipate and mitigate risks.

Requirements

• 8+ years of hands-on technical security experience with 4+ years leading teams or programs
• Experience working with global cross-functional teams
• Experience leading security compliance projects such as SOC 2 audits cybersecurity risk assessments and regulatory requirements
• Working knowledge of systems architecture and implementations including cloud hybrid cloud DevOps and open-source
• Working knowledge of secure AI use and best practices
• Knowledge of security standards and frameworks such as NYDFS Part 500 DORA GDPR and NIST CSF
• Practical knowledge of securing remote work environments
• Experience with GPG key management and remote identity authentication
• Hands-on endpoint security management for Mac OS
• Knowledge of applicable laws and regulations such as SOX and GLBA
• Excellent oral and written communication skills
• Strong organizational and time management skills and demonstrated ability to manage teams and set priorities
• Ability to work remotely and collaborate across time zones
• BS or MS in Computer Science Computer Security Computer Engineering or related field
• Preferred Certified Information Security Manager CISM or Certified Information Systems Security Professional CISSP
• Preferred experience in the crypto industry or fintech payments and experience at an audit or advisory services firm

Responsibilities

• Develop and enhance the overall information security program focusing on architecture threat management identity and access management vendor management and regulatory compliance
• Execute tactical components of the strategic information security vision
• Analyze business priorities and risk exposure to protect critical systems and data
• Develop and maintain security metrics and goals
• Draft and maintain information security policies and procedures to meet best practices and regulatory requirements
• Manage expectations of leadership customers third-party partners and employees
• Direct information governance activities including SOC 2 audits NYDFS Part 500 EU DORA risk assessments and penetration tests
• Lead security committees and working groups
• Manage incident response business continuity and disaster recovery programs
• Manage endpoint security
• Conduct third-party risk assessments and manage audit deliverables
• Represent the company in discussions with auditors and regulators
• Manage security vendor and supplier relationships
• Hire train and manage a team of IT and security professionals and conduct performance reviews
• Manage department budgets and build business cases for security and IT investments
• Lead security training and awareness efforts and build a culture of compliance
• Continuously monitor security trends and plan for emerging risks
• Provide collaborative leadership and security advisory across departments

Benefits

• 100% employer-paid medical and dental insurance
• Telemedicine coverage
• Life and disability insurance
• Vision coverage
• 401(k)
• Travel assistance
• Generous vacation policy including sabbatical and ability to select holidays
• Professional development reimbursement
• Option to receive payment in cryptocurrency and a crypto match program
• Stock option awards
• Home office allowance and reimbursement for internet and cell expenses
• Complimentary Amazon Prime and Spotify subscriptions
• Remote work