Chief Information Security Officer

Job Description

A financial firm is looking for a Chief Information Security Officer (CISO) to join their team in New York, NY.

Compensation: $150-200K

Responsibilities:

• Define and maintain the enterprise information security strategy, roadmap, and governance framework, aligned with business objectives and regulatory requirements
• Draft, maintain, and periodically review security-related policies and procedures
• Establish and chair/co-chair an Information Security / Cyber Risk Committee and contribute to Board-level reporting on cyber risk
• Develop and maintain the firm's information security governance framework
• Lead the firm's SOC 1 (Type 1/Type 2) and SOC 2 (Type 1/Type 2) readiness and ongoing attestation efforts
• Own the control catalog, control testing coordination, evidence collection, and remediation tracking across technology, operations, and third parties
• Act as primary security point of contact for external auditors, assessment firms, and key institutional partners
• Ensure security program alignment with SEC Regulation S-P, Reg S-ID, Reg SCI, SEC / Client cybersecurity expectations, and NYDFS 23 NYCRR 500
• Partner with Compliance and Legal to interpret new regulations, assess impact, and implement necessary control and policy changes
• Maintain and periodically test the Incident Response Plan, Business Continuity and Disaster Recovery (BC/DR) from a security perspective
• Provide security oversight for cloud (AWS) and on-prem infrastructure, including network security, endpoint security, identity and access management (IAM), and data protection
• Work with Infrastructure/DevOps and application teams to embed secure SDLC practices, including code review, security testing, and secure deployment pipelines
• Oversee vulnerability management, including patch management processes, penetration testing, and remediation programs
• Define and oversee Security Operations Center (SOC) / XDR usage, log management, SIEM, threat detection, and incident handling
• Design and enforce data classification, data loss prevention (DLP), encryption, and key management controls
• Partner with business and product teams to ensure client data privacy and secure data flows, including with third-party vendors and partners
• Own the vendor security risk management program, including security due diligence, contract security clauses, and ongoing monitoring
• Evaluate and manage key security vendors
• Build and lead a small but high-impact security team, scaling capabilities over time
• Promote a security-first culture through training, awareness programs, and regular communication with staff at all levels

Qualifications:

Required

• Bachelor's degree in Computer Science, Information Security, Engineering, or related field; or equivalent experience
• 7+ years of progressive experience in information security, including at least 3 years in a leadership role (Head of Security, Deputy CISO, CISO, or equivalent)
• Hands-on experience leading SOC 1 and/or SOC 2 attestation projects at a financial institution, fintech, or SaaS provider
• Strong background in financial services or capital markets (broker-dealer, clearing firm, trading platform, or similar)
• Understanding of Information security frameworks (e.g., NIST CSF, NIST 800-53, ISO 27001)
• Understanding of Regulatory landscape for U.S. financial firms (e.g., SEC, Client, possibly NYDFS 500)
• Experience with Identity & access management, network security, endpoint security, and cloud security (preferably AWS)
• Experience building and maintaining incident response, BC/DR, and vulnerability/patch management programs
• Strong track record of cross-functional leadership, communicating complex security and risk topics to non-technical executives and boards

Preferred

• Experience as CISO, Deputy CISO, or security leader at a broker-dealer, clearing firm, exchange/ATS, or large fintech
• Professional certifications such as CISSP, CISM, CISA, CRISC, CCSP or similar
• Experience with AWS security services
• Familiarity with DevSecOps practices and secure CI/CD pipelines
• Experience managing data localization and cross-border data separation initiatives