Chief Information Security Officer

Job Description

Company: Baker Hill

Location: Carmel, US

This role requires an onsite presence in our Carmel, IN office. Candidates must be able to meet this expectation for consideration.

Company Overview: We are a rapidly growing SaaS company in the Fintech industry, dedicated to providing innovative financial solutions to our clients. We are poised for significant growth and are looking for a dynamic and experienced CISO to join our leadership team.

Job Summary: The Chief Information Security Officer (CISO) will be responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO will work closely with the COO / CTO and other members of the IT and Product Development leadership to align security initiatives with business objectives and ensure compliance with regulatory requirements.

Key Responsibilities:

• Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program.

• Lead the development and implementation of a robust cybersecurity strategy to protect the company’s information assets.

• Manage the Information Security Management System (ISMS) and Artificial Intelligence Management System (AIMS).

• Lead monthly Information Security and AI Governance meetings.

• Assess and manage security risks from vendors, partners and sub processors.

• Conduct annual business continuity and disaster recovery exercises/simulations.

• Orchestrate phishing simulations and education.

• Author, maintain and prepare policy documents for external auditors and client due diligence.

• Ensure compliance with relevant regulations and standards, including SOC 2 Type II control objectives and PCI-DSS.

• Conduct regular security assessments and audits to identify vulnerabilities and mitigate risks.

• Lead audits and assessments to ensure ongoing compliance and security improvements.

• Oversee incident response planning and the investigation of security and operational incidents.

• Collaborate with the IT department to ensure security is integrated into all system architecture and processes.

• Provide leadership and guidance to employees, fostering a culture of security awareness across the organization.

• Develop and deliver security training programs for employees.

• Stay current with the latest cybersecurity trends, threats, and technology solutions.

• Responding to client and prospect inquiries regarding assurance and security programs.

Key Skills and Experience:

• Strong knowledge of compliance regimes including ISO 27001, SOC 2 Type II, and PCI-DSS.

• Experience with privacy regimes including GDPR and state laws like CCPA.

• Familiarity with state security regulations such as NYDFS.

• Ability to navigate and monitor governance published by OCC, Treasury Department, FFIEC, FDIC, and NCUA.

• Understanding of SDLC and CI/CD, with the ability to integrate security processes within them

• Strong knowledge of SaaS and Fintech industry security requirements.

• Proven experience in developing and implementing security policies and procedures.

• Excellent understanding of current legislation and regulations relevant to information security and data privacy.

Qualifications:

• Bachelor’s degree in computer science, Information Technology, or a related field required; master’s degree preferred.

• Minimum of 10 years of experience in information security, with at least 5 years in a leadership role.

• At least 5 years of experience leading a security business function.

• Strong knowledge of SaaS and Fintech industry security requirements.

• Proven experience in developing and implementing security policies and procedures.

• Excellent understanding of current legislation and regulations relevant to information security and data privacy.

• Certifications such as CISSP, CISM, or CISA are highly desirable.

• Strong leadership, communication, and interpersonal skills.

• Ability to work effectively in a fast-paced, rapidly changing environment.

• Leading SAFe Agilist (SA) certification required to understand SAFe principles, building an agile mindset, and leading Agile transformation; or the ability to obtain within the first 90 days of employment

STANDARD REQUIREMENTS

Use AI responsibly and in alignment with policy, including ongoing learning, and incorporate AI into routine tasks such as drafting communications, summarizing meetings, and organizing information.

This position requires regular onsite work at our Carmel, Indiana office. Candidates must be able to commute to and work from this location as part of their role.

Disclaimer:

The above statements are intended to describe the general nature and level of work being performed by individuals assigned to this position. They are not intended to be an exhaustive list of all responsibilities, duties, and skills required. Management reserves the right to assign or reassign duties and responsibilities to this position at any time as business needs evolve.

Source: LinkedIn