Chief Information Security Officer
About the Role
You will own the company's information security, governance, risk, and compliance programs with a primary focus on ISO 27001 readiness, certification, and ongoing maintenance. You will serve as the executive owner for security compliance programs (ISO 27001, SOC 2, vendor risk, customer security reviews) and act as the primary liaison with auditors. You will design, implement, and continuously improve security policies, standards, and risk management processes. You will partner with Engineering, Infrastructure, Product, Legal, and Operations to embed security and compliance into technical and business workflows. You will lead external audits and assessments, translate regulatory and customer requirements into practical controls, and own the risk lifecycle from identification through executive reporting. You will establish and track security and compliance metrics and oversee incident response governance, playbooks, and escalation paths.
Requirements
- 8–12+ years of experience in information security, GRC, or security leadership roles with ownership of compliance programs
- Hands-on experience leading ISO 27001 certification efforts (initial certification and/or surveillance audits)
- Experience as a security leader in high-growth technology companies, ideally in fintech, payments, or regulated environments
- Strong understanding of security governance, risk management, and control frameworks (ISO 27001/27002, SOC 2, NIST)
- Proven ability to partner with engineering and technical teams to implement controls in cloud-native and application-driven environments
- Experience managing third-party risk, customer security questionnaires, and enterprise security reviews
- Ability to communicate risk, tradeoffs, and priorities to executives and non-technical stakeholders
- Nice to have: experience with SOC 2 Type II, PCI DSS, ISO 22301, global regulatory requirements, security certifications (CISSP, CISM, ISO 27001 Lead Implementer/Auditor), or presenting to boards
Responsibilities
- Own and drive information security and compliance strategy focused on ISO 27001 readiness and maintenance
- Serve as executive owner for security compliance programs including ISO 27001, SOC 2, vendor risk, and customer security reviews
- Design, implement, and improve security governance frameworks, policies, standards, and risk management processes
- Partner with Engineering, Infrastructure, Product, Legal, and Operations to embed security and compliance requirements
- Lead and manage external audits, certifications, and assessments and act as primary contact for auditors
- Translate regulatory and customer security requirements into practical, scalable controls
- Manage the risk lifecycle including identification, assessment, prioritization, and executive reporting
- Establish and report security and compliance metrics to executive leadership and the board
- Oversee incident response governance, policies, playbooks, and escalation paths
Benefits
- Unlimited time off (must take at least 10 days)
- Flexible working and stipend for home workspace
- Comprehensive health dental and vision plans for US employees and dependents
- 100% company subsidized life insurance (US)
- 401(k) with 4% company match
- Equity option plan
- Company-issued Rain Cards for product testing
- Health and wellness spending for eligible expenses (gym memberships, massages, acupuncture)
- Team and company summits including domestic and international off-sites