VP of Cybersecurity & Information Security

Work hours will depend on the business hours of the time zone serviced.

To the extent permitted by law, the Company may, in its sole discretion, change the work schedule to address business needs.

Be responsible for leading the organization’s Cybersecurity and Information Security functions, including Security Engineering & Operations and IT Risk & Compliance. Provide strategic and operational leadership to protect enterprise systems, data, identities, cloud environments, platforms, and business processes while ensuring the company’s security program aligns with business priorities, risk appetite, regulatory requirements, and the evolving threat landscape.

Build and lead a metric-driven security organization focused on risk reduction, control effectiveness, incident response, identity security, cloud and platform security, regulatory compliance, automation, and continuous improvement. Oversee security technologies, threat monitoring, identity and access controls, cloud security architecture, audits, remediation efforts, vendor performance, and executive reporting while partnering across IT, engineering, development, platform, and business functions to embed secure-by-design practices into systems, processes, product delivery, and business decision-making.

·        Lead and manage Cybersecurity and Information Security functions, including Security Engineering & Operations and IT Risk & Compliance.

·        Serve as a key advisor to senior leadership on matters of strategic and operational security importance, influencing decision-making and driving proactive initiatives that strengthen the company’s security posture, risk management practices, regulatory compliance, and business resilience.

·        Develop and execute Cybersecurity and Information Security strategies aligned with business goals, risk appetite, regulatory requirements, and the evolving threat landscape.

·        Build and operate a metric-driven Cybersecurity and Information Security organization, defining KPIs that measure risk reduction, control effectiveness, operational performance, incident response, identity security, cloud security, and compliance posture.

·        Oversee security engineering teams responsible for security platforms, tooling, architecture, and integrations across endpoint, network, cloud, identity, and platform environments.

·        Manage security operations, including threat monitoring, event detection, incident response, investigations, and continuous improvement of detection and response capabilities.

·        Oversee identity security capabilities, including identity and access management, privileged access management, identity governance, Zero Trust initiatives, and privileged access controls.

·        Oversee cloud and platform security capabilities, including cloud security architecture, DevSecOps enablement, infrastructure-as-code security, container/runtime security, and partnership on cloud governance.

·        Partner with enterprise engineering, development, platform, and technology teams to integrate security into the software development lifecycle, enable secure engineering practices, support shared platform governance, and drive secure-by-design delivery.

·        Stay abreast of the evolving threat landscape, emerging attack vectors, and advancements in security technologies, continuously adapting the organization’s security posture.

·        Advise technology, development, engineering, and business partners on security best practices, architectural patterns, and risk-based decision-making, providing ongoing oversight and guidance.

·        Establish and operate a risk-based cybersecurity program aligned to business priorities, regulatory expectations, and the evolving threat landscape.

·        Oversee the IT Risk function, including coordination of security audits, penetration testing, third-party assessments, control validation, and remediation tracking.

·        Manage the end-to-end audit lifecycle, including planning, scheduling, execution, findings management, remediation tracking, and reporting.

·        Ensure compliance with regulatory and industry standards, including PCI DSS and ISO 27001, with ownership of audits, control validation, and remediation efforts.

·        Oversee annual reporting, regulatory submissions, partner security attestations, and related cybersecurity and information security documentation.

·        Drive timely and effective remediation of vulnerabilities, audit findings, control gaps, identity risks, cloud security risks, and security issues across the enterprise.

·        Establish and maintain security policies, standards, control frameworks, and governance practices that support business, regulatory, technology, and risk management objectives.

·        Implement and enhance continuous monitoring, detection, response, and reporting capabilities to proactively identify and address security risks.

·        Lead continual optimization of security technologies, tooling, platforms, and resource utilization to improve effectiveness and reduce cost.

·        Drive a bias toward automation and technology-first solutions, reducing manual processes and increasing scalability across Cybersecurity and Information Security functions.

·        Leverage automation and AI capabilities to enhance threat detection, accelerate response, improve risk analysis, strengthen security operations, and scale security program capabilities.

·        Manage security vendor relationships, contracts, service performance, and cost optimization across tools, services, and third-party providers.

·        Provide executive-level reporting on security posture, risks, incidents, identity security, cloud security, control effectiveness, remediation progress, and compliance status.

·        Develop and manage the Cybersecurity and Information Security budget, including tools, services, staffing, and vendor spend, optimizing cost efficiency while maintaining or improving program effectiveness.

·        Establish strong, business-oriented partnerships across functions, ensuring Cybersecurity and Information Security enables and protects business outcomes and priorities.

·        Share knowledge, mentor, and educate stakeholders with regard to the company’s Cybersecurity and Information Security initiatives, opportunities, risks, and challenges.

·        Promote the professional growth and development of team members by sharing knowledge, mentoring, and providing consistent, actionable feedback.

·        Responsible for managerial matters such as performance appraisals and goal setting, promotions, salary recommendations, and staffing in accordance with the company hiring process, personnel policies, and budget requirements.

·        Perform additional duties as assigned to support evolving business needs.

·        Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field; applicable years of experience may be substituted for a bachelor’s degree.

·        Twelve (12) years of experience in the Information Technology field with significant leadership experience in cybersecurity, information security, or related security functions.

·        Three (3) years of managerial experience leading or overseeing Security Operations, Security Engineering, IT Risk, Compliance, Identity Security, Cloud Security, DevSecOps, or related cybersecurity and information security functions, working in capacities with decision-making authority and responsibility for coordinating, delegating, and managing operational activities.

·        CISSP, CISM, or an equivalent information security certification.

·        Extensive experience managing security technologies, including SIEM, EDR, IAM, PAM, vulnerability management, cloud security, and network security tools.

·        Demonstrated experience with identity security capabilities, including identity and access management, privileged access management, identity governance, Zero Trust, and privileged access controls.

·        Demonstrated experience with cloud and platform security capabilities, including cloud security architecture, DevSecOps enablement, infrastructure-as-code security, container/runtime security, and cloud governance partnership.

·        Demonstrated ability to partner with enterprise engineering, development, platform, and technology teams to integrate security into the software development lifecycle, support engineering enablement, strengthen shared platform governance, and promote secure-by-design delivery.

·        Demonstrated success managing audits, penetration testing programs, and enterprise remediation efforts.

·        Experience building and operating incident response and investigation capabilities.

·        Proven ability to align cybersecurity and information security strategies, programs, and initiatives with business priorities, risk appetite, regulatory requirements, and measurable outcomes.

·        Strong experience with regulatory frameworks and compliance standards, including PCI DSS and ISO 27001.

·        Demonstrated financial discipline in managing operational budgets, vendor costs, resource utilization, and cost optimization initiatives.

·        Demonstrated success building metric-driven security programs with measurable improvements in risk posture and operational performance.

·        Proven ability to support and enhance team performance, promote engagement, and cultivate the professional development of team members.

·        Demonstrated proficiency in leading through change, executing on major initiatives, and leading cross-departmental work.

·        Strong experience managing vendors, contracts, third parties, service performance, and costs across Cybersecurity, Information Security, and IT Risk functions.

·        Ability to work effectively, manage complex projects, and multitask successfully in a dynamic, fast-paced, and complex business environment.

·        Strong decision-making and negotiation skills with the ability to use expertise to influence on matters of strategic importance.

·        Ability to foster strong relationships, influence, coach, and partner with all levels across the organization.

·        Ability to articulate complex information in understandable terms to various audiences. Comfortable presenting data to all levels of leadership and across business functions.

·        Highly proficient with Microsoft Office Suite.

·        Strong analytical and problem-solving skills, with the ability to evaluate security risk, threat trends, identity risk, cloud security posture, control performance, compliance obligations, and business impacts to guide decisions, address complex challenges, and strengthen the enterprise security program.

·        Demonstrated high level of reliability, flexibility, and dedication with the ability to adapt quickly to changing priorities and timelines.

·        Excellent interpersonal skills necessary to communicate professionally and effectively, verbally and in writing, with regulatory agencies, vendors, customers, and all levels of company staff.

·        Experience in financial services or other highly regulated industries.

·        Experience implementing advanced security capabilities, including Zero Trust, SASE, identity-centric security models, identity governance, and privileged access management.

·        Familiarity with cloud security architectures across AWS, Azure, or Google Cloud Platform.

·        Experience with cloud and platform security practices, including infrastructure-as-code security, container/runtime security, cloud governance, and shared platform security

·        Experience with GRC platforms and automation of compliance processes.

·        Track record of integrating security into DevOps, SDLC, engineering workflows, or shared platform governance through DevSecOps practices.

·        Certifications:

·        CISA, CRISC (for risk and compliance focus).

·        Cloud security certifications (e.g., CCSP, AWS/Azure Security Specialty).

·        PCI QSA or ISO 27001 Lead Implementer/Auditor.

·        ISO 42001 implementation/certification experience.

While performing the duties of this job, the employee is frequently required to sit for extended periods; reach with hands and arms; and talk or hear. The employee is occasionally required to move about. The employee must occasionally lift and/or move up to twenty (20) pounds. Specific vision abilities required by this job include close vision and the ability to adjust focus.

This job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee. Duties, responsibilities, and activities may change or new ones may be assigned at any time or without notice.