Vestwell
Overview
Join to apply for the Chief Information Security Officer role at Vestwell. Vestwell is the financial technology company powering the new savings economy. The New York City-based fintech platform redefines how people save for the critical aspects of life across retirement, education, and healthcare savings needs. Today, Vestwell enables over 350,000 businesses and nearly 1.5 million active savers, with over $30 billion in assets saved across all 50 United States.
Who Are We Looking For? The Vestwell Technology organization seeks an exceptional CISO to define and lead our enterprise-wide security strategy. The ideal candidate is a visionary and pragmatic security leader who can translate complex risk into business outcomes, influence across the company and Board, and scale programs that protect our customers, partners, and platform. They bring proven experience building and maturing security programs aligned to leading frameworks, navigating financial services regulatory requirements, and fostering a security-first across product, engineering, operations, and all corporate functions.
What Will You Be Doing?
Own the enterprise information security vision, multi-year strategy, roadmap, and governance model that align to Vestwell’s business goals and growth.
Build, lead, and develop a high-performing security organization; attract and mentor top talent and scale operating models and processes to meet Vestwell’s future needs.
Evaluate current security technologies and capabilities (e.g., endpoint protection, monitoring/telemetry, DLP, IAM/zero trust, secret management, vulnerability and patch management) and recommend any changes or additions needed to elevate Vestwell’s security posture.
Build and mature a comprehensive security program grounded in recognized frameworks (e.g., NIST, ISO 27001, CIS Controls), including policy architecture, control implementation, continuous improvement, and audit readiness.
Establish and operationalize key cybersecurity metrics and KRIs/KPIs; provide concise, decision-oriented reporting to executive leadership and key stakeholders.
Champion a security-first culture via company-wide awareness, training, and targeted education (e.g., phishing exercises), and ensure policies are well understood and adopted.
Drive secure-by-design practices across product and engineering (e.g., SDLC, threat modeling, code scanning, penetration testing, cloud/infrastructure hardening) and partner closely with IT, Legal, Compliance, and Operations to safeguard PII and sensitive data.
Lead security incident management, including strategy, readiness, tabletop exercises, detection/response, crisis communications, lessons-learned, and executive/Board reporting; ensure tight alignment with business continuity and disaster recovery.
Serve as the technical owner for cyber risk: define risk appetite/tolerances in partnership with executive leadership, establish risk assessment and reporting cadences, and present security posture, investments, and material risks to the CTO and executive leadership.
Requirements
10+ years of progressive experience in cybersecurity with 5+ years leading enterprise security programs or functions; proven leadership in high-growth or highly regulated environments.
Demonstrated success designing and operating security programs aligned to leading frameworks and sustaining regulatory compliance and audit readiness.
Expert ability to identify, prioritize, and communicate risk; proven track record translating complex technical concepts into actionable insights and decisions for executive, Board, and technical audiences.
Strong cross-functional leadership and collaboration skills; experienced at influencing product, engineering, IT, legal, compliance, and operations stakeholders.
Advanced knowledge across core security domains: endpoint protection, monitoring/telemetry, DLP, IAM/zero trust, vulnerability/patch management, incident response, cloud and infrastructure security, authentication/authorization, and sensitive data protection.
Experience leading incident response, resiliency programs, and crisis management, including executive and Board-level reporting.
The Extras
Advanced certifications such as CISSP, CISM, CISA, CCSP, or comparable.
Familiarity with secure SDLC practices, threat modeling, and penetration testing at scale.
Experience leading or supporting SOC examinations and financial services regulatory compliance.
Commitment to continuous learning; up to date on evolving threats, trends, and innovations.
Leadership Competencies
Strategic thinking with the ability to set vision and drive measurable outcomes.
Executive communication and Board reporting; crisp, decision-oriented storytelling.
Talent builder who develops high-performing teams and scalable operating models.
Bias for partnership and execution; balances risk reduction with business velocity.
Salary & Benefits Expected base salary range: $200 K–$250 K. This position is eligible to participate in the Company Bonus Pool and receive new-hire equity. Competitive health coverage, generous vacation, hybrid office policy with Midtown Manhattan locations, and a robust 401(k) plan.
Process We prioritize transparency and lack of surprise throughout the process. Candidates will connect with team members through 1–2 conversations about Vestwell and your experience. Next steps may include a skill or experience screen, followed by virtual or in-person panel interviews. We conclude with a references check stage. Please only receive correspondence from recruiting@vestwell.com; any other domain not ending in vestwell.com is not our Recruitment team.
Key Information
Seniority level: Executive
Employment type: Full-time
Job function: Information Technology
Referrals Referrals increase your chances of interviewing at Vestwell by 2x.
#J-18808-Ljbffr
Who Are We Looking For? The Vestwell Technology organization seeks an exceptional CISO to define and lead our enterprise-wide security strategy. The ideal candidate is a visionary and pragmatic security leader who can translate complex risk into business outcomes, influence across the company and Board, and scale programs that protect our customers, partners, and platform. They bring proven experience building and maturing security programs aligned to leading frameworks, navigating financial services regulatory requirements, and fostering a security-first across product, engineering, operations, and all corporate functions.
What Will You Be Doing?
Own the enterprise information security vision, multi-year strategy, roadmap, and governance model that align to Vestwell’s business goals and growth.
Build, lead, and develop a high-performing security organization; attract and mentor top talent and scale operating models and processes to meet Vestwell’s future needs.
Evaluate current security technologies and capabilities (e.g., endpoint protection, monitoring/telemetry, DLP, IAM/zero trust, secret management, vulnerability and patch management) and recommend any changes or additions needed to elevate Vestwell’s security posture.
Build and mature a comprehensive security program grounded in recognized frameworks (e.g., NIST, ISO 27001, CIS Controls), including policy architecture, control implementation, continuous improvement, and audit readiness.
Establish and operationalize key cybersecurity metrics and KRIs/KPIs; provide concise, decision-oriented reporting to executive leadership and key stakeholders.
Champion a security-first culture via company-wide awareness, training, and targeted education (e.g., phishing exercises), and ensure policies are well understood and adopted.
Drive secure-by-design practices across product and engineering (e.g., SDLC, threat modeling, code scanning, penetration testing, cloud/infrastructure hardening) and partner closely with IT, Legal, Compliance, and Operations to safeguard PII and sensitive data.
Lead security incident management, including strategy, readiness, tabletop exercises, detection/response, crisis communications, lessons-learned, and executive/Board reporting; ensure tight alignment with business continuity and disaster recovery.
Serve as the technical owner for cyber risk: define risk appetite/tolerances in partnership with executive leadership, establish risk assessment and reporting cadences, and present security posture, investments, and material risks to the CTO and executive leadership.
Requirements
10+ years of progressive experience in cybersecurity with 5+ years leading enterprise security programs or functions; proven leadership in high-growth or highly regulated environments.
Demonstrated success designing and operating security programs aligned to leading frameworks and sustaining regulatory compliance and audit readiness.
Expert ability to identify, prioritize, and communicate risk; proven track record translating complex technical concepts into actionable insights and decisions for executive, Board, and technical audiences.
Strong cross-functional leadership and collaboration skills; experienced at influencing product, engineering, IT, legal, compliance, and operations stakeholders.
Advanced knowledge across core security domains: endpoint protection, monitoring/telemetry, DLP, IAM/zero trust, vulnerability/patch management, incident response, cloud and infrastructure security, authentication/authorization, and sensitive data protection.
Experience leading incident response, resiliency programs, and crisis management, including executive and Board-level reporting.
The Extras
Advanced certifications such as CISSP, CISM, CISA, CCSP, or comparable.
Familiarity with secure SDLC practices, threat modeling, and penetration testing at scale.
Experience leading or supporting SOC examinations and financial services regulatory compliance.
Commitment to continuous learning; up to date on evolving threats, trends, and innovations.
Leadership Competencies
Strategic thinking with the ability to set vision and drive measurable outcomes.
Executive communication and Board reporting; crisp, decision-oriented storytelling.
Talent builder who develops high-performing teams and scalable operating models.
Bias for partnership and execution; balances risk reduction with business velocity.
Salary & Benefits Expected base salary range: $200 K–$250 K. This position is eligible to participate in the Company Bonus Pool and receive new-hire equity. Competitive health coverage, generous vacation, hybrid office policy with Midtown Manhattan locations, and a robust 401(k) plan.
Process We prioritize transparency and lack of surprise throughout the process. Candidates will connect with team members through 1–2 conversations about Vestwell and your experience. Next steps may include a skill or experience screen, followed by virtual or in-person panel interviews. We conclude with a references check stage. Please only receive correspondence from recruiting@vestwell.com; any other domain not ending in vestwell.com is not our Recruitment team.
Key Information
Seniority level: Executive
Employment type: Full-time
Job function: Information Technology
Referrals Referrals increase your chances of interviewing at Vestwell by 2x.
#J-18808-Ljbffr