Open Systems Technologies
A financial firm is looking for a
Chief Information Security Officer (CISO)
to join their team in New York, NY.
Compensation: $150-200K
Responsibilities
Define and maintain the enterprise information security strategy, roadmap, and governance framework, aligned with business objectives and regulatory requirements
Draft, maintain, and periodically review security‑related policies and procedures
Establish and chair/co‑chair an Information Security / Cyber Risk Committee and contribute to Board‑level reporting on cyber risk
Develop and maintain the firm's information security governance framework
Lead the firm's SOC 1 (Type 1/Type 2) and SOC 2 (Type 1/Type 2) readiness and ongoing attestation efforts
Own the control catalog, control testing coordination, evidence collection, and remediation tracking across technology, operations, and third parties
Act as primary security point of contact for external auditors, assessment firms, and key institutional partners
Ensure security program alignment with SEC Regulation S‑P, Reg S‑ID, Reg SCI, SEC / Client cybersecurity expectations, and NYDFS 23 NYCRR 500
Partner with Compliance and Legal to interpret new regulations, assess impact, and implement necessary control and policy changes
Maintain and periodically test the Incident Response Plan, Business Continuity and Disaster Recovery (BC/DR) from a security perspective
Provide security oversight for cloud (AWS) and on‑prem infrastructure, including network security, endpoint security, identity and access management (IAM), and data protection
Work with Infrastructure/DevOps and application teams to embed secure SDLC practices, including code review, security testing, and secure deployment pipelines
Oversee vulnerability management, including patch management processes, penetration testing, and remediation programs
Define and oversee Security Operations Center (SOC)/XDR usage, log management, SIEM, threat detection, and incident handling
Design and enforce data classification, data loss prevention (DLP), encryption, and key management controls
Partner with business and product teams to ensure client data privacy and secure data flows, including with third‑party vendors and partners
Own the vendor security risk management program, including security due diligence, contract security clauses, and ongoing monitoring
Evaluate and manage key security vendors
Build and lead a small but high‑impact security team, scaling capabilities over time
Promote a security‑first culture through training, awareness programs, and regular communication with staff at all levels
Qualifications Required Qualifications
Bachelor's degree in Computer Science, Information Security, Engineering, or related field; or equivalent experience
7+ years of progressive experience in information security, including at least 3 years in a leadership role (Head of Security, Deputy CISO, CISO, or equivalent)
Hands‑on experience leading SOC 1 and/or SOC 2 attestation projects at a financial institution, fintech, or SaaS provider
Strong background in financial services or capital markets (broker‑dealer, clearing firm, trading platform, or similar)
Understanding of Information security frameworks (e.g., NIST CSF, NIST 800‑53, ISO 27001)
Understanding of Regulatory landscape for U.S. financial firms (e.g., SEC, Client, possibly NYDFS 500)
Experience with Identity & access management, network security, endpoint security, and cloud security (preferably AWS)
Experience building and maintaining incident response, BC/DR, and vulnerability/patch management programs
Strong track record of cross‑functional leadership, communicating complex security and risk topics to non‑technical executives and boards
Preferred Qualifications
Experience as CISO, Deputy CISO, or security leader at a broker‑dealer, clearing firm, exchange/ATS, or large fintech
Professional certifications such as CISSP, CISM, CISA, CRISC, CCSP or similar
Experience with AWS security services
Familiarity with DevSecOps practices and secure CI/CD pipelines
Experience managing data localization and cross‑border data separation initiatives
Seniority level Executive
Employment type Full‑time
Job function Information Technology
#J-18808-Ljbffr
Chief Information Security Officer (CISO)
to join their team in New York, NY.
Compensation: $150-200K
Responsibilities
Define and maintain the enterprise information security strategy, roadmap, and governance framework, aligned with business objectives and regulatory requirements
Draft, maintain, and periodically review security‑related policies and procedures
Establish and chair/co‑chair an Information Security / Cyber Risk Committee and contribute to Board‑level reporting on cyber risk
Develop and maintain the firm's information security governance framework
Lead the firm's SOC 1 (Type 1/Type 2) and SOC 2 (Type 1/Type 2) readiness and ongoing attestation efforts
Own the control catalog, control testing coordination, evidence collection, and remediation tracking across technology, operations, and third parties
Act as primary security point of contact for external auditors, assessment firms, and key institutional partners
Ensure security program alignment with SEC Regulation S‑P, Reg S‑ID, Reg SCI, SEC / Client cybersecurity expectations, and NYDFS 23 NYCRR 500
Partner with Compliance and Legal to interpret new regulations, assess impact, and implement necessary control and policy changes
Maintain and periodically test the Incident Response Plan, Business Continuity and Disaster Recovery (BC/DR) from a security perspective
Provide security oversight for cloud (AWS) and on‑prem infrastructure, including network security, endpoint security, identity and access management (IAM), and data protection
Work with Infrastructure/DevOps and application teams to embed secure SDLC practices, including code review, security testing, and secure deployment pipelines
Oversee vulnerability management, including patch management processes, penetration testing, and remediation programs
Define and oversee Security Operations Center (SOC)/XDR usage, log management, SIEM, threat detection, and incident handling
Design and enforce data classification, data loss prevention (DLP), encryption, and key management controls
Partner with business and product teams to ensure client data privacy and secure data flows, including with third‑party vendors and partners
Own the vendor security risk management program, including security due diligence, contract security clauses, and ongoing monitoring
Evaluate and manage key security vendors
Build and lead a small but high‑impact security team, scaling capabilities over time
Promote a security‑first culture through training, awareness programs, and regular communication with staff at all levels
Qualifications Required Qualifications
Bachelor's degree in Computer Science, Information Security, Engineering, or related field; or equivalent experience
7+ years of progressive experience in information security, including at least 3 years in a leadership role (Head of Security, Deputy CISO, CISO, or equivalent)
Hands‑on experience leading SOC 1 and/or SOC 2 attestation projects at a financial institution, fintech, or SaaS provider
Strong background in financial services or capital markets (broker‑dealer, clearing firm, trading platform, or similar)
Understanding of Information security frameworks (e.g., NIST CSF, NIST 800‑53, ISO 27001)
Understanding of Regulatory landscape for U.S. financial firms (e.g., SEC, Client, possibly NYDFS 500)
Experience with Identity & access management, network security, endpoint security, and cloud security (preferably AWS)
Experience building and maintaining incident response, BC/DR, and vulnerability/patch management programs
Strong track record of cross‑functional leadership, communicating complex security and risk topics to non‑technical executives and boards
Preferred Qualifications
Experience as CISO, Deputy CISO, or security leader at a broker‑dealer, clearing firm, exchange/ATS, or large fintech
Professional certifications such as CISSP, CISM, CISA, CRISC, CCSP or similar
Experience with AWS security services
Familiarity with DevSecOps practices and secure CI/CD pipelines
Experience managing data localization and cross‑border data separation initiatives
Seniority level Executive
Employment type Full‑time
Job function Information Technology
#J-18808-Ljbffr