Cybersecurity Lead
Who We Are:
Ocrolus is a Series B venture-backed FinTech company that uses Artificial Intelligence and crowdsourcing to automate financial review processes. The Company transforms e-statements, scans, and cell phone images, regardless of quality, into 99+% accurate digital data. By replacing tedious, imperfect human audits with sharp, AI-driven analyses, Ocrolus modernizes financial assessments in lending and a variety of other industries.
We’re looking for a Cybersecurity Lead with broad security experience to build out and mature the Information Security Program at a rapidly growing FinTech startup. The Cybersecurity Lead will have knowledge of industry best practices as well as modern solutions, and will be a proactive hands-on leader who will collaborate with the rest of the organization to help Ocrolus manage cybersecurity risk. We need someone with a strong and successful track record of solving hard problems using out-of-the-box thinking and leveraging modern technologies and solutions to support the program.
Responsibilities
- Mature the Information Security Program to align with industry best practices, standards and guidance related to cybersecurity such as NIST (including CSF, 800-53), ISO 270xx, CSA, AICPA SOC 2, 23 NYCRR, FINRA, FFIEC
- Design and implement best-in-class scalable security solutions in close collaboration with the Engineering organization
- Promote secure design of systems and infrastructure in line with industry standards and best practices (including OWASP, CIS) including application of secure coding practices across the engineering organization, conducting security reviews of new features, leveraging industry tooling to automate and improve the security review
- Continue to evolve the vulnerability management program, monitor systems for vulnerabilities and address them based on criticality
- Monitor and respond to threats and potential security incidents
Requirements
- Proven experience implementing an Information Security Program aligned with NIST 800-53, NIST CSF, ISO 270xx, 23 NYCRR, FINRA, CSA, AICPA SOC 2 (NIST and ISO listed at a minimum)
- Practical experience designing and implementing cloud security solutions within an AWS environment
- Practical knowledge of secure coding practices (including OWASP, CIS)
- Experience working with cybersecurity vendors for security assessments
- Hands on experience provisioning, configuring and securing systems and applications
- Experience in Financial Services, FinTech or similar highly regulated industry a plus
- Minimum 5-10 years of experience in an information security/cybersecurity senior role
- Being a strong problem-solver with good communication and collaboration skills
- Being flexible, a self-starter, and a fast-learner
Extra Credit
- Contributions to OSS / Github profile
- Familiarity with process and security related certifications such as SSAE18 and SOC2
- Familiarity with network optimization and security practices
- Familiarity with DevOps principles and practices
We’re a young and rapidly growing FinTech company - if you have ever wanted to jump on a rocket ship as it’s taking off, now is your chance!