Cybersecurity Lead
We’re looking for a Cybersecurity Lead with broad security experience to build out and mature the Information Security Program at a rapidly growing FinTech startup. The Cybersecurity Lead will have knowledge of industry best practices as well as modern solutions, and will be a proactive hands-on leader who will collaborate with the rest of the organization to help Ocrolus manage cybersecurity risk. We need someone with a strong and successful track record of solving hard problems using out-of-the-box thinking and leveraging modern technologies and solutions to support the program.
Responsibilities
- Mature the Information Security Program to align with industry best practices, standards and guidance related to cybersecurity such as NIST (including CSF, 800-53), ISO 270xx, CSA, AICPA SOC 2, 23 NYCRR, FINRA, FFIEC
- Design and implement best-in-class scalable security solutions in close collaboration with the Engineering organization
- Promote secure design of systems and infrastructure in line with industry standards and best practices (including OWASP, CIS) including application of secure coding practices across the engineering organization, conducting security reviews of new features, leveraging industry tooling to automate and improve the security review
- Continue to evolve the vulnerability management program, monitor systems for vulnerabilities and address them based on criticality
- Monitor and respond to threats and potential security incidents
Requirements
- Proven experience implementing an Information Security Program aligned with NIST 800-53, NIST CSF, ISO 270xx, 23 NYCRR, FINRA, CSA, AICPA SOC 2 (NIST and ISO listed at a minimum)
- Practical experience designing and implementing cloud security solutions within an AWS environment
- Practical knowledge of secure coding practices (including OWASP, CIS)
- Experience working with cybersecurity vendors for security assessments
- Hands on experience provisioning, configuring and securing systems and applications
- Experience in Financial Services, FinTech or similar highly regulated industry a plus
- Minimum 5-10 years of experience in an information security/cybersecurity senior role
- Being a strong problem-solver with good communication and collaboration skills
- Being flexible, a self-starter, and a fast-learner
*Remote optional until the end of the year due to COVID-19
We’re a young and rapidly growing FinTech company - if you have ever wanted to jump on a rocket ship as it’s taking off, now is your chance!