We’re looking for a VP of Security Engineering to build out and mature the Information Security Program at a rapidly growing FinTech startup. The ideal candidate will have knowledge of industry best practices as well as modern technology solutions and will be a proactive hands-on leader who will collaborate with the rest of the organization to help Ocrolus manage cybersecurity risk. We need someone with a strong and successful track record of solving hard problems using out-of-the-box thinking and leveraging modern technologies and solutions to support the program. This candidate will also present us in all client contexts around Security and promotion to full CISO status is available for the right candidate.
Ocrolus is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.
- Recruit, develop, and retain a talented group of information security professionals for our security engineering function.
- Design and implement best-in-class scalable security solutions in close collaboration with the Engineering organization
- Promote secure design of systems and infrastructure in line with industry standards and best practices (including OWASP, CIS) including the application of secure coding practices across the engineering organization, overseeing security reviews of new features, leveraging industry tooling to automate and improve the security review
- Continue to evolve the vulnerability management program, monitor systems for vulnerabilities, and address them based on the criticality
- Monitor and respond to threats and potential security incidents
- Mature the Information Security Program to align with industry best practices, standards, and guidance related to cybersecurity such as NIST (including CSF, 800-53), ISO 270xx, AICPA SOC 2
- A minimum of 10 years of experience in the network/security engineering and/or security areas with at least 7 years of direct people management experience.
- Practical experience designing and implementing cloud security solutions within an AWS environment
- Practical knowledge of secure coding practices (including OWASP, CIS)
- Hands-on experience provisioning, configuring and securing systems and applications
- Demonstrated expertise and experience with advanced and 0-day threats, intrusions, malware infection, packet analysis
- Experience in Financial Services, FinTech, or similar highly regulated industry a plus
- Proven experience implementing an Information Security Program aligned with NIST 800-53, NIST CSF, ISO 270xx, AICPA SOC 2 (NIST and ISO listed at a minimum)
- Proven strong communication skills
- Certifications in CISSP, CCSP, CCIE-Security, or CEH highly desirable
- Familiarity with DevOps principles and practices
- Demonstrated thought leadership in the global Cyber Security community through talks, panel participation, blogs, podcasts, etc.