Chief Information Security Officer

About Us

Peach is a cloud-native lending technology platform that helps fintechs and traditional financial institutions quickly launch new lending programs. We're the only lending platform built on an Adaptive Core™. We’re looking for a Fractional  Chief Information Security Officer who will help us lead, architect and implement our information security program. Lead our security architecture, cyber planning, define and implement security policies and procedures.
‍

Responsibilities

• Develop and drive implementation of a short and long term security strategy and goals in alignment with Peach's business objectives and culture
• Oversee information security in enterprise IT infrastructure and in deployment and management of enterprise applications
• Secure operations involving Engineering, and development operations, requiring connectivity and integration with third party partners
• Responsible for the 24 x 7 x 365 Security Operations Center and accountable for availability of global security systems including monitoring, vulnerability management and other information protection capabilities
• Perform gap analysis of current state versus industry best practices
• Act as a Subject Matter Expert ('SME') and liaison for all InfoSec teams during discussions on technical architecture and design reviews; provides input, feedback, advice, and guidance
• Manage communications with security leaders from clients and partner organizations
• Prepare and present accurate and timely information in response to audits and inquiries; institutes a proactive culture to align activities and measurement with internal policy and regulatory requirements
• Oversee management of information security tools, contracts, documentation, standards, and processes to ensure an operating environment that is sound, sustainable, and compliant with company policies and requirements
• Identify and classify risks related to new implementations or existing infrastructure and application solutions and provision of guidance for remediation
• Establish and enhance Policies and Procedures to ensure the following of security best practices and compliance
• Assess and identify security controls for sensitive and regulated data; refine and oversee compliance programs aligned with regulatory and international standards (e.g., ISO27001, SOC2)
• Evolve Peach's capability to monitor threats and vulnerabilities as well as detect, investigate, respond to, and recover from incidents
  
  
  

Requirements

• 7+ years of enterprise information security or relevant technology experience
• 2+ years experience leading a team of InfoSec/cybersecurity professionals
• A breadth of hands-on and senior leadership experience in security, engineering, or IT management
• In-depth understanding and management of global information security, and security technologies such as intrusion detection and content filtering, threat patterns, security architecture, application architecture, and compliance criteria
• Thorough understanding of SDLC and Application Security Policies, Design and Documentation
• Ability to communicate, interpret Infosec and playback requirements to a non-technical security team (ie non-functional requirements)
• Thorough understanding of Risk Management principles (Risk Register, Cyber risks etc)
• Fundamental understanding of Incident Management and Security Operations
• Experience with cryptography, ethical hacking, computer forensics, information assurance, and intrusion detection and prevention methodologies
• Experience securing and navigating cloud platforms, such as GCP or AWS platforms
• Knowledge of common operating systems (e.g. Windows, Linux, etc.), endpoint security principles, networking services and protocols; understanding of security technologies (IDS, firewalls, SIEM), cloud security monitoring technologies and the desire to remain technically hands-on, but also operate on a strategic level
• Excellent communication skills, especially the ability to communicate security and risk-related concepts to technical and non-technical audiences
• Ability to understand the business context and technology challenges and handle uncertainty and apply appropriate security solutions in response to multiple risks and needs
• Deep knowledge of relevant security and compliance frameworks, standards, and regulations (such as SOC2, NIST, COBIT, ISO270xx)
• Exceptional interpersonal, oral, and written communication skills. Capable of listening and obtaining clarification, changing approach or method to best fit the situation. Able to effectively partner with cross-functional teams to coordinate activities and accomplish goals
• Ability to clearly and succinctly communicate verbally and in writing, translating technical jargon to correspond with the audience's knowledge and understanding
• Strong organizational skills, ability to coordinate multiple tasks and support projects of varying complexity concurrently
• Established history of taking a thoughtful action-oriented approach for meeting the demands of multiple internal customer groups and operational needs
• Natural problem solver; analytical and oriented towards diagnosis and remediation
• Creative and proactive thinker; can employ a user mindset and generate solutions and proactive recommendations for optimal end user experience
  
  
  

Benefits/Perks

• Work in the East-Bay or remote!
• Be part of the first professionals in a rapidly-growing team
• Shape the overall product and culture
• Full benefits, including healthcare, parking and/or commuter benefit, gym membership, and more
• Small & friendly work environment

‍

How to Apply

Note: This is a syndicated job post, meaning it was not posted to Fractional Jobs directly, so we don't have control over the application process. To apply, click on the "View Application" and follow the application's instructions.

‍