Chief Information Security Officer

About Peach

Peach is a modern loan management and servicing platform empowering lenders to launch and scale new lending programs. We provide a fully integrated, configurable system of record with API-first architecture, enabling lenders to bring products to market quickly while maintaining full compliance and operational efficiency. Peach is a rapidly scaling B2B SaaS platform. We are on a mission to scale to $100M ARR in the next few years. As we enter this next chapter, marketing will play a critical role in shaping our market position, amplifying our voice, and driving accelerated growth.

The Role

We’re looking for a hands on Fractional Chief Information Security Officer that will help us lead, architect and implement and maintain our information security program. Lead our security architecture, cyber planning, define and implement security policies and procedures. Join a small team of experts and make a huge impact on the rapidly growing industry.
‍

What You'll Do

• Assess and identify security controls for sensitive and regulated data; refine and oversee compliance programs aligned with regulatory and international standards (e.g., ISO27001, SOC2).
• Prepare and present accurate and timely information in response to audits and inquiries; institutes a proactive culture to align activities and measurement with internal policy and regulatory requirements.
• Develop and drive implementation of a short and long term security strategy and goals in alignment with Peach's business objectives and culture.
• Oversee information security in enterprise IT infrastructure and in deployment and management of enterprise applications.
• Secure operations involving Engineering, and development operations, requiring connectivity and integration with third party partners.
• Responsible for the 24 x 7 x 365 Security Operations Center and accountable for availability of global security systems including monitoring, vulnerability management and other information protection capabilities.
• Perform gap analysis of current state versus industry best practices.
• Act as a Subject Matter Expert ('SME') and liaison for all InfoSec teams during discussions on technical architecture and design reviews; provides input, feedback, advice, and guidance.
• Manage communications with security leaders from clients and partner organizations.
• Oversee management of information security tools, contracts, documentation, standards, and processes to ensure an operating environment that is sound, sustainable, and compliant with company policies and requirements.
• Identify and classify risks related to new implementations or existing infrastructure and application solutions and provision of guidance for remediation.
• Establish and enhance Policies and Procedures to ensure the following of security best practices and compliance.
• Evolve Peach's capability to monitor threats and vulnerabilities as well as detect, investigate, respond to, and recover from incidents.
  ‍

Who You Are

• 7+ years of enterprise information security or relevant technology experience.
• 2+ years experience leading a team of InfoSec/cybersecurity professionals.A breadth of hands-on and senior leadership experience in security, engineering, or IT management.
• Demonstrated experience owning and passing audits within the finance industry (banking, lending, fintech, etc.)
• In-depth understanding and management of global information security, and security technologies such as intrusion detection and content filtering, threat patterns, security architecture, application architecture, and compliance criteria.
• Thorough understanding of SDLC and Application Security Policies, Design and Documentation.
• Ability to communicate, interpret Infosec and playback requirements to a non-technical security team (ie non-functional requirements).
• Thorough understanding of Risk Management principles (Risk Register, Cyber risks etc).
• Fundamental understanding of Incident Management and Security Operations.
• Experience with cryptography, ethical hacking, computer forensics, information assurance, and intrusion detection and prevention methodologies.
• Experience securing and navigating cloud platforms, such as GCP or AWS platforms.
• Knowledge of common operating systems (e.g. Windows, Mac OS, etc.), endpoint security principles, networking services and protocols; understanding of security technologies (IDS, firewalls, SIEM), cloud security monitoring technologies and the desire to remain technically hands-on, but also operate on a strategic level.
• Excellent communication skills, especially the ability to communicate security and risk-related concepts to technical and non-technical audiences.
• Ability to understand the business context and technology challenges and handle uncertainty and apply appropriate security solutions in response to multiple risks and needs.
• Deep knowledge of relevant security and compliance frameworks, standards, and regulations (such as SOC2, NIST, COBIT, ISO270xx).
• Exceptional interpersonal, oral, and written communication skills. Capable of listening and obtaining clarification, changing approach or method to best fit the situation. Able to effectively partner with cross- functional teams to coordinate activities and accomplish goals.
• Ability to clearly and succinctly communicate verbally and in writing, translating technical jargon to correspond with the audience's knowledge and understanding.
• Strong organizational skills, ability to coordinate multiple tasks and support projects of varying complexity concurrently.
• Established history of taking a thoughtful action-oriented approach for meeting the demands of multiple internal customer groups and operational needs.
• Natural problem solver; analytical and oriented towards diagnosis and remediation.
• Creative and proactive thinker; can employ a user mindset and generate solutions and proactive recommendations for optimal end user experience.

U.S. Work Authorization Statement

Peach is unable to sponsor or take over sponsorship of an employment visa (e.g., H-1B) for this role, now or in the future. All applicants must be currently authorized to work for any employer in the United States on a full-time, permanent, and unrestricted basis.
‍

How to Apply

Note: This is a syndicated job post. Fractional Jobs found it on the web, but we are not working with the client directly, so we don't have control over or knowledge of the application process. To apply, click on the "View Application" button and follow the application's instructions. Let us know how it goes!