SSUSA Job #887: Head of Security and Compliance

Job Description


One of our NYC based Fintech companies is seeking someone that will be responsible for the information risk management program and also the mindset of the information security program that is so important to our success. You will be responsible for establishing and maintaining the info security program across the enterprise to ensure that information assets, technology, applications, infrastructure and processes are protected.


Information Security

·       Ensure continuous compliance to ISO 27001 & SOC2 Type II

·       Develop and maintain strategy to enhance the security while maintaining budget and costs

·       Ensure information security-related legal & contractual requirements are met.   

·       Manage day to day activities for information assets & access management

·       Perform regular measurements to assess conformance to ISO 27001 standard

·       Ensure compliance in vulnerability management by overviewing and controlling static and dynamic applications and environment scans (Tenable, Veracode, Whitesource)

·       Manage annual Pentests, BCP & Data Breach activities

·       Ensure all security issues are groomed, prioritized, tested and deployed as part of the Agile Scrum SDLC

·       Conduct risks review, annual internal & external audits

·       Ensure 3rd party contractor compliance to policies and processes

·       Manage access security of users to Atlassian Suite (JIRA, Confluence, BitBucket)



·       Maintain and build upon current global privacy program

·       Develop, implement and maintain privacy policies and procedures in accordance with applicable law

·       Oversee response to regulatory inquiries relating to privacy including data subject access requests

·       Partner with the business to implement a control environment for products and solutions that complies with regulatory obligations, including privacy by design

·       Conduct privacy risk assessments   

·       Being able to guide the development teams in their effort for privacy by design  


Customer Compliance and Security

·       Lead Third Party Oversight (TPO) efforts in coordination with the DevOps team 

·       Manage TPO audits with customers and provide status to customers as necessary

·       Manage deadlines for TPO findings and resolutions

·       Identify projects and collaborate with Development, QA, Product and DevOps teams to ensure delivery

·       Manage deadlines for TPO findings and resolutions

·       Review all privacy matters in customer and vendor contracts 

·       Own the responses to privacy and security portions of customer RFP’s.

·       Training

·       Assure that staff are properly trained on information security and privacy compliance matters and that training fits within an approved budget

·       Ensure training compliance company wide and within the ISMS team


Required Skills and Experience:

·       Bachelor’s degree in Computer Science or related field required

·       5-7 years of experience in risk management, information security, IT and privacy

·       Strong knowledge of information security best practices, standards and frameworks such as ISO/IEC 27000, PCI, HIPAA

·       Proven track record and experience in developing information security policies and procedures, ideally in a fintech environment

·       Strong understanding of various technologies and their application in financial services and communications such as network infrastructure and protocols, voice technology, WebRTC and AWS.

·       Knowledge of GDPR, CCPA, PDPC, Shield Act and related privacy regulatory regimes

·       Knowledge of AWS products and architecture

·       Knowledge around SIEM data collection best practices

·       CISSP, CAP, or CISA certification is a plus


Job Location
New York City

Position Type