Chief Information Security Officer (CISO) jobs in United States
cer-icon
Apply on Employer Site
company-logo

Swyfft · 2 months ago

Chief Information Security Officer (CISO)

positionUnited States
timeFull-time
remoteRemote
seniorityDirector/Executive
money$200K/yr - $220K/yr
date7+ years exp

Swyfft is reshaping the insurance industry with a focus on technology and customer service. They are seeking a Chief Information Security Officer (CISO) to build and manage a robust security compliance program while also engaging in hands-on technical security work, particularly in preparation for NYDFS compliance.

InsuranceInsurTechProperty Insurance
check
Growth Opportunities
check
H1B Sponsor Likelynote

Responsibilities

Own Swyfft's cybersecurity program end-to-end, including NYDFS compliance
Build and manage our Third-Party Service Provider (TPSP) security governance program (vendor inventory, risk assessments, security questionnaires, ongoing monitoring)
Conduct annual risk assessments and coordinate penetration testing
Create and maintain security policies, incident response plans, and business continuity documentation
Prepare annual board reporting and regulatory certifications
Manage security awareness training program
Coordinate incident reporting to NYDFS when required (72-hour notification window)
Oversee implementation of multi-factor authentication (MFA) across our web platform (currently in planning phase)
Review and improve security architecture for our C#/.NET applications and infrastructure
Work directly with engineering teams on secure development practices and code review for security issues
Manage vulnerability assessments and coordinate remediation with engineering
Design and implement security controls and monitoring capabilities
Evaluate and implement security tooling (SIEM, vulnerability scanning, etc.)
Respond to security incidents and conduct post-incident analysis
Review API security, authentication/authorization patterns, and data protection controls

Qualification

NYDFS complianceSecurity program managementMulti-factor authentication (MFA)C#/.NET securityCISSPCISM certificationCloud infrastructure securityRegulatory compliance programsWeb application securitySQL database securityRisk assessmentsIncident responseSecurity awareness trainingVendor managementTechnical communication

Required

7-10+ years in information security with a mix of technical and compliance work
Experience with regulatory compliance programs (NYDFS, SOC 2, PCI-DSS, HIPAA, or similar frameworks)
Strong technical background - you should be comfortable reviewing C# code, understanding web application architecture, and discussing database security
Proven track record building security programs, not just maintaining existing ones
Experience working with remote/distributed engineering teams
Excellent written and verbal communication skills (you'll be explaining security decisions to both engineers and executives)
A Bachelor's degree in Computer Science, Computer Engineering, or equivalent work experience is required
You don't need to be a full-stack developer, but you should be able to: Read and understand C# and Typescript code well enough to spot security issues, Review system architecture diagrams and identify security concerns, Understand web application security (OWASP Top 10, authentication flows, API security), Work with SQL databases and understand data protection requirements, Evaluate security tools and integrate them into development workflows
Reliable high-speed internet connectivity required
Designated quiet work from home space

Preferred

Specific experience with NYDFS 23 NYCRR 500 compliance
Background in financial services or insurance industry
Experience implementing authentication systems (OAuth, SAML, MFA)
CISSP, CISM, or similar security certification
Experience with cloud infrastructure security (AWS, Azure, or GCP)

Benefits

Medical, Dental, and Vision
Short- and Long-Term Disability (Company Paid)
Voluntary Long-Term Disability
Employee Life & AD&D (Company Paid)
Voluntary Employee, Spouse, and Child Life & AD&D
Healthcare, Dependent Care and Transit FSA, and Healthcare Savings Account (HSA)
401K with a generous matching contribution and no vesting schedule
20 days of PTO annually (prorated based on hire date)
Company Paid Holidays and 2 “Choose Your Own Holidays”

Company

Swyfft

twittertwitter
company-logo
A simpler way to do home insurance.
dateFounded in 2014
location
Morristown, New Jersey, USA
people-size51-200 employees
web-link
https://www.swyfft.com/

H1B Sponsorship

Swyfft has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2024 (1)
2021 (1)

Funding

Current Stage
Growth Stage
Total Funding
$7.5M
2017-01-21Series A· $7.5M

Leadership Team

leader-logo
Kenneth Smith
CTO
linkedin
K
Kirk Citsay
Vice President Finance
linkedin
Company data provided by crunchbase