Chief Information Security Officer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Vestwell · 2 weeks ago

Chief Information Security Officer

positionNew York, NY
timeFull-time
remoteHybrid
seniorityDirector/Executive
money$200K/yr - $250K/yr
date10+ years exp

Vestwell is a financial technology company based in New York City that is redefining how people save for critical aspects of life. They are seeking a Chief Information Security Officer (CISO) to lead their enterprise-wide security strategy, focusing on building a high-performing security organization and maturing their security programs in alignment with regulatory requirements.

Employee BenefitsFinanceFinancial ServicesFinTechRetirement
check
Comp. & Benefits
check
H1B Sponsor Likelynote

Responsibilities

Own the enterprise information security vision, multi-year strategy, roadmap, and governance model that align to Vestwell’s business goals and growth
Build, lead, and develop a high-performing security organization; attract and mentor top talent and scale operating models and processes to meet Vestwell’s future needs
Evaluate current security technologies and capabilities (e.g., endpoint protection, monitoring/telemetry, DLP, IAM/zero trust, secret management, vulnerability and patch management) and recommend any changes or additions needed to elevate Vestwell’s security posture
Build and mature a comprehensive security program grounded in recognized frameworks (e.g., NIST, ISO 27001, CIS Controls), including policy architecture, control implementation, and continuous improvement and audit readiness
Establish and operationalize key cybersecurity metrics and KRIs/KPIs; provide concise, decision-oriented reporting to executive leadership and key stakeholders
Champion a security-first culture via company-wide awareness, training, and targeted education (e.g., phishing exercises), and ensure policies are well-understood and adopted
Drive secure-by-design practices across product and engineering (e.g., SDLC, threat modeling, code scanning, penetration testing, cloud/infrastructure hardening) and partner closely with IT, Legal, Compliance, and Operations to safeguard PII and sensitive data
Lead security incident management, including strategy, readiness, tabletop exercises, detection/response, crisis communications, lessons-learned, and executive/Board reporting; ensure tight alignment with business continuity and disaster recovery
Serve as the technical owner for cyber risk: define risk appetite/tolerances in partnership with executive leadership, establish risk assessment and reporting cadences, and present security posture, investments, and material risks to the CTO and the executive leadership

Qualification

Cybersecurity leadershipSecurity program designRegulatory complianceIncident responseAdvanced certificationsCloud securityRisk assessmentCross-functional collaborationExecutive communicationTalent developmentPartnership executionStrategic thinking

Required

10+ years of progressive experience in cybersecurity with 5+ years leading enterprise security programs or functions; proven leadership in high-growth or highly regulated environments
Demonstrated success designing and operating security programs aligned to leading frameworks and sustaining regulatory compliance and audit readiness
Expert ability to identify, prioritize, and communicate risk; proven track record translating complex technical concepts into actionable insights and decisions for executive, Board, and technical audiences
Strong cross-functional leadership and collaboration skills; experienced at influencing product, engineering, IT, legal, compliance, and operations stakeholders
Advanced knowledge across core security domains: endpoint protection, monitoring/telemetry, DLP, IAM/zero trust, vulnerability/patch management, incident response, cloud and infrastructure security, authentication/authorization, and sensitive data protection
Experience leading incident response, resiliency programs, and crisis management, including executive and Board-level reporting

Preferred

Advanced certifications such as CISSP, CISM, CISA, CCSP, or comparable
Familiarity with secure SDLC practices, threat modeling, and penetration testing at scale
Experience leading or supporting SOC examinations and financial services regulatory compliance
Commitment to continuous learning; up to date on evolving threats, trends, and innovations

Benefits

Competitive health coverage
Generous vacation offering
401(k) plan

Company

Vestwell

twittertwittertwitter
company-logo
Vestwell is the backbone of the modern savings economy; a fintech company powering savings for retirement, education, and healthcare.
dateFounded in 2016
location
New York, New York, USA
people-size201-500 employees
web-link
http://vestwell.com

H1B Sponsorship

Vestwell has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (4)
2024 (3)
2023 (5)
2022 (3)
2021 (3)
2020 (2)

Funding

Current Stage
Late Stage
Total Funding
$238.82M
Key Investors
Lightspeed Venture PartnersGoldman Sachs Growth EquityF-Prime
2023-12-21Series D· $125M
2021-07-20Series C· $70M
2019-04-02Series B· $31.27M

Leadership Team

leader-logo
Aaron Schumm
Founder, Chairman, & CEO
linkedin
leader-logo
David Sheen
Chief Financial Officer
linkedin

Recent News

PR Newswire
Vestwell Launches National ABLE Savings Initiative to Help Millions of Americans with Disabilities Build Financial Independence
2026-01-09
vestwell.com
An American Fintech Success Story: Vestwell Raises $125M Series D
2025-12-23
Pulse 2.0
Vestwell To Buy Accrue 401k
2025-12-21
Company data provided by crunchbase