Apply on Employer Site

Peach · 1 month ago

Fractional CISO

United States

Full-time

Remote

Senior Level

7+ years exp

Peach is a modern loan management and servicing platform empowering lenders to launch and scale new lending programs. The role involves leading and implementing the information security program, overseeing security architecture and compliance, and managing security operations.

Financial ServicesFinTechLendingSaaS

No H1B

U.S. Citizen Only

Responsibilities

Assess and identify security controls for sensitive and regulated data; refine and oversee compliance programs aligned with regulatory and international standards (e.g., ISO27001, SOC2)

Prepare and present accurate and timely information in response to audits and inquiries; institutes a proactive culture to align activities and measurement with internal policy and regulatory requirements

Develop and drive implementation of a short and long term security strategy and goals in alignment with Peach's business objectives and culture

Oversee information security in enterprise IT infrastructure and in deployment and management of enterprise applications

Secure operations involving Engineering, and development operations, requiring connectivity and integration with third party partners

Responsible for the 24 x 7 x 365 Security Operations Center and accountable for availability of global security systems including monitoring, vulnerability management and other information protection capabilities

Perform gap analysis of current state versus industry best practices

Act as a Subject Matter Expert ('SME') and liaison for all InfoSec teams during discussions on technical architecture and design reviews; provides input, feedback, advice, and guidance

Manage communications with security leaders from clients and partner organizations

Oversee management of information security tools, contracts, documentation, standards, and processes to ensure an operating environment that is sound, sustainable, and compliant with company policies and requirements

Identify and classify risks related to new implementations or existing infrastructure and application solutions and provision of guidance for remediation

Establish and enhance Policies and Procedures to ensure the following of security best practices and compliance

Evolve Peach's capability to monitor threats and vulnerabilities as well as detect, investigate, respond to, and recover from incidents

Qualification

Information Security ManagementSecurity ArchitectureRisk ManagementCompliance StandardsCloud SecurityIncident ManagementCybersecurity LeadershipCommunicationProblem SolvingOrganizational Skills

Required

7+ years of enterprise information security or relevant technology experience

2+ years experience leading a team of InfoSec/cybersecurity professionals

A breadth of hands-on and senior leadership experience in security, engineering, or IT management

In-depth understanding and management of global information security, and security technologies such as intrusion detection and content filtering, threat patterns, security architecture, application architecture, and compliance criteria

Thorough understanding of SDLC and Application Security Policies, Design and Documentation

Ability to communicate, interpret Infosec and playback requirements to a non-technical security team (ie non-functional requirements)

Thorough understanding of Risk Management principles (Risk Register, Cyber risks etc)

Fundamental understanding of Incident Management and Security Operations

Experience with cryptography, ethical hacking, computer forensics, information assurance, and intrusion detection and prevention methodologies

Experience securing and navigating cloud platforms, such as GCP or AWS platforms

Knowledge of common operating systems (e.g. Windows, Mac OS, etc.), endpoint security principles, networking services and protocols; understanding of security technologies (IDS, firewalls, SIEM), cloud security monitoring technologies and the desire to remain technically hands-on, but also operate on a strategic level

Excellent communication skills, especially the ability to communicate security and risk-related concepts to technical and non-technical audiences

Ability to understand the business context and technology challenges and handle uncertainty and apply appropriate security solutions in response to multiple risks and needs

Deep knowledge of relevant security and compliance frameworks, standards, and regulations (such as SOC2, NIST, COBIT, ISO270xx)

Exceptional interpersonal, oral, and written communication skills. Capable of listening and obtaining clarification, changing approach or method to best fit the situation. Able to effectively partner with cross-functional teams to coordinate activities and accomplish goals

Ability to clearly and succinctly communicate verbally and in writing, translating technical jargon to correspond with the audience's knowledge and understanding

Strong organizational skills, ability to coordinate multiple tasks and support projects of varying complexity concurrently

Established history of taking a thoughtful action-oriented approach for meeting the demands of multiple internal customer groups and operational needs

Natural problem solver; analytical and oriented towards diagnosis and remediation

Creative and proactive thinker; can employ a user mindset and generate solutions and proactive recommendations for optimal end user experience