Ceres USA · 1 day ago
Chief Information Security Officer (CISO)
New York, NY
Full-time
Onsite
Director/Executive
10+ years expCeres USA Holdings, LLC is a fast-growing, technology-driven annuity carrier startup focused on redefining retirement security. The Chief Information Security Officer (CISO) will establish and lead the enterprise-wide information security and cyber risk program, ensuring security enables innovation and supports the growth of the fintech-enabled insurance startup.
Financial ServicesInsuranceLife Insurance
Responsibilities
Define and own Ceres’ information security and cyber risk strategy, aligned with business objectives, digital transformation initiatives, and approved risk appetite
Serve as the executive authority and trusted advisor on information security, cyber risk, and technology resilience to the CEO, Executive Leadership Team, and Board
Build, lead, and scale a modern security organization appropriate for a fintech startup, leveraging internal talent and strategic managed service providers
Enable secure innovation by balancing robust security controls with agility, automation, and rapid product development
Establish and maintain security governance, policies, standards, and procedures aligned with financial services and insurance regulatory requirements
Oversee compliance with applicable laws, regulations, and frameworks relevant to fintech and insurance operations (e.g., SOC 2, GLBA, NYDFS 500, PCI DSS, privacy regulations)
Lead enterprise cyber risk assessments, threat modeling, and control maturity evaluations
Provide clear, actionable cyber risk reporting to executive leadership and the Board
Oversee security operations including monitoring, vulnerability management, penetration testing, and remediation programs
Lead preparation for and response to cyber security incidents, coordinating with Technology, Legal, Risk, Compliance, and Communications teams
Ensure incident response, disaster recovery, and business continuity plans are established, tested, and continuously improved to meet regulatory and business expectations
Partner with Technology and Product leadership to embed security-by-design into cloud platforms, applications, APIs, data pipelines, and fintech integrations
Review and approve security architecture for new platforms, digital products, and material system changes
Ensure strong identity and access management, encryption, data protection, and privacy controls across advisor- and client-facing solutions
Define and lead third-party security and technology risk management programs, particularly for cloud providers, fintech platforms, and outsourced service partners
Assess, onboard, and continuously monitor vendors critical to annuity administration, payments, data, and digital distribution
Partner with Procurement and Legal to ensure contracts reflect appropriate security, resiliency, and regulatory requirements
Foster a strong security-aware culture aligned with Ceres’ mission, values, and client trust
Lead company-wide security awareness and training initiatives tailored to a fintech startup environment
Monitor emerging cyber threats, fintech trends, and regulatory developments to continuously enhance the security posture
Qualification
Required
Bachelor's degree in Computer Science, Information Security, or a related field
10+ years of progressive information security or cyber security experience, with 7+ years in senior leadership roles
Prior experience as a CISO, Deputy CISO, or Head of Security in a fintech, financial services, or high-growth startup environment
Proven ability to engage with C-suite executives and Boards, translating technical risk into business-focused insights
Demonstrated experience designing and executing incident response, disaster recovery, and business continuity programs
Strong expertise in cyber risk management, security operations, managed security service providers, and cloud security
Experience building metrics, dashboards, and reporting for executive and Board-level decision-making
Deep understanding of privacy, security, and financial services regulatory requirements
Exceptional leadership, communication, and collaboration skills with strong business judgment
Knowledge of and experience with privacy and security law issues
Strong collaboration, problem-solving, and analytical skills, paired with sound business judgment and commercial awareness
Knowledge of and hands-on experience with relevant frameworks and regulation
Partner with Procurement and Legal to ensure contracts meet Ceres' security, resiliency, and regulatory requirements
Preferred
Experience scaling security programs in early-stage or rapidly growing fintech organizations
Leadership experience in Identity & Access Management (IAM), Governance, Risk & Compliance (GRC), or product security
Professional certifications such as CISSP, CISM, or equivalent
Benefits
PTO
Health benefits
Career growth opportunities
Company
Ceres USA
Ceres USA is transforming the traditional annuity experience with a solid financial foundation and the leadership of recognized industry innovators, a proprietary all-digital, tech forward operating platform and standard-setting service and support for advisors and policyholders.
51-200 employees
H1B Sponsorship
Ceres USA has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (7)
2024 (1)
2023 (2)
2020 (1)
Funding
Current Stage
Growth StageRecent News
Company data provided by crunchbase