Head of Information Security (CISO)

We’re looking for a detail-oriented problem-solver, collaborative relationship-builder, and expert cybersecurity leader to join our Risk & Compliance team as the Head of Information Security (CISO).

You will be the senior-most leader responsible for defining, implementing, and overseeing our enterprise-wide information security and risk management strategy. This is a critical leadership position that requires a strong balance of technical expertise, business acumen, and regulatory knowledge, particularly within the highly regulated financial services sector. You will report directly to the CTO and serve as a key advisor to the executive team and Board of Directors on all matters related to cyber risk.

• Develop, own, and continually refine the comprehensive Information Security and Cyber Risk Management strategy and roadmap for the company, aligning it with business goals and regulatory requirements.
• Lead, mentor, and scale a high-performing security organization, fostering a culture of security-first thinking across all departments.
• Manage the security budget, technology investments, and vendor relationships to ensure cost-effective and robust security controls.

• Establish and maintain an enterprise-wide risk management framework to identify, assess, and prioritize security risks across the technology stack and business operations.
• Ensure rigorous compliance with all relevant financial regulations and standards (e.g., PCI DSS, SOC 2, ISO 27001, CCPA, CSF/NIST, and any specific regional financial regulatory bodies).
• Oversee all security audits, compliance assessments, and regulatory examinations, and manage the timely remediation of findings.
• Collaborate with the legal, compliance and privacy functions to conduct reviews/audits, RFPs, recommend policies and procedures, monitor status and report violations to appropriate management.

• Define and govern the security architecture for our cloud-native environment [AWS/GCP].
• Implement and manage a robust set of security tools and technologies (SIEM, Endpoint Detection & Response, Vulnerability Scanners, Firewalls, Data Loss Prevention, etc.).
• Champion DevSecOps principles, partnering closely with Engineering to embed security controls (SAST, DAST, SCA) into the CI/CD pipeline and Software Development Lifecycle (SDLC).
• Oversee all aspects of data protection, identity and access management (IAM), and network security.

• Develop, test, and lead the Security Incident Response Plan (SIRP), ensuring the team can rapidly detect, contain, and recover from security incidents.
• Manage the Disaster Recovery (DR) and Business Continuity Plan (BCP) efforts to ensure business resilience.

• Provide clear, concise, and regular reporting on the organization's security posture, key risks, and security metrics to the Executive Team and Board of Directors.
• Serve as the key security subject matter expert across the organization to implement changes and best practices to continuously improve the security posture of the enterprise.  
• Represent the organization with external stakeholders to confidently articulate our security controls.

• 5 - 10 years of progressive experience in Information Security and Cyber Risk Management, with at least 3-5 years in a senior leadership role (Director, VP, or CISO).
• Demonstrable experience working within the Fintech or a closely regulated financial services industry is required.
• Deep expertise in regulatory frameworks relevant to financial data (PCI DSS, ISO 27001, SOC 2, or similar).
• Proven hands-on experience securing modern, cloud-native environments (e.g., AWS, GCP).
• Exceptional leadership, communication, and interpersonal skills, with the ability to influence technical teams, executive management, and external stakeholders.
• Bachelor's degree in Computer Science, Information Technology, or a related field.

• Advanced degree (e.g., Master's in a relevant field or MBA).
• Relevant professional certifications (e.g., CISSP, CISM, CRISC, CISA).
• Experience with advanced security techniques such as offensive security/penetration testing and threat intelligence.
• Familiarity with securing high-velocity workflows and microservices architecture.

Mission Lane is an equal opportunity employer. We do not discriminate on the basis of race, color, religion, sex (including pregnancy, sexual orientation, or gender identity), national origin, age, disability, genetic information, or any other protected status. 

Mission Lane provides reasonable accommodations to applicants who need them for medical or religious reasons, as required by law.  Applicants can initiate an accommodation request by contacting peopleexperience@missionlane.com.

Mission Lane is not sponsoring new applicant employment authorization and please, no third-party recruiters.

Our cardholders trust us with their financial well-being, and this trust starts with the integrity of the people on our team. We're looking for team members who share our dedication to transparency and truth. Please verify that the information in your application is accurate and complete. 

Providing any information to Mission Lane that is not completely truthful at any point during the application or hiring process may result in removal from the hiring process, disqualification from future opportunities, withdrawal of an offer or other sanctions for candidates and, in addition for employees, disciplinary action, up to and including termination of employment.