Skip to content
RainRainNew York, NY

CISO

Owns security governance, risk, and compliance strategy with focus on ISO 27001 certification and regulatory readiness in a fintech environment. Partners with engineering and leadership to implement controls, manage audits, and report risks; requires 8-12+ years in security leadership.

Salary not listed
Hybrid8+ YOESecurity Engineering

About the role

Responsibilities

  • Own and drive Rain’s information security and compliance strategy, with a primary focus on ISO 27001 (and related standards) readiness, certification, and ongoing maintenance.
  • Serve as the executive owner for security compliance programs (e.g., ISO 27001, SOC 2, vendor risk, customer security reviews).
  • Design, implement, and continuously improve Rain’s security governance framework, including policies, standards, and risk management processes.
  • Partner closely with Engineering, Infrastructure, Product, Legal, and Operations to embed compliance and security requirements into technical and business workflows.
  • Lead and manage external audits, certifications, and assessments, acting as the primary point of contact for auditors and assessors.
  • Translate regulatory, customer, and partner security requirements into practical, scalable controls that align with Rain’s architecture and operating model.
  • Own the risk management lifecycle, including risk identification, assessment, prioritization, and executive reporting.
  • Establish and track security and compliance metrics, reporting posture, progress, and risk to executive leadership and the board as needed.
  • Oversee incident response governance, ensuring policies, playbooks, and escalation paths meet compliance and regulatory expectations.

Requirements

  • 8–12+ years of experience in information security, GRC, or security leadership roles, with demonstrated ownership of compliance programs.
  • Hands-on experience leading ISO 27001 certification efforts (initial certification and/or ongoing surveillance audits).
  • Experience operating as a security leader in a high-growth, technology-driven company, ideally in fintech, payments, or regulated environments.
  • Strong understanding of security governance, risk management, and control frameworks (ISO 27001/27002, SOC 2, NIST, etc.).
  • Proven ability to partner effectively with engineering and technical teams to implement controls in cloud-native and application-driven environments.
  • Experience managing third-party risk, customer security questionnaires, and enterprise security reviews.
  • Ability to clearly communicate risk, tradeoffs, and priorities to executives and non-technical stakeholders.

Nice to Haves

  • Experience with additional frameworks such as SOC 2 Type II, PCI DSS, ISO 22301, or regional regulatory requirements.
  • Prior experience acting as a first or early security leader at a scaling company.
  • Familiarity with cloud security and modern application architectures, even if not hands-on day-to-day.
  • Experience supporting global customers or international compliance requirements.
  • Security or compliance certifications (e.g., CISSP, CISM, ISO 27001 Lead Implementer / Auditor).
  • Experience presenting security posture or risk assessments to boards or executive committees.

Skills

ISO 27001Iso 27002SOC 2NistGRCCloud SecurityRisk ManagementIncident ResponsePci DssCisspCism
Mercury

Deputy Chief Information Security Officer - Bank

MercurySan Francisco, CA +2

The Deputy Chief Information Security Officer will be the operating second to the CISO, owning the bank-entity scope of Mercury's 2LOD Information Security program. This role focuses on building and defending the program, ensuring examiner readiness, and leading remediation efforts for FFIEC IT control deficiencies.

243k – 354k/yr
Remote8+ YOESecurity Engineering
Sardine

Deputy Chief Information Security Officer

SardineUnited States

The Deputy Chief Information Security Officer will partner with the CISO to scale the security program, operating across application security, GRC, security operations, and cloud security. This senior leader will identify high-risk areas, support compliance initiatives, and represent the security program to internal and external stakeholders.

235k – 270k/yr
Remote10+ YOESecurity Engineering
Lumafield

Chief Information Security Officer (CISO)

LumafieldSan Francisco, CA

Leads end-to-end information security including cloud architecture, product security, compliance (SOC 2, ISO 27001, ITAR), and incident response for a high-growth industrial tech company. Requires 10+ years experience with 3+ in senior leadership and deep AWS/cloud expertise.

180k – 220k/yr
On-site10+ YOESecurity Engineering
Vanta

Field Chief Information Security Officer (Field CISO)

VantaUnited States

Acts as customer-facing security leader and trusted advisor, supporting sales in enterprise deals, leading C-suite briefings, and influencing product roadmap. Requires 10+ years security leadership, compliance expertise, and strong communication skills.

398k – 468k/yr
Remote10+ YOESecurity Engineering
Huntress

Vice President, Threat Detection & Response

HuntressUnited States

Lead the Threat Detection & Response organization including SOC, detection engineering, and threat hunting teams. Drive strategy for an agentic SOC model, build leadership bench, and own security outcomes tied to business metrics.

250k – 320k/yr
Remote10+ YOESecurity Engineering