# CISO

**Company:** [Rain](https://hotfix.jobs/companies/rain)
**Location:** New York, NY
**Role:** Security Engineering
**Experience:** 8+ years
**Skills:** ISO 27001, Iso 27002, SOC 2, Nist, GRC, Cloud Security, Risk Management, Incident Response, Pci Dss, Cissp, Cism
**Posted:** 2026-01-15

> Owns security governance, risk, and compliance strategy with focus on ISO 27001 certification and regulatory readiness in a fintech environment. Partners with engineering and leadership to implement controls, manage audits, and report risks; requires 8-12+ years in security leadership.

## Job Description

## Responsibilities
- Own and drive Rain’s information security and compliance strategy, with a primary focus on ISO 27001 (and related standards) readiness, certification, and ongoing maintenance.
- Serve as the executive owner for security compliance programs (e.g., ISO 27001, SOC 2, vendor risk, customer security reviews).
- Design, implement, and continuously improve Rain’s security governance framework, including policies, standards, and risk management processes.
- Partner closely with Engineering, Infrastructure, Product, Legal, and Operations to embed compliance and security requirements into technical and business workflows.
- Lead and manage external audits, certifications, and assessments, acting as the primary point of contact for auditors and assessors.
- Translate regulatory, customer, and partner security requirements into practical, scalable controls that align with Rain’s architecture and operating model.
- Own the risk management lifecycle, including risk identification, assessment, prioritization, and executive reporting.
- Establish and track security and compliance metrics, reporting posture, progress, and risk to executive leadership and the board as needed.
- Oversee incident response governance, ensuring policies, playbooks, and escalation paths meet compliance and regulatory expectations.

## Requirements
- 8–12+ years of experience in information security, GRC, or security leadership roles, with demonstrated ownership of compliance programs.
- Hands-on experience leading ISO 27001 certification efforts (initial certification and/or ongoing surveillance audits).
- Experience operating as a security leader in a high-growth, technology-driven company, ideally in fintech, payments, or regulated environments.
- Strong understanding of security governance, risk management, and control frameworks (**ISO 27001/27002**, **SOC 2**, **NIST**, etc.).
- Proven ability to partner effectively with engineering and technical teams to implement controls in cloud-native and application-driven environments.
- Experience managing third-party risk, customer security questionnaires, and enterprise security reviews.
- Ability to clearly communicate risk, tradeoffs, and priorities to executives and non-technical stakeholders.

## Nice to Haves
- Experience with additional frameworks such as **SOC 2 Type II**, **PCI DSS**, **ISO 22301**, or regional regulatory requirements.
- Prior experience acting as a first or early security leader at a scaling company.
- Familiarity with cloud security and modern application architectures, even if not hands-on day-to-day.
- Experience supporting global customers or international compliance requirements.
- Security or compliance certifications (e.g., **CISSP**, **CISM**, **ISO 27001 Lead Implementer / Auditor**).
- Experience presenting security posture or risk assessments to boards or executive committees.

## Similar roles

- [Deputy Chief Information Security Officer - Bank](https://hotfix.jobs/jobs/3bc34b06-6d6f-4d10-9324-3fca94d42bf4) - Mercury - Remote - $243k – $354k/yr
- [Deputy Chief Information Security Officer](https://hotfix.jobs/jobs/24e62da1-85df-44cf-b597-303e737d30b5) - Sardine - Remote - $235k – $270k/yr
- [Chief Information Security Officer (CISO)](https://hotfix.jobs/jobs/f68f990e-6665-40ff-84a9-beb24f7f62c0) - Lumafield - San Francisco, CA - $180k – $220k/yr
- [Field Chief Information Security Officer (Field CISO)](https://hotfix.jobs/jobs/28eef70a-a594-42ea-bc4f-94aec1b44fa8) - Vanta - Remote - $398k – $468k/yr
- [Vice President, Threat Detection & Response](https://hotfix.jobs/jobs/532afb42-1f32-4a55-950e-294a22defd85) - Huntress - Remote - $250k – $320k/yr

**Apply:** https://hotfix.jobs/jobs/7c1a93bb-d143-4297-af9e-3d1d6a42085a
**Canonical:** https://hotfix.jobs/jobs/7c1a93bb-d143-4297-af9e-3d1d6a42085a