Deputy Chief Information Security Officer (CISO) - Varo Bank US Remote Bookmark Share Print 76 0 1

Listing Description

The Deputy Chief Information Security Officer (CISO) reports to the Chief Operational Risk Officer and works closely with the CORO, the Chief Risk Officer (CRO), Varo’s executive leadership (ex: CTO) as well as business partners to protect the confidentiality, integrity and availability of customers’ information and financial assets. The Deputy CISO is responsible for overseeing the design, implementation, monitoring, and governance of Varo’s information security framework. With the CORO, you’ll build an accountable, information security-conscious culture, and information security program built on high-quality standards and controls, that are regularly tested and reported, and meet regulatory expectations for a bank. The Deputy CISO will be a thought leader in financial crimes prevention and management, and work in close partnership with their Fraud, Operations and BSA/AML Risk colleagues. 

What you'll be doing
  • Manage the second line information security function by performing credible challenge of first line programs and driving oversight, governance, reporting
  • In partnership with IT, develop, maintain, and publish up-to-date information security policies, procedures, standards, controls, and guidelines
  • Lead the training and dissemination of such policies, procedures, standards, controls, and guidelines
  • With the CRO and CORO, develop and oversee the monitoring and continuous improvement of a risk-based enterprise security program across all cyber-security risk domains including cyber risk management, threat intelligence, cybersecurity controls, external dependency management, cyber incident management, and resilience
  • Partner with Fraud and Anti-Money Laundering teams to develop a holistic financial crimes program for Varo that is innovative and powerful in its ability to detect and prevent illegal activity and to protect our customers
  • Partner closely with Privacy Officer to lead and influence around data protection, governance and management practices
  • Conduct risk assessments (ex: GLBA) and testing with other 2LOD subject matter experts to ensure that appropriate controls are in place and are effective
  • Assist the CRO and CORO in preparing and reporting at least annually to the Board, and quarterly to the Enterprise Risk Committee progress against remediation plans
  • Assist in the creation and management of information security awareness training programs for all employees and contractors, including role-based training for those with specialized security responsibilities
  • Coordinate information security projects and initiatives together with resources from technology and business line teams
  • Ensure that information security programs are in compliance with relevant laws, regulations, and policies to minimize risk and audit findings
  • Advise the first line during  security incidents and events to help protect corporate assets, including intellectual property, data, and Varo’s reputation
  • Be a key member of and assist in the management of Varo’s Crisis Management Team
  • Execute table-top exercises and simulations to prepare participants for their roles in a crisis
  • Balance the protection of information assets with the needs of the business
  • Seamlessly flex between information security strategy and executing day-to-day

    • You’ll bring the following required skills and experiences
  • Progressive experience in information security with a combination of risk management, information security, and IT-related responsibilities with regulated financial institutions and/or fintech companies, or the equivalent experience in regulatory organizations or consulting services with a concentration in IS/IT disciplines within banking/fintech
  • Bachelor’s Degree required or equivalent work/military experience; graduate study preferred
  • 10+ years of experience in a senior leadership role with increasing levels of responsibilities
  • Experience with information security frameworks. Knowledge of NIST, ISO, SOC 2, PCI, and/or Cobit. Familiarity with Cyber Security Assessment Tool (CAT), Familiarity with IS related laws, rules, regulations and best practices
  • Experience with third-party service provider due diligence, negotiations, oversight, and monitoring
  • Ability to establish the foundational success factors of a small, remote, and diverse team
  • Proven track record and experience in developing information security policies and procedures as well as successfully executing programs that meet excellence objectives in a dynamic environment
  • Thorough understanding of IT operations and the role and impact of information security on these operations
  • One or more of the following professional certifications: CISSP, CISM, CERT, CISA, etc.
  • Experience in communicating (formal/written and in person) and collaborating with senior Executives and Regulators, and fostering production partnerships with all 

    • Listing Details

    • Citizenship: Not Provided
    • Incentives: Not Provided

     

    • Education: Not Provided
    • Travel: Not Provided
    • Telework: Not Provided

    About Us

    NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

    Useful Links

    Our Contacts

    1765 Greensboro Station Pl.
    Suite 900
    Tysons Corner Va 22102

    (703) 594-7765

    requests@ninjajobs.org
    www.ninjajobs.org
    Chat with us!