Jobs · Information Technology

Director, Information Technology & Security

Affirm · Atlanta, GA · 1 wk ago
RemoteRemoteInformation Technology$300k–$360k/yrFull-time

About the role

The Chief Information Security Officer (CISO) will serve as a key member of the Bank’s Executive Management Team and will be responsible for establishing and leading Bank’s information security and cybersecurity programs. As the Bank prepares to launch as a de novo Industrial Loan Company (ILC), the CISO will design and implement an enterprise-wide security framework that meets FDIC and state regulatory expectations, supports the Bank’s risk appetite, and protects customer and institutional data.

Responsibilities

  • Information Security Program Development
    • Design, implement, and maintain a comprehensive Information Security Program consistent with FDIC guidance (e.g., FIL-66-2019, FIL-13-2021) and the Interagency Guidelines Establishing Information Security Standards.
    • Develop and oversee policies, standards, and procedures governing cybersecurity, data protection, and incident response.
    • Ensure alignment with the Bank’s overall risk management and governance frameworks.
    • Provide regular reporting to executive management and the Board on the Bank’s security posture, emerging risks, and mitigation efforts.
  • Cybersecurity and Threat Management
    • Establish and manage a threat monitoring and detection capability to identify, assess, and respond to cybersecurity risks.
    • Oversee implementation of layered security controls (e.g., network segmentation, encryption, access controls, endpoint protection, vulnerability management).
    • Lead the Bank’s Incident Response Program, ensuring timely escalation and coordination with regulators when required.
    • Maintain relationships with information-sharing groups (e.g., FS-ISAC) and law enforcement to stay informed of emerging threats.
  • Third-Party and Affiliate Risk Oversight
    • Evaluate the information security posture of third-party and affiliate service providers in accordance with the Bank’s Vendor Management Program and FDIC third-party risk guidance.
    • Evaluate due diligence, ongoing monitoring, and contractual requirements for vendors handling sensitive data or performing critical services.
    • Coordinate with Operations, Compliance, and Internal Audit to ensure third-party risks are identified, assessed, and mitigated.
  • Data Governance and Privacy Protection
    • Ensure compliance with applicable privacy and data protection requirements (e.g., GLBA, Regulation P, state privacy laws).
    • Implement processes to safeguard customer information and prevent unauthorized access, disclosure, or misuse.
    • Partner with business and technology teams to integrate privacy-by-design principles into new products and services.
  • Business Continuity and Resilience
    • Lead development and testing of the Bank’s Business Continuity and Disaster Recovery (BC/DR) plans, ensuring they are integrated with information security objectives.
    • Coordinate regular testing and simulations to validate readiness for cyber incidents and system disruptions.
    • Support resilience planning for key systems, vendors, and communication protocols.
  • De Novo and Pre-Opening Readiness
    • Build and document the Bank’s information security program as part of the de novo application process.
    • Establish security architecture, monitoring tools, and vendor relationships prior to launch.
    • Prepare readiness materials for FDIC and state examinations related to cybersecurity and operational resilience.
    • Ensure security risk assessments and third-party reviews are completed and incorporated into pre-opening milestones.
  • Leadership and Culture
    • Serve as the Bank’s senior advocate for cybersecurity and data protection, promoting a culture of security awareness and accountability.
    • Provide training and guidance across the organization to enhance information security awareness.
    • Collaborate with peers in Risk, Compliance, Operations, and Technology to align security priorities with business strategy.
    • Build and lead a capable, mission-driven security team to support the Bank’s evolving needs.

Qualifications

  • Minimum of 10 years of information security and technology risk management experience, with at least 5 years in a leadership capacity at a regulated financial institution or Fintech.
  • Demonstrated experience designing and implementing information security programs compliant with FDIC and FFIEC standards.
  • Strong familiarity with third-party risk frameworks and financial services cybersecurity expectations.
  • Experience leading incident response, penetration testing, and security operations in cloud-based and hybrid environments.
  • Proven ability to communicate complex technical topics to executive leadership, the Board, and regulators.
  • Strong leadership, analytical, and problem-solving skills with a risk-based and pragmatic approach to decision-making.

Core Competencies

  • Expert knowledge of information security principles, frameworks, and regulatory requirements.
  • Strategic thinker with strong operational execution and control discipline.
  • Effective communicator capable of influencing across technical and business functions.
  • Collaborative leader who fosters a culture of accountability, awareness, and continuous improvement.

Similar jobs