Jobs · Customer Service · Massachusetts

Director of Security Risk Engineering

Flywire · Boston, MA · 1 wk ago
HybridCustomer Service$200k–$210k/yrFull-time

Job Description

The Opportunity: As the Director of Security Risk Engineering, you will serve as a key senior leader working in direct partnership with the CISO to drive, shape, and mature Flywire's global enterprise security infrastructure and systems.

Responsibilities

  • Strategic Domain Leadership: Define, implement, and monitor a comprehensive security engineering strategy across Application Security, AI Security, Cloud Security, Corporate Security, Security Operations (SecOps), and Red Teaming (Penetration Testing), aligning initiatives with global business objectives and emerging financial threats.
  • Team Management & Mentorship: Support the CISO to lead and manage the global security engineering organization, including hiring, training, mentoring, performance management, and budget oversight.
  • Secure Architecture & Governance: Oversee the design and continuous improvement of secure architecture for systems, cloud infrastructure, networks, and applications, ensuring strict alignment with security best practices.
  • Global Cross-Functional Collaboration: Partner with Business, Development, DevOps, Product, Program, Risk/Compliance, and IT leaders to seamlessly integrate security controls into all phases of the engineering and CI/CD lifecycle.
  • Engage actively with external stakeholders, auditors and global regulators on related fronts.
  • Advanced Cyber Risk Efficacy: Leverage AI and automated tooling to develop proactive measures, threat intelligence capabilities, and scalable defenses against vulnerabilities across all engineering domains.
  • Adversarial / Penetration Testing: Personally adopt an attacker's mindset to identify complex attack chains, logic flaws, and zero-day vulnerabilities within financial platforms and product architectures.
  • Incident Response & Operational Resilience: Direct and coordinate responses to critical enterprise security incidents, managing containment, forensic investigation, and rapid remediation efforts alongside SecOps.
  • Regulatory Compliance Frameworks: Maintain an information security framework that ensures continuous readiness for strict industry audits and regulatory compliance requirements globally (e.g., NIST CSF 2.0, ISO 27001, PCI-DSS 4.0, DORA).
  • Executive & Stakeholder Reporting: Define and maintain metrics that communicate security posture, program progress, and incident risk analysis to the CISO, senior executive leadership, and the Board.
  • Innovation & Emerging Tech: Stay ahead of global fintech trends, adopting cutting-edge technologies and methodologies—specifically regarding secure AI deployment—to continuously strengthen the organization's security posture.

Qualifications

  • Education: Bachelor's degree required in Computer Science, Information Security, or a related technical field. A Master's degree is highly preferred.
  • Core Experience: 12+ years of progressive experience in information security, IT risk management, or cyber defense roles. Must be an active technical practitioner with a proven track record of independently performing manual penetration testing, vulnerability exploitation, detection/response activities, and code reviews across cloud and application infrastructures, without relying solely on automated commercial tools.
  • Leadership Experience: 3+ years of proven experience in senior leadership or management roles specifically within a security engineering organization, managing people, cross-functional teams and complex security programs.
  • Domain Mastery: In-depth technical knowledge of security architecture, secure cloud infrastructure (e.g., AWS/Azure/GCP), application security principles, and adversarial emulation (Red Teaming).
  • Highly Preferred Certifications: Core Security: CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager)Governance & Risk: CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information Systems Auditor), or ISACA AAISM™ (Advanced in AI Security Management)Hands-On Offensive & AI: OffSec OSAI (Offensive Security AI Red Teamer), OSCP (Offensive Security Certified Professional), OSCE (Offensive Security Certified Expert), or SANS GXPN (GIAC Exploit Researcher and Advanced Penetration Tester)

Additional Information

What We Offer: Competitive compensationEmployee Stock Purchase Plan (ESPP)Competitive time off, including Digital Disconnect and FlyBetter Days to volunteer in a cause you believe in. Work with brilliant people globally Learn more about their journeys by checking out #InsideFlywire on social mediaWellbeing Programs (Mental Health, Wellness, Yoga/Pilates/HIIT Classes) with Global FlyMates Be a meaningful part in our success - every FlyMate makes an impactGreat Talent & Development Programs (Managers Taking Flight – for new or aspiring managers, OneFlywire Career Mobility)Submit today and get started! We are excited to get to know you! Throughout our process you can expect to meet with different FlyMates including the Hiring Manager, Peers on the team, the VP of the department, and a skills assessment. Your Talent Acquisition Partner will walk you through the steps and be your “go-to” person for any questions. The US base salary range for this full-time position is $200,000 - 210,000 and benefits. Our salary ranges are determined by role, position level, and location. The range displayed on this job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. Within the range, individual pay is determined by work location and several other factors, including job-related skills, experience, relevant education and training.

Flywire is an equal opportunity employer and follows a policy of administering all employment decisions and personnel actions without regard to race, color, religion, sex, pregnancy, gender identity, national origin, age, ancestry, physical or mental disability, sexual orientation, genetic disposition or carrier status, veteran status, or any other category protected under applicable national, federal, state or local law.

Similar jobs