We're looking for a Chief Information Security Officer (CISO) to build and run a robust security compliance program and do hands-on technical security work. The CISO will be responsible for owning Swyfft's cybersecurity program end-to-end, including NYDFS compliance, and will work closely with engineering teams on secure development practices and code review for security issues.
Requirements
- Own Swyfft's cybersecurity program end-to-end, including NYDFS compliance
- Build and manage our Third-Party Service Provider (TPSP) security governance program
- Conduct annual risk assessments and coordinate penetration testing
- Create and maintain security policies, incident response plans, and business continuity documentation
- Prepare annual board reporting and regulatory certifications
- Manage security awareness training program
- Coordinate incident reporting to NYDFS when required
- Oversee implementation of multi-factor authentication (MFA) across our web platform
- Review and improve security architecture for our C#/.NET applications and infrastructure
- Work directly with engineering teams on secure development practices and code review for security issues
- Manage vulnerability assessments and coordinate remediation with engineering
- Design and implement security controls and monitoring capabilities
- Evaluate and implement security tooling (SIEM, vulnerability scanning, etc.)
- Respond to security incidents and conduct post-incident analysis
- Review API security, authentication/authorization patterns, and data protection controls
Benefits
- Medical, Dental, and Vision
- Short- and Long-Term Disability (Company Paid)
- Voluntary Long-Term Disability
- Employee Life & AD&D (Company Paid)
- Voluntary Employee, Spouse, and Child Life & AD&D
- Healthcare, Dependent Care and Transit FSA, and Healthcare Savings Account (HSA)
- 401K with a generous matching contribution and no vesting schedule
- 20 days of PTO annually (prorated based on hire date)
- Company Paid Holidays and 2 “Choose Your Own Holidays”
