Chief Information Security Officer; CISO

Chief Information Security Officer (CISO)

Candescent is the leading cloud-based digital banking solutions provider for financial institutions. We are transforming digital banking with intelligent, cloud-powered solutions that connect account opening, digital banking, and branch experiences for financial institutions. Our advanced technology and developer tools enable seamless, differentiated customer journeys that elevate trust, service, and innovation. Success here requires flexibility in a fast-paced environment, a client-first mindset, and a commitment to delivering consistent, reliable results as part of a performance-driven, values-led team.

With team members around the world, Candescent is an equal opportunity employer.

As we expand our fintech ecosystem, AI capabilities, and security offerings, we are seeking a Chief Information Security Officer (CISO) to lead enterprise security, compliance, and trust—while shaping the future of identity, fraud detection, and platform-level defense across our products. The CISO reports directly to the Chief Technology Officer (CTO) and serves as a core member of the Technology Leadership Team.

This executive will define and execute Candescent’s enterprise-wide security, compliance, and risk management strategy, ensuring regulatory alignment (FFIEC, SOC2, ISO 27001, PCI-DSS), securing the company’s AI- and API-first platform, and advancing product-embedded identity and fraud detection capabilities. The CISO will partner across Product, Engineering, and AI teams to ensure security, trust, and compliance are foundational to Candescent’s platform and customer experience.

• Lead enterprise-wide information security strategy and governance aligned to FFIEC, GLBA, NIST CSF, SOC2, ISO 27001, PCI-DSS, and GDPR.
• Manage regulatory relationships and ensure audit readiness with customers, regulators, and independent assessors.
• Define and monitor security risk metrics, dashboards, and board-level reporting.
• Partner with Legal, Risk, and Compliance teams to maintain proactive adherence to evolving banking and fintech regulations.

• Build and mature Secure SDLC practices integrating SAST/DAST, dependency scanning, and threat modeling.
• Lead a comprehensive API Security program addressing authentication, authorization, token management, rate limiting, payload inspection, and anomaly detection.
• Secure Open Banking and Fintech APIs, ensuring compliance with data security and privacy standards.
• Oversee penetration testing and bug bounty programs, emphasizing API and data-layer resilience.
• Collaborate with Product and Engineering to ensure secure-by-design principles are applied to all services, including microservices deployed in GCP and AWS.
• Embed fraud detection and identity protection mechanisms—such as device fingerprinting, behavioral analytics, and AI-based anomaly detection—directly into platform and product architectures.

• Oversee the architecture, compliance, and integrity of Candescent’s Identity and Fraud Detection products.
• Partner with Product and Engineering to enhance fraud prevention models and partner integrations for fraud detection.
• Establish governance and controls around customer identity data protection, in compliance with privacy frameworks.

• Define and implement AI security and compliance frameworks covering model and AI tooling development, deployment, and monitoring.
• Partner with Candescent AI Labs to secure AI pipelines and defend against prompt injection, model inversion, and data leakage.
• Lead Responsible AI initiatives, aligning with regulatory guidance and customer expectations.
• Serve as an executive sponsor for AI risk management, bridging security, ethics, and compliance.

• Oversee identity and access management (IAM), encryption, key management (KMS), and Zero Trust Architecture across hybrid environments.
• Lead incident response, root cause analysis, and business continuity exercises.
• Collaborate with SRE and Platform teams to strengthen resiliency, observability, and…