×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Chief Information Security Officer

Job in New York, New York County, New York, 10261, USA
Listing for: Vestwell
Full Time position
Listed on 2025-12-07
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Job Description & How to Apply Below
Location: New York

Overview

Join to apply for the Chief Information Security Officer role twell is the financial technology company powering the new savings economy. The New York City-based fintech platform redefines how people save for the critical aspects of life across retirement, education, and healthcare savings needs. Today, Vestwell enables over 350,000 businesses and nearly 1.5 million active savers, with over $30 billion in assets saved across all 50 United States.

Who

Are We Looking For?

The Vestwell Technology organization seeks an exceptional CISO to define and lead our enterprise-wide security strategy. The ideal candidate is a visionary and pragmatic security leader who can translate complex risk into business outcomes, influence across the company and Board, and scale programs that protect our customers, partners, and platform. They bring proven experience building and maturing security programs aligned to leading frameworks, navigating financial services regulatory requirements, and fostering a security-first across product, engineering, operations, and all corporate functions.

What

Will You Be Doing?
  • Own the enterprise information security vision, multi-year strategy, roadmap, and governance model that align to Vestwell’s business goals and growth.
  • Build, lead, and develop a high-performing security organization; attract and mentor top talent and scale operating models and processes to meet Vestwell’s future needs.
  • Evaluate current security technologies and capabilities (e.g., endpoint protection, monitoring/telemetry, DLP, IAM/zero trust, secret management, vulnerability and patch management) and recommend any changes or additions needed to elevate Vestwell’s security posture.
  • Build and mature a comprehensive security program grounded in recognized frameworks (e.g., NIST, ISO 27001, CIS Controls), including policy architecture, control implementation, continuous improvement, and audit readiness.
  • Establish and operationalize key cybersecurity metrics and KRIs/KPIs; provide concise, decision-oriented reporting to executive leadership and key stakeholders.
  • Champion a security-first culture via company-wide awareness, training, and targeted education (e.g., phishing exercises), and ensure policies are well understood and adopted.
  • Drive secure-by-design practices across product and engineering (e.g., SDLC, threat modeling, code scanning, penetration testing, cloud/infrastructure hardening) and partner closely with IT, Legal, Compliance, and Operations to safeguard PII and sensitive data.
  • Lead security incident management, including strategy, readiness, tabletop exercises, detection/response, crisis communications, lessons-learned, and executive/Board reporting; ensure tight alignment with business continuity and disaster recovery.
  • Serve as the technical owner for cyber risk: define risk appetite/tolerances in partnership with executive leadership, establish risk assessment and reporting cadences, and present security posture, investments, and material risks to the CTO and executive leadership.
Requirements
  • 10+ years of progressive experience in cybersecurity with 5+ years leading enterprise security programs or functions; proven leadership in high-growth or highly regulated environments.
  • Demonstrated success designing and operating security programs aligned to leading frameworks and sustaining regulatory compliance and audit readiness.
  • Expert ability to identify, prioritize, and communicate risk; proven track record translating complex technical concepts into actionable insights and decisions for executive, Board, and technical audiences.
  • Strong cross-functional leadership and collaboration skills; experienced at influencing product, engineering, IT, legal, compliance, and operations stakeholders.
  • Advanced knowledge across core security domains: endpoint protection, monitoring/telemetry, DLP, IAM/zero trust, vulnerability/patch management, incident response, cloud and infrastructure security, authentication/authorization, and sensitive data protection.
  • Experience leading incident response, resiliency programs, and crisis management, including executive and Board-level reporting.
The Extras
  • Advanced certifications…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search