Chief Information Security Officer; CISO

Position: Chief Information Security Officer (CISO)
Company Description

Achieve is a leading digital personal finance company. We help everyday people move from struggling to thriving by providing innovative, personalized financial solutions. By leveraging proprietary data and analytics, our solutions are tailored for each step of our member's financial journey to include personal loans, home equity loans, debt consolidation, financial tools and education. Every day, we get to help our members move their finances forward with care, compassion, and empathetic touch.

We put people first and treat them like humans, not account numbers.

Since 2002, Achieve has grown into one of the largest private consumer fintech unicorns in the U.S., with over $40B in enrollments for our industry-leading, tech-enabled debt resolution services business, and over $11Bn in personal and home loans originations via our banking-as-a-service partner.

Job Description

The Chief Information Security Officer (CISO) is responsible for establishing and executing the enterprise cybersecurity strategy for a high-growth, private fintech company operating in a highly regulated, cloud-first environment. As a forward-thinking technology and business leader, you recognize cybersecurity and artificial intelligence as strategic business enablers. You will partner across technology, product, legal, compliance, and operations to protect customer trust, enable secure innovation, and support the business future direction.

Operating effectively at both the Senior Leadership Team/Board and operational levels, you will scale a mature, risk-based security program to align with regulatory expectations, investor scrutiny, and rapid fintech growth.

Key Responsibilities

Executive Leadership & Strategy

• Define and execute a multi-year, enterprise-wide cybersecurity strategy aligned with business objectives and future growth.
• Serve as a trusted primary security advisor to executive leadership, the Board of Directors, regulators, and external partners.
• Translate cyber risk into business impact and build a modern, metrics-driven, risk-based security organization focused on enablement, automation, and measurable risk reduction.
• Know when a regulated corporate governance function becomes the mainstay of the organization.

Governance, Risk & Compliance (GRC) & Public Company Readiness

• Knowledge and Oversight of SEC expectations and Sarbanes-Oxley Act (SOX) ITGCs processes.
• Direct enterprise security governance aligned to critical fintech regulatory obligations, including PCI DSS 4.0, SOC 1/SOC 2, GLBA, FFIEC guidance, and state privacy regulations.
• Develop and maintain board-level reporting and risk disclosures, while partnering with Legal, Finance, and Audit on cyber risk governance.
• Oversee enterprise risk management, third-party vendor security, and continuous audit readiness across frameworks such as NIST and ISO 27001.

Security Operations, Cloud & Product Security

• Oversee the Security Operations Center (SOC), incident response, threat detection, digital forensics, and vulnerability management.
• Drive robust cloud security posture and strategy across AWS, Azure, and/or GCP environments.
• Partner with Engineering and Product to embed secure-by-design and Dev Sec Ops  principles across the software development lifecycle (SDLC).
• Lead enterprise identity and access management (IAM) strategy, Zero Trust architecture, and data protection programs to safeguard customer financial data.
• Be the Trust Center customers need to know their data is secure.

AI Security, Governance & Innovation Strategy

• Serve as the executive sponsor for the secure, responsible, and business-aligned adoption of AI and machine learning technologies.
• Establish enterprise, controls, and guardrails to assess and manage AI risks, including data leakage, prompt injection, intellectual property protection, and model bias.
• Partner with engineering to enable secure AI innovation that enhances operational efficiency, fraud detection, and customer experience.
• Drive modernization leveraging AI-driven security operations, automation, and predictive threat detection.
• Guide the organization on its journey of AI advancements with a security mindset.

Team Leadership, Culture & Customer Engagement

• Build, mentor, and retain high-performing cybersecurity teams, fostering a culture of accountability and continuous improvement.
• Drive a shift from reactive compliance mindset to a proactive risk-management framework that enables business velocity and product innovation.
• Champion a security-first culture across engineering and business teams, balancing security rigor with business velocity.
• Act as the executive security lead during customer due diligence, strategic partnerships, and regulator interactions.

Qualifications

Required Experience & Competencies

• 12+ years of progressive cybersecurity leadership experience, including CISO or equivalent senior leadership responsibilities.
• Proven track record in fintech, financial services, and/or highly regulated environments.
• Technical expertise in cloud security…