If security is a reporting function, this isn’t your seat.
If you believe security is infrastructure, and infrastructure is strategy - keep reading.
Our client operates at the intersection of institutional financial infrastructure, stablecoin settlement, and agentic AI. This is regulated, system-level architecture built for scale, scrutiny, and public-market readiness. As the company expands its AI-driven financial stack and settlement rails, security must evolve from control function to core business enabler.
They’re hiring a CISO to build that foundation. Reporting into the C-Suite with Board exposure, you will own regulatory cybersecurity compliance while designing a modern, automated, defensible security program.
You will:
- Own the global cybersecurity program under NYDFS Part 500 and public-market governance standards
- Translate infrastructure risk into clear Board-level business metrics
- Lead SEC disclosure readiness and incident materiality processes
- Establish governance for agentic AI and programmable money movement
- Secure the stablecoin lifecycle - from protocol integrity to reserve interfaces
- Architect an identity-first, zero-trust environment across human and non-human actors
- Move from manual GRC to continuous controls monitoring and policy-as-code
- Embed security into engineering without slowing product velocity
- Lead incident response, resilience strategy, and third-party risk management
- Build and develop a high-performing security team
You’ll thrive here if:
- You’ve spent 10+ years in Information Security, including regulated financial environments
- You’ve operated under NYDFS or SEC reporting standards
- You understand financial infrastructure - not just application security
- You think in systems, not checklists
- You’re comfortable in both Board rooms and engineering discussions
- You can navigate the tension between speed and regulatory safety
CISSP (or equivalent executive credential) expected.
Deep cloud-native experience required.
Stablecoin or AI-fintech exposure is a strong advantage.
If you’re ready to build security as core infrastructure - not oversight - this is the mandate.
