Head of Security / CISO

We are seeking a hands-on, deeply technical, and strategic Chief Information Security Officer (CISO) to lead our cybersecurity program. As a "player-coach,” you will be responsible for setting the security vision and strategy while also rolling up your sleeves to architect and implement robust security controls. You will be the senior-most leader for information security, tasked with protecting our firm, our partners, and our clients across our diverse and highly regulated business lines. This is a critical leadership role for a security expert who thrives on building, securing, and scaling modern, cloud-native financial technology.

• Security Strategy and Leadership: Develop, implement, and own the comprehensive information security and cyber-risk management strategy and roadmap for Flourish.
• Technical Architecture and Engineering: Act as the lead technical security architect. In close partnership with our expert CloudOps team, you will conduct hands-on security reviews of our cloud infrastructure (AWS), applications, and CI/CD pipelines and drive the implementation of security controls across the entire technology stack.
• DevSecOps Integration: Champion and embed security into the software development lifecycle (SDLC). Partner closely with Engineering and CloudOps teams to integrate security tooling (SAST, DAST, SCA) and best practices, fostering a true DevSecOps culture.
• Risk and Compliance Management: Navigate and manage the complex regulatory landscape of a broker-dealer (FINRA, SEC), insurance agency (State regulations, NAIC), and lending business. Oversee all security compliance initiatives, audits, and regulatory examinations.
• Client Trust and Sales Enablement: Serve as the key security stakeholder in the sales process. You will communicate directly with prospective and existing client firms, confidently articulating our security posture and controls to build trust and help win business.
• Incident Response: Lead all aspects of the security incident response lifecycle, from preparation and detection to containment and post-mortem analysis.
• Team Leadership: Build, mentor, and lead a high-performing team of security professionals. Foster a culture of continuous learning and proactive security awareness across the entire organization.
• Executive Communication: Effectively communicate security posture, risks, and strategies to the executive leadership team, and key stakeholders.

• 10+ years of related technical experience in Cybersecurity, preferably in a Cloud Environment
• Bachelor’s degree in Computer Science, Engineering, Cyber Security, or related field. 6 years of applicable experience can be considered in lieu of degree
• 5+ years of experience with Programming and Scripting Languages (Bash, Python, Powershell, and similar)
• Either have a FINRA Series 99 or willingness to get a Series 99 within 180 days of joining
• Experience managing a cyber security program and leading a cyber security team
• A consistent record of discovering, analyzing, and exploiting application vulnerabilities and misconfigurations on Windows and Linux platforms
• The ability to work with stakeholders throughout the vulnerability lifecycle to communicate issues and provide remediation guidance
• Expertise in reading, writing, and auditing Python, TypeScript, and Kotlin (or similar languages) and the ability to pick up new languages/technologies
• Experience developing custom tools when necessary
• Knowledge of ubiquitous encryption technologies (PGP, SSH, TLS, etc.) and common authentication protocols (OpenID Connect, SAML, RADIUS, LDAP, KERBEROS, etc.)
• Subject matter expert in secure network design and system architecture
• Experience leading or performing static and dynamic analysis on customer facing applications, websites, and large enterprise networks
• Due to the nature of this position, as part of the background check process, candidates must be able to pass a fingerprint background check to qualify as a fingerprinted person under FINRA. For roles requiring registration, additional regulatory screenings may apply, including a review of Form U5 disclosures and other relevant licensing information.

• Experience securing corporate networks and VPNs
• Experience with Kubernetes
• Experience with Wireshark, nmap or other packet level inspection tools
• Some experience with log analysis (Splunk) and reporting- preferred
• Experience with infrastructure automation (Cloudformation, Terraform) and configuration management tools (Ansible, Chef, Puppet, and similar)-preferred
• Experience with security and systems administration in Windows and Linux based operating system environments
• Hands-on experience with DevOps and DevSecOps workflows
• Proficiency in using IDA Pro, Ollydbg/Immdbg, Windbg, Burp proxy, and other software analysis/debugging tools
• Prior work as a consultant at a highly technical information security consultancy
• Publicly disclosed vulnerabilities (CVEs) and open-source tools
• A CISSP certification is strongly preferred; other certifications like CISM or CCSP are also highly desirable

At Flourish, we focus on ensuring fair, equitable pay by providing competitive salaries, along with bonus and incentive opportunities and benefits for all employees.

Base Salary Range: $180,700 - $237,100 plus bonus