Deputy Chief Information Security Officer

This is a fully remote position, open to applicants in United States.

📋 Description

• Collaborate with the CISO on Sardine’s comprehensive security strategy, roadmap, priorities, and implementation.

• Assist in identifying, prioritizing, and addressing the most critical risk areas within the organization.

• Facilitate security reporting, executive updates, budgeting, vendor assessments, and planning activities.

• Collaborate on significant compliance initiatives, including PCI, SOC 2, ISO 27001, DORA, and future FedRAMP preparedness.

• Support incident response efforts and act as a deputy incident lead when necessary.

• Work closely with Engineering on application security, secure SDLC, vulnerability management, threat modeling, and remediation efforts.

• Evaluate and enhance security across cloud infrastructure, SaaS tools, IAM, endpoint management, and corporate IT systems.

• Demonstrate strong AppSec fluency, including an understanding of how code transitions from design to production, CI/CD, testing, SAST/DAST, dependency scanning, and secrets management.

• Collaborate with Product and Engineering on security considerations for AI/ML systems, bot mitigation, and abuse prevention strategies.

• Assist in customer-facing security discussions, RFPs, due diligence, security assessments, and executive briefings.

• Foster trust with enterprise clients by translating complex technical security concepts into accessible business language.

• Collaborate across functions with Legal, Sales, Engineering, Product, People, and IT.

• Advocate for a pragmatic security culture that empowers the business while effectively managing risks.

⛳️ Requirements

• 10–15+ years of experience in cybersecurity, including at least 3+ years in a senior leadership or director-level position.

• Comprehensive security background across various domains rather than a single-specialty focus.

• Strong application security expertise with the capacity to assess technical risks without requiring daily hands-on coding.

• Experience in a startup, scale-up, or similarly resource-limited environment where prioritization and practicality are essential.

• Ability to assess risk, rank priorities, and concentrate on the most impactful security initiatives.

• Solid understanding of compliance frameworks such as SOC 2, PCI DSS, ISO 27001, GDPR, CCPA, DORA, and ideally FedRAMP.

• Experience in participating in or leading security incidents.

• Strong fundamentals in cloud security, SaaS security, IAM, endpoint security, and zero-trust principles.

• Familiarity with AI-assisted workflows and emerging security risks related to AI/ML.

• Excellent customer-facing communication skills, capable of supporting sales, security assessments, and executive-level conversations with clients.

• A collaborative, business-enabling security approach — someone who assists teams in finding secure paths forward rather than defaulting to "no."

• Strong leadership presence with the ability to build trust among security, engineering, executive, and go-to-market teams.

• Experience in fintech, payments, security, bot mitigation, or regulated industries is advantageous but not mandatory.

• Must be located in the United States and authorized to work in the US without sponsorship.

🏝️ Benefits

• Competitive compensation package consisting of cash and equity.

• Early exercise option for all stock options, including pre-vested shares.

• Remote-first culture allowing work from anywhere.

• Flexible paid time off and year-end break.

• Health, dental, and vision insurance coverage for employees and their dependents - *specific to US and Canada*.

• 4% matching contribution in 401k / RRSP - *specific to US and Canada*.

• MacBook Pro provided directly to your location.

• One-time stipend for home office setup — desk, chair, monitor, etc.

• Monthly meal stipend.

• Monthly social meetup stipend.

• Annual health and wellness stipend.

• Annual learning stipend.