Vice President – Information Security

This is a fully remote position, open to applicants in United States.

📋 Description

• Take full ownership of our security program from start to finish: governance, compliance, customer trust, and product security.

• Design and implement brightfin's Information Security Management System (ISMS), in accordance with NIST CSF and ISO 27001 standards.

• Manage SOC 2 Type II compliance, which includes conducting annual audits, gathering evidence, and ensuring continuous monitoring.

• Develop and enhance security policies, standards, and procedures throughout the organization.

• Lead the incident response program for the company, including planning, tabletop exercises, and real-time incident management.

• Oversee the security review process for enterprise agreements — addressing RFPs, security questionnaires, and customer audits.

• Create and sustain a security trust portal along with a standard documentation package.

• Establish and maintain a risk register; provide reports on risk posture to the executive team and board on a quarterly basis.

• Manage security risks related to third-party vendors, which includes contract evaluations and ongoing monitoring.

• Ensure adherence to relevant data privacy regulations (GDPR, CCPA, HIPAA when applicable).

• Collaborate with the engineering team to implement secure SDLC practices, which include code scanning, dependency management, and penetration testing.

• Lead cloud security posture management across our AWS/Azure/GCP environments.

• Manage the vulnerability management program: triage, prioritization, and tracking of remediation efforts.

• Recruit and oversee a small initial security team (goal: 2–3 hires in the first year).

• Conduct company-wide security awareness training and phishing simulation initiatives.

• Foster a security-aware culture without hindering the fast-paced nature of the engineering team.

⛳️ Requirements

• Over 6 years of experience in information security, with a minimum of 3 years in a leadership capacity.

• Proven track record of building or scaling a security program within a B2B SaaS environment.

• Extensive experience with SOC 2, having led Type II audits rather than just participating.

• Strong familiarity with NIST CSF, ISO 27001, and cloud security (AWS is preferred).

• Experience managing the security aspects of enterprise sales processes, which includes responding to security questionnaires and hosting customer discussions.

• Possession of one or more certifications: CISSP, CISM, CISA, CRISC, or an equivalent qualification.

🏝️ Benefits

• brightfin provides a comprehensive package of health, dental, and vision benefits.

• Paid time off.

• We strongly advocate for work-life balance and encourage taking time for personal well-being.

• 401K plan with employer matching.