Head of Information Security (CISO)

The Head of Information Security (CISO) will be a part of the Richmond, VA Engineering team, working with the Mission Lane Leadership to develop comprehensive enterprise information security and IT risk management program.This is a great opportunity to lead and influence, while Mission Lane is at an early stage of what will be exponential growth over the next several years.  If you are passionate about building and being part of an exciting high-growth business, then this is the role for you!

You will:

• Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program
• Develop and enhance an information security management framework
• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services
• Provide leadership to the enterprise's information security organization (including hiring, talent management, defining priorities, etc.)
• Partner with business stakeholders across the company to raise awareness of risk management concerns
• Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems
• Collaborate with the legal, compliance and privacy functions to conduct reviews/audits, RFPs, recommend policies and procedures, monitor status and report violations to appropriate management.
• Ensure regulatory compliance with regulations such as PCI-DSS, CCPA
• Manage 3rd party audits with external partners and vendors
• Lead security & privacy training and awareness
• Set priorities and drive implementation for our vulnerability management, information security monitoring/security operations, offensive security, and threat intelligence programs
• Ensure adequate monitoring and review processes are in place.
• Collaborate with IT, Engineering, Data Engineering, Product, and other technical and business functional leaders to implement changes and best practices to continuously improve the security posture of the enterprise
• Provide strong leadership, technical growth and management to the security and privacy team to achieve tactical and strategic goals
• Direct and manage the activities and personnel of the Information Security Team.
• Own security & privacy incident processes – be the primary point person during any incidents and ensure associated planning/processes are maintained
• Investigate potential incidents and communicate with appropriate executive management as well as local, state and federal officials in support of appropriate legal protocol
• Provide management oversight for security tools deployment and implementation.
• Propose security policies, initiatives and standards supporting regulatory compliance, loss and fraud prevention, and breaches in information security.
• Architect & build a software security organization that focuses on automation & self-service.
• Serve as the key advisor to executive leadership in the development, implementation and maintenance of a strong information security program.
• Partner with the architecture team to develop security architecture standards and to ensure alignment between security and engineering framework as a whole.

You have:

• Degree in business administration or a technology-related field required.
• Professional security management certification
• Minimum of 5 to 10 years of experience in a combination of risk management, information security and IT jobs
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.
• Excellent written and verbal communication skills and high level of personal integrity
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
• Experience with contract and vendor negotiations and management including managed services.
• Specific experience in Agile (software development or other best in class development practices.
• Experience with Cloud computing and CICD.
• In-depth understanding of the threat landscape and common threats as defined by OWASP Top-10 and SANS Top-20
• Must have led both security & privacy incident response program
• Expertise with security & privacy and control frameworks, such as SSAE SOC2, ISO 27001, PCI, COBIT, NIST, ISO27018, ISO 27701, CSA, CIS etc.
• Project management skills including financial/budget management, scheduling and resources
• Must have relatively recent “hands-on” experience with security and privacy technologies such as vulnerability scanning, penetration testing and/or firewall and end-point protections
• The ability to communicate security, privacy, and risk-related concepts to technical and nontechnical audiences

Dedicated to helping everyone have access to fair and clear credit.

Mission Lane LLC is a new company dedicated to helping everyone have access to fair and clear credit. We believe in creating a relationship where everybody wins. Our customers do well when they succeed with our credit cards. We do well when they prosper. It's that simple. We’re here to provide the best-in-class service our customers deserve. Join us, because where we’re going, we’re going together.

At this time,Mission Lane will not sponsor a new applicant for employment authorization for this position.

Mission Lane does not accept unsolicited resumes from individual recruiters or third party recruiting agencies.

Mission Lane is an Equal Opportunity Employer committed to diversity and inclusion in the workplace. All qualified applicants will receive consideration for employment without regard to sex, race, color, age, national origin, religion, physical and mental disability, genetic information, marital status, sexual orientation, gender identity/assignment, citizenship, pregnancy or maternity, protected veteran status, or any other status prohibited by applicable national, federal, state or local law.