What you’ll be doing

• Manage the second-line information security function by performing credible challenge of first-line programs and driving oversight, governance, reporting
• In partnership with IT, develop, maintain, and publish up-to-date information security policies, procedures, standards, controls, and guidelines
• Oversee the training and dissemination of such policies, procedures, standards, controls, and guidelines
• Develop and oversee the monitoring and continuous improvement of a risk-based enterprise security program across all cyber-security risk domains including cyber risk management, threat intelligence, cybersecurity controls, external dependency management, cyber incident management, and resilience
• Partner with Fraud and Anti-Money Laundering teams to develop a holistic financial crimes program for Varo that is innovative and powerful in its ability to detect and prevent illegal activity and protect our customers
• Partner closely with the Privacy Officer to lead and influence data protection, governance, and management practices
• Conduct risk assessments (ex: GLBA) and testing to ensure that appropriate controls are in place and are effective
• Report at least annually to the Board, and quarterly to the Enterprise Risk Committee progress against remediation plans
• Inspire a cultural shift within Varo to more strongly embed pragmatic risk management into business decisions and operations
• Assist in the creation and management of information security awareness training programs for all employees and contractors, including role-based training for those with specialized security responsibilities
• Coordinate information security projects and initiatives together with resources from technology and business line teams
• Ensure that information security programs comply with relevant laws, regulations, and policies to minimize risk and audit findings
• Advise the first line during security incidents and events to help protect corporate assets, including intellectual property, data, and Varo’s reputation
• Be a key member of and assist in the management of Varo’s Crisis Management Team
• Execute table-top exercises and simulations to prepare participants for their roles in a crisis

You’ll bring the following required skills and experiences

• Progressive experience in information security with a combination of risk management, information security, and IT-related responsibilities with regulated financial institutions and/or fintech companies, or the equivalent experience in regulatory organizations or consulting services with a concentration in IS/IT disciplines within banking/fintech
• 10+ years of experience in a senior leadership role with increasing levels of responsibilities
• Experience with information security frameworks. Knowledge of NIST, ISO, SOC 2, PCI, and/or Cobit. Familiarity with Cyber Security Assessment Tool (CAT), Familiarity with IS related laws, rules, regulations, and best practices
• Experience with third-party service provider due diligence, negotiations, oversight, and monitoring
• Proven track record and experience in developing information security policies and procedures as well as successfully executing programs that meet excellence objectives in a dynamic environment
• Thorough understanding of IT operations and the role and impact of information security on these operations
• One or more of the following professional certifications: CISSP, CISM, CERT, CISA, etc.