Chief Information Security Officer

Glocomms is partnered with seeking a a fast-growing fintech platform serving Registered Investment Advisors (RIAs), seeking a highly technical and strategic Chief Information Security Officer to lead their cybersecurity vertical. This role combines hands-on technical leadership with executive-level strategy and communication. The ideal candidate is a player-coach who thrives in startup environments and has deep experience in cloud infrastructure, security engineering, and regulatory compliance within financial services.

Responsibilities

• Define and execute the company's security vision, roadmap, and architecture
• Align cybersecurity initiatives with business goals and regulatory requirements
• Design and implement secure cloud-native infrastructure (primarily AWS)
• Lead development and integration of security tooling (SAST, DAST, SCA)
• Embed security into CI/CD pipelines and DevOps workflows
• Automate infrastructure and configuration management using tools like Terraform and Ansible
• Ensure compliance with FINRA, SEC, NAIC, and other relevant regulations
• Oversee internal audits, risk assessments, and vendor security reviews
• Support client-facing teams with security documentation and due diligence
• Act as a security subject matter expert in sales and partnership conversations
• Lead incident detection, response, and post-mortem analysis
• Develop and maintain playbooks and escalation protocols
• Build and mentor a high-performing security team
• Foster a culture of security awareness across the organization
• Report on security posture to executive leadership and board stakeholders
• Translate technical risks into business impact

Qualifications

• Deep expertise in AWS cloud infrastructure and CI/CD pipelines
• Proficiency in Python, Bash, and Powershell scripting
• Strong understanding of encryption (PGP, SSH, TLS) and authentication protocols (OpenID Connect, SAML, LDAP, etc.)
• Experience with security tools such as Wireshark, nmap, Splunk, Burp Proxy, IDA Pro, and Windbg
• Familiarity with infrastructure automation (CloudFormation, Terraform) and configuration management (Chef, Puppet, Ansible)
• Experience with FINRA, SEC, NAIC regulations
• Understanding of broker-dealer, insurance agency, and lending business models
• Series 99 license and fingerprint background check eligibility preferred
• Corporate network security and VPN management experience
• Kubernetes security and log analysis
• Windows and Linux systems administration
• Development of custom security tools and utilities

This is a hybrid position (3 days per week onsite) in NYC, sponsorship is not available now or in the future. If you or someone you know is interested, please apply in directly!