Information Security Lead

Information Security Lead
Location: Manhattan, New York (onsite 5 days per week)
Type: Full-time

About the opportunity
This is a high-growth fintech company building a modern investment platform in a regulated space. The team is small, fast-moving, and highly collaborative, with a real focus on doing things the right way from the start. Security and privacy are core to the product, not an afterthought.

This role is a chance to take real ownership. You will be the person shaping how security and privacy are built into the company as it scales.

The role
We are looking for someone who is comfortable owning both strategy and execution across security and privacy. You will work closely with engineering, legal, and leadership, helping the business move quickly while staying compliant and secure.

This is a strong fit for someone who likes building from scratch, fixing gaps, and having a visible impact on how a company operates.

What you will do

• Own the company's security and privacy programs end to end
• Lead implementation of frameworks such as SOC 2 and NIST
• Support compliance with financial regulations including SEC and FINRA requirements
• Build and run incident response, including policies, workflows, and breach notification processes
• Partner with engineering to improve application security and embed security into development
• Advise on the safe use of new technologies, including AI
• Develop and maintain privacy policies aligned with evolving US state regulations
• Identify and close gaps across devices, tooling, and infrastructure, including MDM environments
• Run risk assessments and help leadership understand and prioritize security decisions

What success looks like

• Clear progress toward SOC 2 readiness or certification
• A usable, well-understood incident response process that meets regulatory expectations
• Privacy practices that hold up across multiple state requirements
• Better visibility and control across company devices and systems
• A security program that supports growth instead of slowing it down

What you bring

• Experience in security, privacy, or risk in a regulated environment such as fintech or financial services
• Working knowledge of frameworks like SOC 2 and NIST
• Familiarity with SEC, FINRA, or similar regulatory expectations
• Hands-on experience building policies, controls, and response processes
• Understanding of application security and modern cloud environments
• Comfort operating in a startup where not everything is defined yet
• Ability to communicate clearly with both technical and non-technical teams

Nice to have

• Startup or early-stage company experience
• Exposure to AI or emerging technology risk
• Certifications like CISSP, CISM, or CIPP

Why this role stands out

• You will own your area completely, not just maintain it
• Your work will be visible and matter to the business right away
• You will have direct access to decision makers
• The environment is fast-paced, practical, and focused on building something real