Chief Information Security Officer
Glocomms is partnered with seeking a a fast-growing fintech platform serving Registered Investment Advisors (RIAs), seeking a highly technical and strategic Chief Information Security Officer to lead their cybersecurity vertical. This role combines hands-on technical leadership with executive-level strategy and communication. The ideal candidate is a player-coach who thrives in startup environments and has deep experience in cloud infrastructure, security engineering, and regulatory compliance within financial services.
Responsibilities
- Define and execute the company's security vision, roadmap, and architecture
- Align cybersecurity initiatives with business goals and regulatory requirements
- Design and implement secure cloud-native infrastructure (primarily AWS)
- Lead development and integration of security tooling (SAST, DAST, SCA)
- Embed security into CI/CD pipelines and DevOps workflows
- Automate infrastructure and configuration management using tools like Terraform and Ansible
- Ensure compliance with FINRA, SEC, NAIC, and other relevant regulations
- Oversee internal audits, risk assessments, and vendor security reviews
- Support client-facing teams with security documentation and due diligence
- Act as a security subject matter expert in sales and partnership conversations
- Lead incident detection, response, and post-mortem analysis
- Develop and maintain playbooks and escalation protocols
- Build and mentor a high-performing security team
- Foster a culture of security awareness across the organization
- Report on security posture to executive leadership and board stakeholders
- Translate technical risks into business impact
Qualifications
- Deep expertise in AWS cloud infrastructure and CI/CD pipelines
- Proficiency in Python, Bash, and Powershell scripting
- Strong understanding of encryption (PGP, SSH, TLS) and authentication protocols (OpenID Connect, SAML, LDAP, etc.)
- Experience with security tools such as Wireshark, nmap, Splunk, Burp Proxy, IDA Pro, and Windbg
- Familiarity with infrastructure automation (CloudFormation, Terraform) and configuration management (Chef, Puppet, Ansible)
- Experience with FINRA, SEC, NAIC regulations
- Understanding of broker-dealer, insurance agency, and lending business models
- Series 99 license and fingerprint background check eligibility preferred
- Corporate network security and VPN management experience
- Kubernetes security and log analysis
- Windows and Linux systems administration
- Development of custom security tools and utilities
This is a hybrid position (3 days per week onsite) in NYC, sponsorship is not available now or in the future. If you or someone you know is interested, please apply in directly!
FAQs
Congratulations, we understand that taking the time to apply is a big step. When you apply, your details go directly to the consultant who is sourcing talent. Due to demand, we may not get back to all applicants that have applied. However, we always keep your CV and details on file so when we see similar roles or see skillsets that drive growth in organisations, we will always reach out to discuss opportunities.
Yes. Even if this role isn’t a perfect match, applying allows us to understand your expertise and ambitions, ensuring you're on our radar for the right opportunity when it arises.
We also work in several ways, firstly we advertise our roles available on our site, however, often due to confidentiality we may not post all. We also work with clients who are more focused on skills and understanding what is required to future-proof their business.
That's why we recommend registering your CV so you can be considered for roles that have yet to be created.
Yes, we help with CV and interview preparation. From customised support on how to optimise your CV to interview preparation and compensation negotiations, we advocate for you throughout your next career move.