Head of Information Security Engineering

Role Overview

• Define and execute the security engineering strategy aligned with organizational goals and regulatory requirements
• Architect and oversee the implementation of secure systems, applications, and infrastructure across cloud and legacy environments
• Lead secure software development practices, including code reviews, threat modeling, and vulnerability remediation
• Oversee identity and access management, encryption, and key management solutions
• Collaborate with product, IT, and DevOps teams to integrate security into CI/CD pipelines and development lifecycles
• Provide security engineering guidance and oversight across all OpCos to ensure consistent standards and practices
• Evaluate and implement security tools and technologies to strengthen engineering capabilities
• Embed operational resilience principles into system design and engineering processes to minimize downtime and ensure continuity
• Partner with risk & compliance teams to ensure compliance with relevant frameworks and standards (e.g., ISO 27001, NIST, OWASP, PCI-DSS)
• Partner with Security Operations to support incident response and post-incident engineering improvements
• Develop and enforce security policies, standards, and secure coding guidelines across the development stack
• Build, mentor, and retain a high-performing security engineering team, including defining roles and career paths
• Promote a culture of security awareness and engineering excellence across the organization
• Contribute to the overall security strategy, risk management framework, and technology roadmap
• Develop metrics, dashboards, and reports for executive leadership on engineering security posture and progress
• Drive measurable improvements in application security, vulnerability closure rates, and secure development adoption

Requirements

• 10+ years of experience in security engineering, with at least 5 in a leadership capacity, with a preference for experience in financial or other regulated industries
• Bachelor's degree in Information Security, Computer Science, Information Technology, or related field; Master's degree preferred
• Preferred Certifications: CISSP, CSSLP, CISM, or cloud security certifications (AWS, Azure, GCP)
• Demonstrated ability to lead cross-functional security engineering initiatives across complex or multi-entity organizations
• Proven experience designing and implementing secure architectures in cloud and hybrid environments, with expertise in Microsoft enterprise cloud environments, Kubernetes, and modern application architectures
• Deep knowledge of secure software development practices, application security, and DevSecOps principles, with a track record of improving secure development lifecycle adoption and reducing vulnerabilities
• Strong understanding of security technologies including IAM, encryption, container security, and API security
• Strong knowledge of secure coding frameworks and standards (e.g., OWASP Top 10, NIST)
• Experience embedding operational resilience into engineering practices, including disaster recovery and business continuity planning
• Demonstrated ability to lead engineering teams and influence cross-functional stakeholders
• Excellent leadership, communication, and strategic planning skills
• Proven ability to present technical concepts to executive audiences and foster collaboration across business units

Tech Stack

• AWS
• Azure
• Cloud
• Google Cloud Platform
• Kubernetes

Benefits

• Comprehensive full medical, dental and vision Insurance
• Basic Life Insurance at no cost to the employee
• Company paid short-term and long-term disability
• 12 weeks of 100% paid Parental Leave
• Health Savings Account (HSA)
• Flexible Spending Accounts (FSA)
• Retirement savings plan
• Personal Paid Time Off
• Paid holidays and company-wide Wellness Day off
• Paid time off to volunteer at nonprofit organizations
• Pet friendly office environment
• Commuter Benefits
• Group Pet Insurance
• On the job training and skills development
• Employee Assistance Program (EAP)