Head of Security / Chief Security Officer (CSO)

As Head of Security / CSO, you will own the company’s operational security function and establish the foundations of a mature, scalable security program. You’ll be responsible for protecting our people, systems, and payment infrastructure while enabling fast-moving teams to operate safely. This role is hands-on and pragmatic. You will build and lead a small security team (2–3 people), define how security operates day-to-day, and ensure that technical security controls exist, are tested, and are effective—working closely with Engineering rather than duplicating them. All security—operational, technical oversight, compliance, and incident response—reports into this role. What You’ll Do Operational Security (Primary Focus) • Build and run the core security operations function for the company • Establish and own: • Incident response processes and on-call security escalation • Access management and internal security controls • Security monitoring, alerting, and investigations • Vulnerability intake, triage, and remediation tracking • Lead security incident response, root cause analysis, and post-incident improvements • Own internal security tooling and workflows appropriate for a lean team Security Risk Management • Continuously assess security risk across people, processes, systems, and vendors • Perform threat modeling and risk assessments for new products, markets, and integrations • Translate technical and operational risks into clear business impact and priorities • Maintain a practical security risk register and remediation roadmap Technical & Engineering Security Oversight • Ensure strong technical security controls exist across the platform, without building a large engineering security org • Partner with Engineering to: -Review architecture and security design decisions -Define secure development expectations and guardrails -Improve IAM, encryption, secrets management, and logging • Manage and coordinate penetration testing, vulnerability scanning, and security assessments • Track findings through remediation and validate fixes • Act as the final security sign-off for high-risk technical changes Compliance, Payments & Trust • Own PCI-DSS certification, SCA, and payment security requirements • Prepare for and manage security audits and external assessments • Define security policies, standards, and internal controls • Partner with Legal and Compliance on data protection and vendor risk • Ensure security practices scale as the company grows internationally Team Building & Enablement • Hire, develop, and lead a small, high-impact security team (2–3 people) • Define clear ownership between Security, Engineering, IT, and Operations • Build lightweight security training and awareness across the company • Act as a force multiplier, not a blocker Executive & Cross-Functional Communication • Brief leadership on security posture, incidents, and risk trade-offs • Provide clear, actionable guidance during security events • Advocate for security investments with pragmatic ROI framing What You’ll Bring Experience • 6–10 years in cybersecurity, ideally in fintech, payments, or financial services • Proven experience running security operations in small or growing organizations • Experience being the first or early security hire • Hands-on ownership of incident response, internal security, and risk management • Experience managing external pen tests, audits, and security vendors Technical Foundation • Strong understanding of: -Cloud infrastructure security (AWS/Azure/GCP) -Application and platform security fundamentals -IAM, encryption, logging, and monitoring • Comfortable reviewing architecture and asking the right security questions • Able to dive deep when needed, without being a full-time platform engineer Leadership & Mindset • Pragmatic, calm under pressure, and execution-focused • Comfortable operating with limited resources and high ownership • Strong communicator with technical and non-technical stakeholders • Security-first, but business-aware Education & Certifications • Bachelor’s degree required • Relevant certifications (CISSP, CISM, CISA, etc.) are a plus, not a requirement How to Apply: Submit your application via LinkedIn and attach your MBTI results from https://www.16personalities.com. Apply tot his job Apply To this Job