Deputy CISO

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity or other related field.
• Minimum 8 years of progressively responsible experience in information security, cybersecurity risk management, or related roles.
• Relevant certifications (CISSP, CISM, CISA, CRISC, HCISPP, CCSK, ISO 27001 LA/LI, or equivalent).
• Demonstrated ability to operate as the accountable GRC leader in enterprise, audit, and regulator-facing environments.
• Extensive hands-on experience leading SOC programs from readiness through audit completion.
• Demonstrated experience managing HIPAA Security Rule compliance.
• Practical working knowledge of GDPR, including data mapping and vendor privacy risk management.
• Deep knowledge of SOC 1, SOC 2, NYDFS Part 500, and third-party risk management.
• Proven ability to independently manage audits, write policies, collect evidence, and respond to auditors and customers.
• Strong understanding of enterprise IT environments, cloud platforms, SaaS architectures, identity, networking, logging, and security controls.
• Exceptional written and verbal communication skills; comfortable interfacing with executives, auditors, regulators, and customers.
• Highly organized with the ability to manage multiple concurrent audits and regulatory obligations.
• Ability to travel as required by business need.

Nice To Haves

• Master’s degree in Cybersecurity or Information Systems preferred.
• Prior experience as a Deputy CISO, Head of GRC, Director of GRC, or Principal GRC Lead preferred.
• Experience supporting highly regulated industries such as financial services or healthcare preferred.

Responsibilities

• Leads and executes the enterprise governance, risk, and compliance program end-to-end.
• Operates across multiple regulatory frameworks simultaneously, ensuring successful delivery of compliance and risk outcomes.
• Serves as the primary point of contact for auditors, regulators, and customers on security and compliance matters.
• Represents the organization as the accountable security compliance leader in regulatory examinations, customer diligence reviews, and external assurance engagements.
• Leads enterprise audit and regulatory readiness through gap analysis, control design, policy development, evidence collection, and timely remediation closure, ensuring successful audit completion across SOC 1, SOC 2, NYDFS Part 500, HIPAA, and GDPR.
• Ensures timely closure of audit findings and remediation of control gaps through completion.
• Responsible for writing, maintaining, and enforcing all security and compliance policies, standards, and procedures.
• Retains ownership of control intent, rationale, and narrative consistency across audits, regulators, and customer engagements.
• Performs security and privacy risk assessments, control testing, and remediation tracking through completion.
• Responsible for maintaining enterprise data mapping, documenting data flows, systems, and third-party processors.
• Leads vendor privacy and security risk assessments involving regulated and personal data.
• Partners with legal and business stakeholders to ensure privacy governance requirements are met.
• Responsible for the enterprise third-party risk management program, including vendor assessments, monitoring, and remediation follow-through.
• Independently completes customer security questionnaires (SIG, CAIQ, and custom SAQs) and provides security narrative responses for RFPs and customer due diligence inquiries.
• Independently develops accurate, clear, and consistent security narratives grounded in sustained understanding of the organization’s technical and risk environment, without repeated reliance on technical or engineering resources.
• Partners with IT, Engineering, Legal, Privacy, Risk, and business leadership to obtain evidence and implement controls, while retaining accountability for control interpretation and compliance outcomes.
• Provides executive-ready reporting on audit status, compliance posture, remediation progress, and enterprise risk.
• Leverages AI-assisted tools and automation to improve efficiency, consistency, and scale across GRC execution, while exercising sound judgment in regulated and confidential environments.
• Continuously identifies opportunities to streamline GRC processes through tooling, automation, and workflow optimization.
• Performs other projects, duties, and tasks, as assigned.

Benefits

• Competitive pay.
• A safe and healthy work environment provided by our robust benefit program including family health and wellness programs, 401K, employee assistance programs, paid time off, paid holidays and more.
• Career advancement and development opportunities.