Head of Risk & Security

About The Position

Requirements

• 12+ years in enterprise risk, cybersecurity, or information security.
• 5+ years leading risk/security teams in fintech, SaaS, or regulated environments.
• Experience building or scaling security programs in startup or high-growth organizations.
• Deep cloud security expertise (AWS required; multi-cloud a plus).
• Strong hands-on knowledge of: Zero-trust architecture Secure SDLC Threat modeling Vulnerability management Incident response
• Demonstrated ownership of SOC 2 and regulatory audits.
• Experience working with both: Regulated financial institutions (bank-side risk expectations) Fintechs or API-based SaaS platforms (data recipient expectations)

Nice To Haves

• Experience in open banking / open finance ecosystems.
• Familiarity with FDX standards and OAuth/OIDC-based authentication models.
• Certifications such as CISSP, CISM, CRISC, or equivalent.
• Experience briefing executives or board-level stakeholders.

Responsibilities

• Mature and execute Akoya’s enterprise risk management (ERM) framework.
• Develop and track key risk indicators (KRIs) aligned with business OKRs.
• Lead third-party risk management across fintech partners, vendors, and service providers.
• Conduct product risk assessments across new open finance capabilities.
• Support regulatory readiness related to CFPB Section 1033 and evolving open banking requirements.
• Lead day-to-day execution of Akoya’s cybersecurity program across product, infrastructure, and corporate environments.
• Operationalize secure-by-design principles across SDLC in partnership with Engineering.
• Oversee vulnerability management, penetration testing, red teaming, and incident response.
• Drive continuous improvement of zero-trust cloud architectures (AWS-centric).
• Enhance monitoring, automation, and threat intelligence capabilities.
• Own operational execution of SOC 2 Type II and other certifications.
• Ensure alignment with NIST, ISO 27001/27002, GLBA, SOX, PCI (as applicable).
• Partner closely with Legal and Product on regulatory interpretation and implementation.
• Respond to due diligence inquiries from financial institutions, fintechs, investors, and regulators.
• Oversee corporate IT governance in partnership with the IT Systems Administrator (end-user security, device management, identity, remote access).
• Ensure strong IAM, endpoint protection, DLP, encryption, and secure collaboration tooling.
• Align IT and Security controls with remote-first operating model.
• Lead and mentor security engineers, risk analysts, and IT personnel.
• Build scalable team structure aligned with growth in API volume and institutional adoption.
• Foster a strong security culture where accountability and transparency are embedded across functions.
• Act as a senior advisor to ELT.
• Interface directly with security and risk leaders at major financial institutions and fintech clients.
• Support sales and customer conversations requiring deep technical credibility.
• Represent Akoya in industry forums and working groups (e.g., FDX-aligned initiatives).