Varo is an entirely new kind of bank. All digital, mission-driven, FDIC insured and designed for the way our customers live their lives. A bank for all of us.
The Deputy Chief Information Security Officer (CISO) reports to the Chief Operational Risk Officer and works closely with the CORO, the Chief Risk Officer (CRO), Varo’s executive leadership (ex: CTO) as well as business partners to protect the confidentiality, integrity and availability of customers’ information and financial assets. The Deputy CISO is responsible for overseeing the design, implementation, monitoring, and governance of Varo’s information security framework. With the CORO, you’ll build an accountable, information security-conscious culture, and information security program built on high-quality standards and controls, that are regularly tested and reported, and meet regulatory expectations for a bank. The Deputy CISO will be a thought leader in financial crimes prevention and management, and work in close partnership with their Fraud, Operations and BSA/AML Risk colleagues.
What you'll be doing - Manage the second line information security function by performing credible challenge of first line programs and driving oversight, governance, reporting
- In partnership with IT, develop, maintain, and publish up-to-date information security policies, procedures, standards, controls, and guidelines
- Lead the training and dissemination of such policies, procedures, standards, controls, and guidelines
- With the CRO and CORO, develop and oversee the monitoring and continuous improvement of a risk-based enterprise security program across all cyber-security risk domains including cyber risk management, threat intelligence, cybersecurity controls, external dependency management, cyber incident management, and resilience
- Partner with Fraud and Anti-Money Laundering teams to develop a holistic financial crimes program for Varo that is innovative and powerful in its ability to detect and prevent illegal activity and to protect our customers
- Partner closely with Privacy Officer to lead and influence around data protection, governance and management practices
- Conduct risk assessments (ex: GLBA) and testing with other 2LOD subject matter experts to ensure that appropriate controls are in place and are effective
- Assist the CRO and CORO in preparing and reporting at least annually to the Board, and quarterly to the Enterprise Risk Committee progress against remediation plans
- Assist in the creation and management of information security awareness training programs for all employees and contractors, including role-based training for those with specialized security responsibilities
- Coordinate information security projects and initiatives together with resources from technology and business line teams
- Ensure that information security programs are in compliance with relevant laws, regulations, and policies to minimize risk and audit findings
- Advise the first line during security incidents and events to help protect corporate assets, including intellectual property, data, and Varo’s reputation
- Be a key member of and assist in the management of Varo’s Crisis Management Team
- Execute table-top exercises and simulations to prepare participants for their roles in a crisis
- Balance the protection of information assets with the needs of the business
- Seamlessly flex between information security strategy and executing day-to-day
You’ll bring the following required skills and experiences- Progressive experience in information security with a combination of risk management, information security, and IT-related responsibilities with regulated financial institutions and/or fintech companies, or the equivalent experience in regulatory organizations or consulting services with a concentration in IS/IT disciplines within banking/fintech
- Bachelor’s Degree required or equivalent work/military experience; graduate study preferred
- 10+ years of experience in a senior leadership role with increasing levels of responsibilities
- Experience with information security frameworks. Knowledge of NIST, ISO, SOC 2, PCI, and/or Cobit. Familiarity with Cyber Security Assessment Tool (CAT), Familiarity with IS related laws, rules, regulations and best practices
- Experience with third-party service provider due diligence, negotiations, oversight, and monitoring
- Ability to establish the foundational success factors of a small, remote, and diverse team
- Proven track record and experience in developing information security policies and procedures as well as successfully executing programs that meet excellence objectives in a dynamic environment
- Thorough understanding of IT operations and the role and impact of information security on these operations
- One or more of the following professional certifications: CISSP, CISM, CERT, CISA, etc
- Experience in communicating (formal/written and in person) and collaborating with senior Executives and Regulators, and fostering production partnerships with all
We recognize not everyone will have all of these requirements. If you meet most of the criteria above and you’re excited about the opportunity and willing to learn, we’d love to hear from you!
We are currently not accepting applicants for this role from CA, CO, WA, IL, or NY.
About Varo
Varo launched in 2017 with the vision to bring the best of fintech into the regulated banking system. We’re a new kind of bank – all-digital, mission-driven, FDIC-insured, and designed around the modern American consumer.
As the first consumer fintech to be granted a national bank charter in 2020, we make financial inclusion and opportunity for all a reality by empowering everyone with the products, insights, and support they need to get ahead. Through our core product offerings and suite of customer-first features, we aim to address a broad range of consumer needs while profitably serving underserved communities that have been historically excluded from the traditional financial system.
We are growing quickly in our hub locations of San Francisco, Salt Lake City, and Charlotte along with colleagues located across the country. We have been recognized among Fast Company’s Most Innovative Companies, Forbes’ Fintech 50, and earned the No. 7 spot on Inc. 5000’s list of fastest-growing companies across the country.
Varo. A bank for all of us.
Our Core Values
- Customers First
- Take Ownership
- Respect
- Stay Curious
- Make it Better
Learn more about Varo by following us:
Facebook - https://www.facebook.com/varomoney
Instagram - www.instagram.com/varobank
LinkedIn - https://www.linkedin.com/company/varobank
Twitter - https://twitter.com/varobank
Engineering Blog - https://medium.com/engineering-varo
SoundCloud - https://soundcloud.com/varobank
Varo is an equal opportunity employer. Varo embraces diversity and we are committed to building teams that represent a variety of backgrounds, perspectives, and skills. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.
Beware of fraudulent job postings!
Varo will never ask for payment to process documents, refer you to a third party to process applications or visas, or ask you to pay costs. Never send money to anyone suggesting they can provide work with Varo. If you suspect you have received a phony offer, please e-mail careers@varomoney.com with the pertinent information and contact information.
CCPA Notice at Collection for California Employees and Applicants:
https://varomoney.box.com/s/q7eockvma9nd2b0utwryruh4ze6gf8eg
For cash compensation, we set standard ranges for all US-based roles based on function, level, and geographic location, benchmarked against similar-stage growth companies. Per applicable law, the salary range for this role is $140,000 - $200,000. Final offer amounts are determined by multiple factors as well as candidate experience and expertise and may vary from the identified range.