vestwell

Chief Information Security Officer

Preview — apply on company site for full detailsApply Now

At a Glance

Location: New York, United States
Experience: 10+ years
Posted: 2026-02-26T12:44:50-05:00

Key Requirements

Domain Knowledge

Cybersecurity
Engineering
Finance
Legal
Regulatory

Benefits & Perks

Health Insurance

e offer competitive health coverage and generous vacation offering. We have

Requirements

The Vestwell Technology organization seeks an exceptional CISO to define and lead our enterprise-wide security strategy. The ideal candidate is a visionary and pragmatic security leader who can translate complex risk into business outcomes, influence across the company and Board, and scale programs that protect our customers, partners, and platform. They bring proven experience building and maturing security programs aligned to leading frameworks, navigating financial services regulatory requirements, and fostering a security-first culture across product, engineering, operations, and all corporate functions. They are as comfortable in the SOC as they are in the boardroom, with equal fluency in technology, governance, and business risk.

The Necessities

10+ years of progressive experience in cybersecurity with 5+ years leading enterprise security programs or functions; proven leadership in high-growth or highly regulated environments.

Demonstrated success designing and operating security programs aligned to leading frameworks and sustaining regulatory compliance and audit readiness.

Expert ability to identify, prioritize, and communicate risk; proven track record translating complex technical concepts into actionable insights and decisions for executive, Board, and technical audiences.

Responsibilities

Own the enterprise information security vision, multi-year strategy, roadmap, and governance model that align to Vestwell’s business goals and growth.

Build, lead, and develop a high-performing security organization; attract and mentor top talent and scale operating models and processes to meet Vestwell’s future needs.

Evaluate current security technologies and capabilities (e.g., endpoint protection, monitoring/telemetry, DLP, IAM/zero trust, secret management, vulnerability and patch management) and recommend any changes or additions needed to elevate Vestwell’s security posture.

Build and mature a comprehensive security program grounded in recognized frameworks (e.g., NIST, ISO 27001, CIS Controls), including policy architecture, control implementation, and continuous improvement and audit readiness.

Establish and operationalize key cybersecurity metrics and KRIs/KPIs; provide concise, decision-oriented reporting to executive leadership and key stakeholders.

Champion a security-first culture via company-wide awareness, training, and targeted education (e.g., phishing exercises), and ensure policies are well-understood and adopted.