[Hiring] Information Security Lead @Pivotal Talent Search

Role Description

We are seeking an Information Security Lead to develop and own the security governance, compliance, and risk programs for a growing financial services organization. You will be a team of one to author the Written Information Security Program (WISP), operationalize it, and lead SOC 2 readiness and audits, partnering with IT, Legal, and other stakeholders to support security governance as the organization grows through acquisitions.

• Own and maintain the Written Information Security Program (WISP), including jurisdiction-specific requirements (e.g., GLBA, SEC Reg S-P, state-level data security obligations), and maintain supporting security and privacy policies, standards, and procedures. This includes access data handling, business continuity and incident response governance, inter-company agreements, and use of AI.
• Lead SOC 2 Type I readiness and audit, then operate the ongoing program for SOC 2 Type II.
• Work with IT and Engineering to define control requirements and verify evidence for technical and operational controls across platforms such as Microsoft 365 and AWS.
• Manage compliance in Vanta, including evidence collection and periodic access reviews, and define standards for access levels working with IT.
• Identify and document security and compliance risks, track remediation with control owners, and provide transparency of risk status and priorities for leadership.
• Run security risk assessments for tier-1 vendors, including reviews, risk acceptance, and renewals.
• Define the program structure and readiness plan for CCPA as a future initiative, and partner with Legal and Operations to execute once it moves to the top of the roadmap.

Qualifications

• Bachelor’s degree (or equivalent years of experience) in a related field.
• 5+ years of hands-on experience in GRC, security compliance, IT audit, or security program management.
• Hands-on experience delivering or operating a SOC 2 program, including readiness, evidence, and audits.
• Ability to translate policies into clear controls to implement and audit over time.
• Direct experience operating end-to-end compliance programs including evidence systems, workflows, and issue tracking.
• Excellent written communication and documentation skills with the ability to drive progress through influence rather than authority.
• Comfortable working as a team of one in a high-growth environment.

Requirements

• Financial services, fintech, or other highly regulated industry experience.
• Familiarity with GLBA, SEC Reg S-P, NIST CSF, ITGC concepts, and vendor risk practices.
• Experience with Vanta or similar security compliance platforms.
• Experience supporting security governance during acquisitions or system integrations.
• Security certifications such as CISA, CRISC, or CISSP are a plus.