Original listing text, shown exactly as published by the company.
What You’ll Do
1. Information Security Program Development
- Design, implement, and maintain a comprehensive Information Security Program consistent with FDIC guidance (e.g., FIL-66-2019, FIL-13-2021) and the Interagency Guidelines Establishing Information Security Standards.
- Develop and oversee policies, standards, and procedures governing cybersecurity, data protection, and incident response.
- Ensure alignment with the Bank’s overall risk management and governance frameworks.
- Provide regular reporting to executive management and the Board on the Bank’s security posture, emerging risks, and mitigation efforts.
2. Cybersecurity and Threat Management
- Establish and manage a threat monitoring and detection capability to identify, assess, and respond to cybersecurity risks.
- Oversee implementation of layered security controls (e.g., network segmentation, encryption, access controls, endpoint protection, vulnerability management).
- Lead the Bank’s Incident Response Program, ensuring timely escalation and coordination with regulators when required.
- Maintain relationships with information-sharing groups (e.g., FS-ISAC) and law enforcement to stay informed of emerging threats.
3. Third-Party and Affiliate Risk Oversight
- Evaluate the information security posture of third-party and affiliate service providers in accordance with the Bank’s Vendor Management Program and FDIC third-party risk guidance.
- Establish due diligence, ongoing monitoring, and contractual requirements for vendors handling sensitive data or performing critical services.
- Coordinate with Operations, Compliance, and Internal Audit to ensure third-party risks are identified, assessed, and mitigated.
4. Data Governance and Privacy Protection
- Ensure compliance with applicable privacy and data protection requirements (e.g., GLBA, Regulation P, state privacy laws).
- Implement processes to safeguard customer information and prevent unauthorized access, disclosure, or misuse.
- Partner with business and technology teams to integrate privacy-by-design principles into new products and services.
5. Business Continuity and Resilience
- Lead development and testing of the Bank’s Business Continuity and Disaster Recovery (BC/DR) plans, ensuring they are integrated with information security objectives.
- Coordinate regular testing and simulations to validate readiness for cyber incidents and system disruptions.
- Support resilience planning for key systems, vendors, and communication protocols.
6. De Novo and Pre-Opening Readiness
- Build and document the Bank’s information security program as part of the de novo application process.
- Establish security architecture, monitoring tools, and vendor relationships prior to launch.
- Prepare readiness materials for FDIC and state examinations related to cybersecurity and operational resilience.
- Ensure security risk assessments and third-party reviews are completed and incorporated into pre-opening milestones.
7. Leadership and Culture
- Serve as the Bank’s senior advocate for cybersecurity and data protection, promoting a culture of security awareness and accountability.
- Provide training and guidance across the organization to enhance information security awareness.
- Collaborate with peers in Risk, Compliance, Operations, and Technology to align security priorities with business strategy.
- Build and lead a capable, mission-driven security team to support the Bank’s evolving needs.
What We Look For
- Minimum of 10 years of information security and technology risk management experience, with at least 5 years in a leadership capacity at a regulated financial institution or Fintech.
- Demonstrated experience designing and implementing information security programs compliant with FDIC and FFIEC standards.
- Strong familiarity with third-party risk frameworks and financial services cybersecurity expectations.
- Experience leading incident response, penetration testing, and security operations in cloud-based and hybrid environments.
- Proven ability to communicate complex technical topics to executive leadership, the Board, and regulators.
- Strong leadership, analytical, and problem-solving skills with a risk-based and pragmatic approach to decision-making.
Core Competencies
- Expert knowledge of information security principles, frameworks, and regulatory requirements.
- Strategic thinker with strong operational execution and control discipline.
- Effective communicator capable of influencing across technical and business functions.
- Collaborative leader who fosters a culture of accountability, awareness, and continuous improvement.
Affirm Values
At Affirm, we live by our values: People Come First, No Fine Print, It’s On Us, Simplify, and Push the Envelope. As CCO, you will embody these principles while building the foundation of Affirm Bank as a trusted, transparent, and innovative financial institution.
