Chief Information Security Officer

About the job

AvidXchange is seeking a Chief Information Security Officer to play a critical role in safeguarding our company‘s sensitive information, intellectual property, and customer data. You will be responsible for developing and implementing robust information security strategies, policies, and procedures, ensuring compliance with industry regulations and standards, and proactively identifying and mitigating cybersecurity risks. This role requires a seasoned professional with a deep understanding of financial technology, regulatory compliance, and a track record of successfully leading information security initiatives in a high-growth environment.

Join us in our mission to redefine the financial landscape with innovation, security, and seamless money movement. As our Chief Information Security Officer, you will be at the forefront of safeguarding our company and customer data while ensuring compliance with industry regulations, making a significant impact on the fintech industry’s future.

What You’ll Do

• Provide visionary leadership and strategic direction for the company‘s information security program.
• Collaborate with the board, executive and senior management and other stakeholders to align security initiatives with business objectives.
• Build and lead a skilled and motivated information security team to execute security strategies effectively.
• Stay current with relevant financial industry regulations, laws, and best practices, ensuring the company‘s compliance.
• Execute the company’s PCI compliance program and other data privacy initiatives.
• Develop and maintain a comprehensive understanding of money movement regulatory requirements and ensure that our systems and practices are in accordance with these guidelines.
• Conduct regular risk assessments to identify and prioritize cybersecurity risks and vulnerabilities.
• Engage with key partners and customers, including prospects, on information security related matters
• Implement effective risk mitigation strategies and controls to safeguard critical assets and data.
• Oversee incident response plans and lead efforts to respond effectively to security incidents and breaches.
• Develop, implement, and maintain information security policies, standards, and guidelines.
• Conduct regular audits to ensure adherence to security policies and recommend improvements as needed.
• Promote a strong security culture within the organization through training and awareness programs.
• Educate employees and stakeholders about cybersecurity best practices and potential risks.
• Evaluate the security posture of third-party vendors and partners, ensuring compliance with security requirements.
• Establish vendor risk management processes to minimize potential security risks associated with external collaborations.
• Lead the response to security incidents, coordinating efforts across relevant teams.
• Conduct post-incident analysis and implement measures to prevent future occurrences.
• Evaluate and recommend security technologies, tools, and services to enhance the company‘s cybersecurity capabilities.
• Ensure the security of the company‘s networks, systems, and applications through regular assessments and vulnerability management.

What We’re Looking For

• Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field. Advanced certifications in information security, such as CISSP, CISM, or CISA, are highly desirable.
• Minimum of 10 years of experience in information security, with at least 5 years in a leadership role.
• Proven experience in the fintech industry, preferably in a company dealing with money movement and financial transactions.
• In-depth knowledge of: money movement regulatory requirements and compliance frameworks, such as PCI-DSS, NYDFS cybersecurity regulations, GDPR, and AML/KYC; IT general controls (ITGC), and system and organization controls reports (SOC reports).
• Strong understanding of cybersecurity best practices, risk management, and incident response.
• General understanding of public company requirements as it relates to cyber security