CISO

📋 Description

• Own Rain's information security and compliance strategy with ISO 27001 focus.
• Lead security compliance programs (ISO 27001, SOC 2, vendor risk, customer reviews).
• Design and improve Rain's security governance framework (policies, standards, risk processes).
• Partner with Engineering, Infrastructure, Product, Legal, and Ops to embed security requirements.
• Lead external audits, certifications, and assessments; primary contact for auditors.
• Translate regulatory and partner security requirements into scalable controls.
• Own risk management lifecycle: identify, assess, prioritize, report to execs.
• Establish and track security metrics and risk reporting to execs and the board.
• Oversee incident response governance to meet compliance expectations.

🎯 Requirements

• 8-12+ years in information security, GRC, or leadership roles; ownership of programs.
• Hands-on ISO 27001 certification leadership (initial and/or surveillance audits).
• Experience as security leader in high-growth fintech/payments or regulated environments.
• Strong governance, risk management, and control frameworks knowledge (ISO 27001/27002, SOC 2, NIST).
• Proven ability to partner with engineering to implement controls in cloud-native apps.
• Experience managing third-party risk, customer security questionnaires, and enterprise security reviews.
• Ability to clearly communicate risk and priorities to executives and non-technical stakeholders.

🎁 Benefits

• Unlimited time off; take at least 10 days.
• Flexible working; option to work from home with a home environment stipend.
• Comprehensive health, dental, and vision plans plus family coverage.
• 401(k) with a 4% company match.
• Equity option plan for all Rainmakers.
• Rain Cards for testing core products.
• Health and Wellness spending support.
• Team summits domestically and internationally.