Chief Information Security Officer (CISO)

- Develop, communicate, and implement a robust, risk-based, and continuously advancing information security strategy that aligns with business objectives and regulatory necessities, including CFTC guidelines and emerging security standards. - Provide direct reports to the President, including regular, concise, and comprehensive updates on security and risk to the Executive Leadership Team and Board of Directors. - Drive the establishment and reporting of Key Performance Indicators related to the companys security measures. - Collaborate closely with the Chief Risk Officer (CRO) to integrate information security risk management into the overall enterprise risk management framework. - Create and enforce security policies, standards, and procedures across all technical infrastructures, applications, and business processes. - Oversee all aspects of security operations, including threat intelligence, vulnerability management, security monitoring, incident detection, and response across the technology landscape (trading, clearing, corporate IT, and data platforms). - Ensure the security of critical data and systems, including overseeing the secure software development lifecycle (SDLC), network security, and cloud security architecture in partnership with the DevOps team. - Strategize and implement management, security, and auditing for cryptographic keys and critical system secrets. - Supervise the companys incident response and disaster recovery/business continuity planning regarding information security, ensuring 24/7/365 readiness. - Manage third-party security assurance activities, including vendor evaluations, due diligence, penetration testing, and vulnerability assessments. - Act as the principal liaison for the CFTC, external auditors, and other regulatory bodies concerning all cybersecurity and information security compliance issues. - Maintain ongoing compliance with all relevant financial regulatory frameworks, including CFTC regulations applied to DCMs and DCOs, along with other applicable standards (e.g., NIST Cybersecurity Framework, ISO 27001). - Oversee internal and external security audits and lead remediation efforts for identified findings. - Build, mentor, and guide a high-performing team of information security professionals (analysts, engineers, and architects). - Manage the security budget, technology acquisition, and vendor relationships to ensure effective and economical security controls. - Direct security awareness and training initiatives for all employees. - Collaborate with Legal, HR, and executive management in formulating policies and managing incidents.