Cybersecurity Lead

New York, NY
Engineering
Full-time
Who We Are: 
Ocrolus is a fintech infrastructure company that transforms documents into actionable data with over 99% accuracy. Powered by Artificial Intelligence and a unique human-in-the-loop data validation process, Ocrolus plugs directly into customer workflows via API, eliminating the need for manual data work. The solution includes built-in fraud detection and analytics, enabling customers to make smarter and faster business decisions with unprecedented precision.

Use-cases include loan underwriting, account openings, invoice processing, and other document-intensive processes. Ocrolus has raised over $30 million in venture capital, backed by Oak HC/FT, FinTech Collective, Bullpen Capital, and QED Investors, among others.


We’re looking for a Cybersecurity Lead with broad security experience to build out and mature the Information Security Program at a rapidly growing FinTech startup. The Cybersecurity Lead will have knowledge of industry best practices as well as modern solutions, and will be a proactive hands-on leader who will collaborate with the rest of the organization to help Ocrolus manage cybersecurity risk. We need someone with a strong and successful track record of solving hard problems using out-of-the-box thinking and leveraging modern technologies and solutions to support the program.

Responsibilities

    • Mature the Information Security Program to align with industry best practices, standards and guidance related to cybersecurity such as NIST (including CSF, 800-53), ISO 270xx, CSA, AICPA SOC 2, 23 NYCRR, FINRA, FFIEC
    • Design and implement best-in-class scalable security solutions in close collaboration with the Engineering organization
    • Promote secure design of systems and infrastructure in line with industry standards and best practices (including OWASP, CIS) including application of secure coding practices across the engineering organization, conducting security reviews of new features, leveraging industry tooling to automate and improve the security review
    • Continue to evolve the vulnerability management program, monitor systems for vulnerabilities and address them based on criticality
    • Monitor and respond to threats and potential security incidents

Requirements

    • Proven experience implementing an Information Security Program aligned with NIST 800-53, NIST CSF, ISO 270xx, 23 NYCRR, FINRA, CSA, AICPA SOC 2 (NIST and ISO listed at a minimum)
    • Practical experience designing and implementing cloud security solutions within an AWS environment
    • Practical knowledge of secure coding practices (including OWASP, CIS) 
    • Experience working with cybersecurity vendors for security assessments 
    • Hands on experience provisioning, configuring and securing systems and applications
    • Experience in Financial Services, FinTech or similar highly regulated industry a plus
    • Minimum 5-10 years of experience in an information security/cybersecurity senior role
    • Being a strong problem-solver with good communication and collaboration skills
    • Being flexible, a self-starter, and a fast-learner

We’re a young and rapidly growing FinTech company - if you have ever wanted to jump on a rocket ship as it’s taking off, now is your chance!