Information and Cybersecurity Lead

TITLE:  Information & Cyber Security Lead

LOCATION: Remote

REPORTS TO: VP of Technology                

KEY RELATIONSHIPS AND TEAM: The Information & Cyber Security Lead will work closely with key stakeholders across the organization, including IT, product, legal, operations, and shared services departments. As the leader of Information & Cyber Security, you will guide, mentor and drive the overall security strategy. You will work alongside the broader IT team to ensure security is embedded within every aspect of system development, from design to deployment. The role requires strong collaboration with leadership to ensure strategic objectives align with business needs, as well as close interaction with external auditors and third-party vendors to maintain industry certifications.

THE OPPORTUNITY: As the Information & Cyber Security Lead, you will be a vital member of the team, entrusted with the responsibility of ensuring the integrity, confidentiality, and availability of the organization’s information systems. You will lead the design, implementation, and management of the security measures that protect our business’s sensitive data and digital assets. Your leadership will ensure that security best practices are embedded across all internal systems, digital transactions, and technologies used by staff. The role involves proactive risk management, incident response, security training and awareness, as well as the continuous improvement of the company’s security posture. You will have the opportunity to shape the future of our security infrastructure, influence security culture, and make a lasting impact on the safety and integrity of our digital landscape. Your expertise will be crucial in fortifying the company’s defenses against evolving cyber threats while ensuring regulatory compliance. 

Specifically, the Information & Cyber Security Lead will have responsibility to:

• Provides a framework for security oversight of internally developed systems within our business landscape. Defines expected outcomes of secure digital transactions
•  Ensure the list of risks and exposures has actively managed mitigation strategy and progress to completion
• Well managed and communicated response to security incidents which minimize exposure
• Ensuring information security is a top priority for every employee and is central to our approach for all technology built or used by staff, including security awareness programs are documented and compliance is tracked and communicated internally.
• Provide a path to continuous improvement of our security posture and capabilities
• Ensure the list of risks and exposures has actively managed communication plan, KPIs are documented and well distributed
• Architecture aligned security roadmap encompassing all at rest and in-flight transactions and storage mechanisms
• Take full ownership of the SOC audit and controls process, working closely with external auditors to ensure compliance with relevant industry-standard certifications.
• Ensuring overall information/cyber security compliance with applicable, industry standard certifications
• Other duties as assigned.

Professional Qualifications: 

The following knowledge, skills, education, and experiences are required:

• Bachelor’s degree in computer science or related field 
• Minimum of 7 years of experience in information security
• Minimum 2 years in a lead or senior InfoSec role
• Proven experience designing and implementing security frameworks for enterprise applications and systems.
• Expertise in risk management, security incident response, and mitigation strategies.
• Strong knowledge of security protocols, encryption technologies, and regulatory compliance requirements (e.g., GDPR, PCI DSS, HIPAA).
• Experience in developing security awareness programs and training materials for staff.
• Strong analytical skills with the ability to translate complex security issues into actionable solutions.
• Experience with industry-standard certifications and frameworks (ISO 27001, NIST, etc.).
• Exceptional verbal and written communication skills, with the ability to engage both technical and non-technical audiences.
• Ability to work collaboratively with cross-functional teams.

The following knowledge, skills, education, and experiences are required:

• Background in automotive lending, fintech, auto finance industry, or loan servicing a plus

Why Consider Joining FIS now?

• The business is poised for accelerated growth 
• This role provides the chance to advance your career in a dynamic, fast-paced environment where your contributions will be highly valued.
• The company's story is one of protecting financial institutions and consumers alike with respect to F&I products
• Competitive salary and performance-based bonuses
• Comprehensive benefits including medical, dental, vision, life insurance, and more.
• Generous PTO policy and paid holidays.
• Collaborative, supportive, and innovative work environment. 

 The following behaviors are required:

• Leadership & Mentorship: Guide and mentor team members, fostering professional growth and enhancing the overall security team’s capabilities.
• Collaboration: Work closely with IT, product, legal, operations, and shared services departments to ensure security is embedded throughout system development, from design to deployment.
• Security Strategy: Lead the development and implementation of the organization’s security strategy in alignment with business objectives.
• Risk Management: Proactively manage risks and exposures, ensuring that mitigation strategies are actively tracked and completed.
• Incident Response: Manage and communicate security incidents effectively, minimizing exposure and ensuring timely response.
• Security Awareness: Ensure that security is prioritized across the organization, fostering a culture of security awareness and tracking compliance.
• Continuous Improvement: Drive the continuous improvement of security posture and capabilities, adapting to evolving threats.
• Communication: Maintain clear and consistent communication regarding security risks, incidents, and mitigation efforts with both technical and non-technical stakeholders.
• Compliance: Ensure compliance with industry standards and certifications, such as GDPR, PCI DSS, and HIPAA, and work with auditors and third-party vendors to maintain certifications.
• Architecture & Roadmap: Define and implement a security architecture aligned with the business needs, ensuring the protection of data during storage and transit.
• Analytical Thinking: Translate complex security issues into practical, actionable solutions.
• Security Frameworks: Develop and implement security frameworks for enterprise applications, ensuring strong protection of sensitive information.
• Cross-functional Engagement: Collaborate effectively with cross-functional teams, ensuring security is integrated into every part of the organization.

F&I Sentinel is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military/veteran status, or other characteristics protected by law.