Job details

Chief Information Security Officer

Get a free resume review

At TreviPay, we believe loyalty begins at the payment. Thousands of sellers use our global B2B payments and invoicing network to provide choice and convenience to buyers, open new markets and automate accounts receivables. With integrations to top eCommerce and ERP solutions and flexible trade credit options, TreviPay brings 40 years of experience serving leaders in manufacturing, retail and transportation.

Every day, TreviPay employees are challenged and empowered in a supportive, collaborative, entrepreneurial environment.

We are looking for an experienced, hands-on information security practitioner to lead our cybersecurity team. You will have leadership responsibility for protecting our SaaS platform, infrastructure, and customer data while enabling business growth and innovation. This position requires a talented and driven individual who uniquely combines leadership skill, information security expertise, and is a true technologist who likes to roll up their sleeves and work with architects and engineers to help launch software solutions that are secure by design. This position reports to the Chief Product and Technology Officer (CPTO).

Responsibilities:

Strategic Leadership

o Develop and execute a comprehensive information security strategy aligned with business objectives

o Lead the evolution of our security program to address emerging threats and regulatory requirements

o Build and maintain relationships with key stakeholders, including board members, executives, clients, engineering leaders, and regulatory bodies

o Provide regular security status updates and metrics to the board and executive team

Team Leadership

o Continue to evolve and grow TreviPay’s talented and driven information security team through training andcoaching. Attract high performing security professionals to join the team as needed.

o Help foster a security-first culture throughout the organization

o Manage security budget

Security Operations & Architecture

o Lead offensive security and security operations to including, incident response, threat detection, vulnerability management, and forensics

o Direct the design, implementation, and maintenance of our security architecture

o Ensure the security of our cloud infrastructure and SaaS platform

o Stay current with cybersecurity threats and mitigation best practices. Work with the executive team to make strategic decisions related to the company’s security posture and investment

o Work closely with product management and engineering teams to build a deep understanding of the TreviPay product suite and technology infrastructure. Use this understanding to influence priorities and define information security requirements.

o Lead evaluation, adoption, and use of security tools and technologies

o Own the execution of annual PCI-DSS and ISO-27001 certifications to include vendor management and project management of the process.

o Ensure that data privacy requirements are understood and included in all solutions

Work with engineering leaders to define secure coding practices, standards and training

Compliance & Risk Management

o Maintain compliance with PCI DSS, ISO 27001, NIST, and other relevant standards

o Oversee security risk assessments and implement risk mitigation strategies

o Develop and maintain security policies, procedures, and standards

o Ensure compliance with financial services regulations and data protection laws

Requirements:

o 10+ years of combined engineering and information security experience

o 3+ years of leadership experience

o Bachelor’s degree in Computer Science, Information Systems, or equivalent work experience.

o One or more of the following certifications: Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM)

o A deep understanding of and experience with one or more of the following compliance frameworks: NIST, PCI-DSS, ISO 27001, SOC 2.

o An empowering leadership style with a proven ability to build positive, energized teams

o Excellent judgement and critical thinking skills. Able to weigh multiple and often conflicting constraints and make rapid, logical decisions in a fast-moving company with complex financial products

o Direct experience with threat hunting, penetration testing, and red teaming

o Executive-level verbal and written communications skills that can synthesize technical issues into concise points

Why you will love working at TreviPay

· Competitive salary

· Paid parental leave

· Generous paid time off

· Medical, dental, vision, FSA, Life/AD&D, long and short term disability

· 401K matching

· Employee referral program

At TreviPay we believe:

· in saying yes to unique and challenging requirements

· empowered team members are creative team members

· our products make the customer’s day just a little bit better

· work/life balance makes us all more effective

TreviPay is an Equal Opportunity and Affirmative Action Employer. We welcome all veterans and disabled applicants.

Individuals with disabilities will be provided reasonable accommodation to participate in the job application and/or interview process. Please contact Recruiting@trevipay.com to request an accommodation.

TreviPay Glassdoor Company Review

4.0

TreviPay DE&I Review

No rating

CEO of TreviPay

Brandon Spear

Approve of CEO

Average salary estimate

$135000 / YEARLY (est.)

min

max

$120000K

$150000K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About Chief Information Security Officer, TreviPay

At TreviPay, we’re on the lookout for a Chief Information Security Officer who is not just experienced but ready to roll up their sleeves and take charge of our cybersecurity efforts. With our established B2B payments and invoicing network, safeguarding our SaaS platform, customer data, and infrastructure is vital for enabling business growth and innovation. As the Chief Information Security Officer, you’ll develop and execute a comprehensive security strategy that aligns with our goals while leading our talented cybersecurity team. Your hands-on approach will be crucial in fostering a security-first culture, overseeing security operations, and ensuring compliance with key industry standards like PCI DSS and ISO 27001. You will collaborate closely with engineers and product management to promote secure coding practices and influence system designs that are inherently secure. In this role, you’ll also maintain relationships with key stakeholders both within and outside the company, providing valuable insights through regular security status updates. TreviPay values creativity and unique problem-solving, so your experience in threat hunting and risk assessments will directly contribute to our mission. If you’re ready for a challenge in a supportive, collaborative environment where innovation is encouraged, we’d love to hear from you!

Frequently Asked Questions (FAQs) for Chief Information Security Officer Role at TreviPay

What are the main responsibilities of the Chief Information Security Officer at TreviPay?

The Chief Information Security Officer (CISO) at TreviPay is responsible for developing and executing a comprehensive information security strategy that aligns with business objectives. This includes leading the evolution of the security program to meet emerging threats, managing security operations like incident response and threat detection, and ensuring compliance with pivotal industry standards such as PCI DSS and ISO 27001.