Head of Information Security (CISO)

About Revolut

People deserve more from their money. More visibility, more control, and more freedom. Since 2015, Revolut has been on a mission to deliver just that. Our powerhouse of products — including spending, saving, investing, exchanging, travelling, and more — help our 65+ million customers get more from their money every day.

As we continue our lightning-fast growth,‌ 2 things are essential to our success: our people and our culture. In recognition of our outstanding employee experience, we've been certified as a Great Place to Work™. So far, we have 10,000+ people working around the world, from our offices and remotely, to help us achieve our mission. And we're looking for more brilliant people. People who love building great products, redefining success, and turning the complexity of a chaotic world into the simplicity of a beautiful solution.

About the role

Our Information Security team protects Revolut's systems, data, and people. They combine technical expertise with a proactive, risk-based mindset to stay ahead of threats and keep our technology and customers secure at every step.

We're looking for a highly technical and detail-oriented Head of Information Security to ensure best practices in our IT and Information Security function in the US. You'll collaborate with external stakeholders, our Board of Directors, and the 1LoD Technology team to ensure our security posture meets the highest standards of the US banking industry and is accurate and compliant.

Up to shape what's next in finance? Let's get in touch.

What you’ll be doing

• Leading 2LoD InfoSec risk, providing oversight to the 1LoD (IT/InfoSec operations) to ensure security controls are robust and effective
• Designing and maintaining the Enterprise Information Security Risk Management Framework, ensuring it aligns with NIST CSF 2.0, FFIEC guidelines, and the bank's overall risk appetite
• Serving as the primary point of contact for regulatory examinations, and delivering independent risk briefings and metrics to the risk committee
• Establishing and overseeing InfoSec and IT risk policies, ensuring they meet US federal regulations and industry best practices
• Conducting independent assessments of the bank’s technology stack, cloud environments, and emerging threats
• Defining and monitoring key risk indicators (KRIs) to track the health of the security program, and escalating breaches of risk tolerance to senior management
• Providing 2LoD oversight of the bank’s vendor security program, including reviews of critical third-party technology providers
• Promoting a firm-wide culture of risk ownership, ensuring that security awareness is embedded in every business line, not just IT

What you'll need

• 10+ years in InfoSec or IT risk management, with 3+ years in a senior leadership/2LoD role within a US-regulated bank or financial institution
• Expertise in US banking regulations and standards, specifically FFIEC IT Examination Handbooks, GLBA, and NIST CSF
• A proven ability to manage a risk function that is purposefully detached from day-to-day IT operations, while still maintaining a collaborative partnership with the CIO
• A solid understanding of the Three Lines of Defense model and the ability to differentiate between running security and overseeing risk
• Advanced knowledge of modern security architectures, including Zero Trust, cloud security (AWS/GCP)
• An exceptional ability to translate complex technical risks into financial and operational terms for the Board and non-technical stakeholders
• A bachelor’s degree in a relevant field
• A CISSP or CISM

Nice to have

• A CRISC or CISA
• Experience leading a cybersecurity program through a successful regulatory full-scope examination
• Prior experience in a Big 4 cyber risk advisory or internal audit role focused on financial services

Compensation range

• US: $195,700 - $206,000 gross annually*
• Other locations: Compensation will be discussed during the interview process

*Final compensation will be determined based on the candidate's qualifications, skills, and previous experience

Building a global financial super app isn’t enough. Our Revoluters are a priority, and that’s why in 2021 we launched our inaugural D&I Framework, designed to help us thrive and grow everyday. We're not just doing this because it's the right thing to do. We’re doing it because we know that seeking out diverse talent and creating an inclusive workplace is the way to create exceptional, innovative products and services for our customers. That’s why we encourage applications from people with diverse backgrounds and experiences to join this multicultural, hard-working team.

Important notice for candidates:

Job scams are on the rise. Please keep these guidelines in mind when applying for any open roles.

• Only apply through official Revolut channels. We don’t use any third-party services or platforms for our recruitment.

• Always double-check the emails you receive. Make sure all communications are being done through official Revolut emails, with an @revolut.com domain.

We won't ask for payment or personal financial information during the hiring process. If anyone does ask you for this, it’s a scam. Report it immediately.

By submitting this application, I confirm that all the information given by me in this application for employment and any additional documents attached hereto are true to the best of my knowledge and that I have not wilfully suppressed any material fact. I confirm I have disclosed if applicable any previous employment with Revolut. I accept that if any of the information given by me in this application is in any way false or incorrect, my application may be rejected, any offer of employment may be withdrawn or my employment with Revolut may be terminated summarily or I may be dismissed. By submitting this application, I agree that my personal data will be processed in accordance with Revolut's Candidate Privacy Notice