Chief Information Security Officer (CISO)

Chief Information Security Officer

About Us:

Named by Fast Company in its Top 10 Most Innovative FinTech Companies, Halo Investing is the first independent, multi-issuer platform for defined outcome investing. Halo Investing gives financial advisors, wealth managers and RIA's access to structured notes, buffered ETFs, and annuities. By delivering the best pricing and execution to the clients it serves, Halo is changing the world of investing by democratizing the protective investment marketplace.

In October 2021, Halo announced that it raised over US$ 100 million in Series C funding. The latest fundraising round was led by Owl Capital and included the Mubadala-backed US $1 billion fund managed by Abu Dhabi Catalyst Partners, in addition to existing investors Allianz Life Ventures and William Blair.

Halo is based in Chicago, with offices in Zurich and Abu Dhabi. We've balanced tremendous growth with strong company culture to create a uniquely motivated, dynamic, and proactive team. Above all, we value collaboration, communication, and passion!

About the Role:

This position is limited to the greater Chicagoland area. We are looking for a Chief Information Security Officer who's passionate about Enterprise security! In this role, you'll play an integral role in defining and executing security strategies to protect sensitive company and customer data. Our goal is to engineer security into every aspect of the enterprise. You will work alongside groups within the business and product engineering to design and implement processes, solutions and training that reduce information security risks and exposures from internal and external threats. A successful candidate will be able to assess and identify security risks, communicate/document and implement security best practices. He/she will be able to provide consultation on security best practices for internal and customer facing projects and will develop, implement and maintain security programs for the enterprise. The ability to learn quickly and then execute is vital to this candidate's success.

Primary Responsibilities:

• Help define & drive strategy for security engineering team.
• Design, develop, and implement improvements to the security architecture in our production environment, and applying cutting edge security concepts to enhance security for our customers, partners, users and applications.
• Apply in-depth knowledge of DR/BCM best practices, and incident response to enhance our resiliency.
• Work hand-in-hand with our product engineering team to ensure we engineer security into our products; work closely with all our business partners and units to engineer security best practices into our processes.
• Assess the security of planned features and applications as well as our core infrastructure, partnering with the relevant teams to identify and mitigate risks prior to release.
• Perform routine security audits and assessments in support of our ISO-27001 certification, SOC 2 efforts, and as part of our existing security plan.
• Develop, deliver, and participate in social engineering exercises.
• Automate security controls wherever appropriate using tools such as Tines, AutomationAnywhere, or UIPath.
• Experience with setup and maintenance of SIEMs.
• Experience in mobile device management (MDM) technologies.
• Deliver focused security training on best practices.
• Provide guidance and technical mentorship for junior resources to help them grow and do the best work of their careers.
• Help attract top level talent and lead the technical direction of the team.
• Assist with vulnerability scanning and penetration testing and other assessment exercises.
• Employ OSINT (open source intelligence) tools and practices to proactively identify threats and vulnerabilities.
• Knowledge and/or experience with fraud risk assessment concepts.
• Experience with vendor management and third-party risk management.
• Knowledge of encryption concepts and implementation
• Knowledge and experience in securing cloud infrastructures (AWS, Azure, or GCP)

Required Education and Experience:

• 10+ years of experience in information security.
• Experience developing, implementing, and monitoring a strategic, comprehensive information security and IT risk management program
• Bachelor's or Master's degree in Computer Science or Information Systems.
• 5+ years experience securing network and perimeter infrastructures.
• 5+ years experience with identity and access management (OKTA, Auth0, SAML, IAM, etc.).
• 3+ years experience in Python.
• Network+, Security+, CISSP or any accredited security certifications.
• If you do not have the CISSP, then must be willing to obtain it within 15 months of joining Halo Investing.
• Knowledge of Wi-Fi security protocols and troubleshooting.
• Knowledge of full-stack development concepts.
• Experience with data loss prevention and endpoint security products.
• Experience in setting up and maintaining WAFs (web application firewalls.
• Experience with major IaaS/PaaS providers (AWS, Azure, GCP).
• Knowledge of industry standard security framework, technologies, protocols, and best practices including but not limited to NIST, ISO/IEC, SOC 2, and OWASP.
• Understanding of database functionality and security.
• Familiarity with programming languages (Python, Java, etc.) and automation of system tasks.
• Familiarity with Agile practices and CI/CD concepts.
• Familiarity with SAST/DAST tools - implementation and maintenance.
• Experience in communicating and leading discussions regarding technical solutions or problems to varying levels of the organization.
• Experience developing and maintaining strong relationships with partners, key vendors, and customers.
• Ability to think creatively to solve problems and continuously improve.
• Knowledge of enumeration (nmap / zenmap), Kali Linux, vulnerability scanning tools (Nessus, ZAP, BurpSuite) and penetration testing concepts.
• Knowledge of security frameworks such as NIST, NYDFS, OWASP, and ISO-27001.
• Strong understanding of the global data protection regulatory framework with a focus on GDPR and US data protection regulations
• Experience operating in high transaction environments with complex security, operational and regulatory requirements.

Benefits:

• Competitive Compensation
• Comprehensive Medical and Dental
• 401k Program
• Unlimited PTO
• Paid Parental Leave
• Flexible Hybrid WFH Environment
• Fun & Exciting work environment, including free snacks and onsite pop-a-shot
• Flexible and highly collaborative work environment

Halo Values Diversity and Inclusion. We are proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, national origin, disability status, protected veteran status, or any other characteristics protected by federal, state, or local laws, regulations, or ordinances. If you need assistance or accommodation due to disability or special need when applying for a role or during our recruitment process, please contact us at: hr@haloinvesting.com