Curve was founded with a rebellious spirit, and a lofty vision; to truly simplify your finances, so you can focus on what matters most in life.
That’s why Curve puts your finances simply at your fingertips, so you can make smart choices on how to spend, send, see and save your money. We help you control your financial life, so you can go out and live the life you want to live.
With Curve you can spend from all your accounts, track spend behaviour and provide insights, and security to protect you from fraud. For the first time giving you bright insights and control of all your money in one beautiful place.
We’re developing a ground-breaking product with our customers at the core. Our user base is growing rapidly and we have exceptional metrics. We have funding from the leading names in tech investment, and a visionary leadership team who wants everyone who joins this remarkable adventure, to have the autonomy to masterfully develop their expertise.
Welcome to Curve. On a mission to help you live inspired.
To own and develop Curve’s Cybersecurity domain ensuring that information assets and technologies are adequately protected. The CISO will oversee and direct all aspects of cybersecurity, risk management, and compliance efforts, working closely with stakeholders to mitigate risks and align security initiatives with business objectives.
Closely aligned to the Curve Technology function the CISO will have a reporting line to the COO function to assure decision making and prioritisation.
Key Accountabilities:
Security Strategy and Leadership:
* Build and execute a company-wide cyber security strategy and roadmap detailing how cyber security delivers outcomes, to measurably improve the protection of the business from credible threats.
* Identify security vulnerabilities and risks associated with Curve's operations, including partnering with business units to build threat assessment into the product design and engineering processes.
* Serve as a trusted advisor to executive leadership on security trends and risk factors, providing meaningful guidance about threats, security and risk posture.
Risk Management and Compliance:
* Manage and coordinate internal and external network risk assessments, vulnerability assessments, penetration tests and auditing (including PCI & SOC2).
* Responsible for developing and managing Curve’s Cyber and information security programme, including the maintenance of existing policies, procedures, standards and guidelines and the introduction of new policies and controls to reflect changes in technology and regulatory and industry standards (e.g., GDPR, CCPA, ISO 27001, NIST, etc.).
* Oversight of the incident response program, ensuring swift and effective handling of security issues including resolution and subsequent root cause analysis.
* Lead forensic investigations and provide insights on security events to key stakeholders.
* Develop and test business continuity and disaster recovery plans.
Technology and Program Oversight:
* Champion new technologies and enforce the best development patterns and working practices, including providing guidance to the product and engineering teams for secure product development.
* Manage the evaluation, selection and implementation of information security technology and tools.
* Oversee the security awareness training program for employees.
Team Building and Leadership:
* Foster a culture of security awareness across the organization.
* Ability to lead, motivate and develop a cross functional, interdisciplinary team to achieve both tactical and strategic goals.
* Maintaining a positive and solution-oriented approach to work, providing open and honest feedback.
Skills & Experience:
* You will have at least 3-5 years experience in a senior Cyber security role and have designed and/or executed a cyber strategy and represented security in C-suite decision making.
* Firm technical and practical understanding of information security best practices such as NIST, ISO 27k, NCSC, Open Web Application Security Project (OWASP), and the ability to assess and score vulnerabilities in environments similar to Curve’s.
* Have a relevant industry recognised certification such as; CISSP, CIPP/E, CISM, CRISC or CISA.
* Understands and keeps up to date working knowledge of the internal & external threat landscape.
* Develop, deploy and lead security compliance strategy to ensure compliance with SOC2, ISO27001, GDPR, PCI DSS, local privacy laws, contractual requirements and globally-recognized standards and guidelines.
* Experience building incident response and management frameworks.
* Understands the overall business architecture and how 3rd parties contribute to the Cyber Security landscape.
* Extensive experience managing third party information security risk, managing the third party information security capability and vetting new suppliers.
* Experience designing and auditing networks, services and mobile applications.
* Security Architecture and Assurance - Design assurance reviews and driving improvement, risk identification and mitigation design, assurance processes and procedures.
* Deep understanding and experience with Firewalls, IDS, IPS, SIEM, cloud and on-premise security layers.
* A proactive and a natural collaborator, who can be hands-on, with a desire to help and support the business achieves its objectives along with shared goals.
* Effective influencing skills – providing context & direction, getting buy-in from multiple stakeholders, monitoring performance, motivating staff and building a positive working environment.
#J-18808-Ljbffr