Mature and execute Akoya’s enterprise risk management (ERM) framework.
Develop and track key risk indicators (KRIs) aligned with business OKRs.
Lead third-party risk management across fintech partners, vendors, and service providers.
Conduct product risk assessments across new open finance capabilities.
Support regulatory readiness related to CFPB Section 1033 and evolving open banking requirements.
Lead day-to-day execution of Akoya’s cybersecurity program across product, infrastructure, and corporate environments.
Operationalize secure-by-design principles across SDLC in partnership with Engineering.
Oversee vulnerability management, penetration testing, red teaming, and incident response.
Drive continuous improvement of zero-trust cloud architectures (AWS-centric).
Enhance monitoring, automation, and threat intelligence capabilities.
Own operational execution of SOC 2 Type II and other certifications.
Ensure alignment with NIST, ISO 27001/27002, GLBA, SOX, PCI (as applicable).
Partner closely with Legal and Product on regulatory interpretation and implementation.
Respond to due diligence inquiries from financial institutions, fintechs, investors, and regulators.
Oversee corporate IT governance in partnership with the IT Systems Administrator (end-user security, device management, identity, remote access).
Ensure strong IAM, endpoint protection, DLP, encryption, and secure collaboration tooling.
Align IT and Security controls with remote-first operating model.
Lead and mentor security engineers, risk analysts, and IT personnel.
Build scalable team structure aligned with growth in API volume and institutional adoption.
Foster a strong security culture where accountability and transparency are embedded across functions.
Act as a senior advisor to ELT.
Interface directly with security and risk leaders at major financial institutions and fintech clients.
Support sales and customer conversations requiring deep technical credibility.
Represent Akoya in industry forums and working groups (e.g., FDX-aligned initiatives).

Requirements

12+ years in enterprise risk, cybersecurity, or information security.
5+ years leading risk/security teams in fintech, SaaS, or regulated environments.
Experience building or scaling security programs in startup or high-growth organizations.
Deep cloud security expertise (AWS required; multi-cloud a plus).
Strong hands-on knowledge of:
Zero-trust architecture
Secure SDLC
Threat modeling
Vulnerability management
Incident response
Demonstrated ownership of SOC 2 and regulatory audits.
Experience working with both:
Regulated financial institutions (bank-side risk expectations)
Fintechs or API-based SaaS platforms (data recipient expectations)

Benefits

Health insurance
401(k) matching
Flexible work arrangements
Paid time off
Professional development opportunities

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

enterprise risk managementkey risk indicatorsthird-party risk managementproduct risk assessmentscybersecurity programvulnerability managementpenetration testingincident responsezero-trust architecturesecure SDLC

Soft Skills

leadershipmentoringcommunicationcollaborationaccountabilitytransparencyadvisoryorganizational skillscontinuous improvementteam building