Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
brightfin

Vice President – Information Security

brightfin

VP of Information Security owning security governance, compliance, and product security at brightfin. Building and scaling a security program for a B2B SaaS platform.

Posted 6/25/2026full-timeRemote • 🇺🇸 United StatesLeadWebsite

Tech Stack

Tools & technologies
AWSAzureCloudGoogle Cloud PlatformSDLC

About the role

Key responsibilities & impact
  • Own our security program end to end: governance, compliance, customer trust, and product security.
  • Design and run brightfin's Information Security Management System (ISMS), aligned to NIST CSF and ISO 27001 principles
  • Own SOC 2 Type II compliance — including annual audits, evidence collection, and continuous monitoring
  • Maintain and mature security policies, standards, and procedures across the organization
  • Lead the company's incident response program: planning, tabletop exercises, and live incident management
  • Own the security review process for enterprise deals — respond to RFPs, security questionnaires, and customer audits
  • Develop and maintain a security trust portal and standard documentation package
  • Build and maintain a risk register; report on risk posture to the executive team and board quarterly
  • Manage third-party and vendor security risk, including contract review and ongoing monitoring
  • Ensure compliance with applicable data privacy regulations (GDPR, CCPA, HIPAA where applicable)
  • Partner with the engineering team on secure SDLC practices — code scanning, dependency management, penetration testing
  • Drive cloud security posture management for our AWS/Azure/GCP environments
  • Own the vulnerability management program: triage, prioritization, and remediation tracking
  • Hire and manage a small initial security team (target: 2–3 hires in year one)
  • Run security awareness training and phishing simulation programs company-wide
  • Build a security-conscious culture without creating friction for a fast-moving engineering team

Requirements

What you’ll need
  • 6+ years in information security, with at least 3 in a leadership role
  • Demonstrated experience building or scaling a security program at a B2B SaaS company
  • Deep SOC 2 ownership experience — you've led Type II audits, not just participated in them
  • Strong working knowledge of NIST CSF, ISO 27001, and cloud security (AWS preferred)
  • Experience running the security side of enterprise sales cycles — responding to security questionnaires, hosting customer calls
  • One or more certifications: CISSP, CISM, CISA, CRISC, or equivalent

Benefits

Comp & perks
  • brightfin offers a comprehensive health, dental and vision benefits package.
  • Paid time off.
  • We strongly believe in work-life balance and taking time for yourself.
  • 401K with employer match

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
information securitysecurity program managementSOC 2 Type II complianceincident responserisk managementsecure SDLC practicesvulnerability managementcloud securitydata privacy complianceaudit management
Soft Skills
leadershipcommunicationorganizational skillsteam managementtraining and developmentcollaborationproblem-solvingstrategic planningcustomer trust buildingculture building
Certifications
CISSPCISMCISACRISC