Chief Information Security Officer

Varo is an entirely new kind of bank. All digital, mission-driven, FDIC insured and designed for the way our customers live their lives. A bank for all of us.

The Chief Information Security Officer (CISO) reports to the Chief Operational Risk Officer and works closely with the CORO, the Chief Risk Officer (CRO), Varo’s executive leadership as well as business partners to protect the confidentiality, integrity, and availability of customers’ information and financial assets. The CISO is responsible for overseeing the design, implementation, monitoring, and governance of Varo’s information security framework. With the CORO, you’ll build an accountable, information security-conscious culture, and information security program built on high-quality standards and controls, that are regularly tested and reported, and meet regulatory expectations for a bank. The CISO will be a thought leader in financial crimes prevention and management, and work in close partnership with their Fraud, Operations, and BSA/AML Risk colleagues.

• Manage the second-line information security function by performing credible challenge of first-line programs and driving oversight, governance, reporting
• In partnership with IT, develop, maintain, and publish up-to-date information security policies, procedures, standards, controls, and guidelines
• Oversee the training and dissemination of such policies, procedures, standards, controls, and guidelines
• Develop and oversee the monitoring and continuous improvement of a risk-based enterprise security program across all cyber-security risk domains including cyber risk management, threat intelligence, cybersecurity controls, external dependency management, cyber incident management, and resilience
• Partner with Fraud and Anti-Money Laundering teams to develop a holistic financial crimes program for Varo that is innovative and powerful in its ability to detect and prevent illegal activity and protect our customers
• Partner closely with the Privacy Officer to lead and influence data protection, governance, and management practices
• Conduct risk assessments (ex: GLBA) and testing to ensure that appropriate controls are in place and are effective
• Report at least annually to the Board, and quarterly to the Enterprise Risk Committee progress against remediation plans
• Inspire a cultural shift within Varo to more strongly embed pragmatic risk management into business decisions and operations
• Assist in the creation and management of information security awareness training programs for all employees and contractors, including role-based training for those with specialized security responsibilities
• Coordinate information security projects and initiatives together with resources from technology and business line teams
• Ensure that information security programs comply with relevant laws, regulations, and policies to minimize risk and audit findings
• Advise the first line during security incidents and events to help protect corporate assets, including intellectual property, data, and Varo’s reputation
• Be a key member of and assist in the management of Varo’s Crisis Management Team
• Execute table-top exercises and simulations to prepare participants for their roles in a crisis

• Progressive experience in information security with a combination of risk management, information security, and IT-related responsibilities with regulated financial institutions and/or fintech companies, or the equivalent experience in regulatory organizations or consulting services with a concentration in IS/IT disciplines within banking/fintech
• 10 years of experience in a senior leadership role with increasing levels of responsibilities
• Experience with information security frameworks. Knowledge of NIST, ISO, SOC 2, PCI, and/or Cobit. Familiarity with Cyber Security Assessment Tool (CAT), Familiarity with IS related laws, rules, regulations, and best practices
• Experience with third-party service provider due diligence, negotiations, oversight, and monitoring
• Proven track record and experience in developing information security policies and procedures as well as successfully executing programs that meet excellence objectives in a dynamic environment
• Thorough understanding of IT operations and the role and impact of information security on these operations
• One or more of the following professional certifications: CISSP, CISM, CERT, CISA, etc.

We recognize not everyone will have all of these requirements. If you meet most of the criteria above and you’re excited about the opportunity and willing to learn, we’d love to hear from you!

About Varo

Varo launched in 2017 with the vision to bring the best of fintech into the regulated banking system. We’re a new kind of bank – all-digital, mission-driven, FDIC-insured, and designed around the modern American consumer. 

As the first consumer fintech to be granted a national bank charter in 2020, we make financial inclusion and opportunity for all a reality by empowering everyone with the products, insights, and support they need to get ahead. Through our core product offerings and suite of customer-first features, we aim to address a broad range of consumer needs while profitably serving underserved communities that have been historically excluded from the traditional financial system.

We are growing quickly in our hub locations of San Francisco, Salt Lake City, and Charlotte along with colleagues located across the country. We have been recognized among Fast Company’s Most Innovative Companies, Forbes’ Fintech 50, and earned the No. 7 spot on Inc. 5000’s list of fastest-growing companies across the country.

Varo. A bank for all of us.

Our Core Values

- Customers First

- Take Ownership

- Respect

- Stay Curious

- Make it Better

Learn more about Varo by following us:

Facebook - https://www.facebook.com/varomoney

Instagram - www.instagram.com/varobank

LinkedIn - https://www.linkedin.com/company/varobank

Twitter - https://twitter.com/varobank

Engineering Blog - https://medium.com/engineering-varo

SoundCloud - https://soundcloud.com/varobank

Varo is an equal opportunity employer. Varo embraces diversity and we are committed to building teams that represent a variety of backgrounds, perspectives, and skills. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.

Beware of fraudulent job postings!

Varo will never ask for payment to process documents, refer you to a third party to process applications or visas, or ask you to pay costs. Never send money to anyone suggesting they can provide work with Varo.  If you suspect you have received a phony offer, please e-mail careers@varomoney.com with the pertinent information and contact information.

CCPA Notice at Collection for California Employees and Applicants:

https://varomoney.box.com/s/q7eockvma9nd2b0utwryruh4ze6gf8eg