Deputy Chief Information Security Officer - Bank

MercuryMercury·Remote(San Francisco, CA, New York, NY, Portland, OR, or Remote within United States)
Cybersecurity

WFA Digital Insight

The demand for seasoned Information Security professionals has surged in recent years, with a 25% increase in job openings in the fintech sector alone. As a Deputy Chief Information Security Officer, you'll be at the forefront of ensuring the security and compliance of Mercury's banking operations. With the rise of remote work, companies are looking for experts who can navigate complex regulatory landscapes and ensure the integrity of their systems. Mercury stands out for its innovative approach to fintech and its commitment to building a robust security framework. Before applying, candidates should be aware of the high level of expertise required for this role, including deep knowledge of FFIEC and OCC regulations, as well as experience in a regulated banking environment.

Job Description

About the Role

The Deputy Chief Information Security Officer will play a critical role in overseeing the bank-entity scope of Mercury's 2LOD Information Security program. This is a build-and-defend role, requiring a high level of operational discipline and the ability to work closely with various stakeholders, including OCC examiners, the Chief Risk Officer, and the board's risk committee. The successful candidate will have a deep understanding of FFIEC and OCC regulations, as well as experience in a regulated banking environment.

As a key member of the security team, you will be responsible for ensuring the coherence and effectiveness of Mercury's Information Security program. This will involve working closely with various teams to identify and remediate control deficiencies, develop and maintain policies and procedures, and ensure the continuity and resilience of the bank's operations.

The role is based in San Francisco, CA, New York, NY, Portland, OR, or Remote within the United States, and offers a unique opportunity to work with a innovative fintech company that is shaping the future of banking.

What You Will Do

  • Own the bank-entity 2LOD InfoSec program, including governance, policy, risk, and oversight
  • Develop and maintain a coherent policy architecture that meets regulatory requirements
  • Lead remediation of identified FFIEC IT control deficiencies to charter readiness ahead of the OCC pre-opening examination
  • Partner with the Chief Risk Officer on bank continuity, resilience, and recovery, including tabletop exercises and full-scale drills
  • Manage relationships with internal audit (3LOD) and external assessors (SOC 2, FFIEC CAT, regulator-led IT examinations)
  • Ensure TPRM evidence holds up to bank-grade scrutiny for critical service providers and material outsourcing arrangements
  • Coach and grow the GRC sub-team; run a recurring training cadence; build the bench depth a national bank requires
  • Develop and maintain a tested incident response program with documented exercise history
  • Coordinate with various teams to ensure the continuity and resilience of the bank's operations

What We Are Looking For

  • 8+ years of experience in Information Security, with 3+ years inside a regulated bank, trust bank, or de novo bank charter effort
  • Deep FFIEC and OCC fluency, including experience with the FFIEC CAT, the FFIEC IT Examination Handbook, BSA/AML IT supervisory expectations, and the OCC Heightened Standards
  • Direct examiner-facing experience, including defending controls to an OCC, FDIC, or Federal Reserve examiner
  • Policy and standards craft, including the ability to draft board-ratifiable policies and supporting standards stacks
  • Operating discipline, including the ability to run cadences, write status reports that survive executive review, and maintain currency of controls, evidence, and risk registers
  • 2LOD instinct, including experience serving in an oversight role
  • Strong technical baseline, including the ability to challenge an architecture review and read an incident timeline credibly

Nice to Have

  • Prior experience as a Deputy CISO or equivalent senior 2LOD role at a national bank, trust bank, or large credit union
  • Charter or de novo bank experience, including experience standing up a new bank or trust bank
  • Strong technical skills, including experience with cloud security, network security, and incident response
  • CISSP, CISM, or CRISC certification

Benefits and Perks

  • Competitive salary and benefits package
  • Opportunity to work with a innovative fintech company that is shaping the future of banking
  • Collaborative and dynamic work environment
  • Professional development opportunities, including training and conference sponsorships
  • Flexible working hours and remote work options
  • Access to cutting-edge technology and tools
  • Recognition and reward programs for outstanding performance

How to Stand Out

  • Develop a deep understanding of FFIEC and OCC regulations, including the FFIEC CAT and the FFIEC IT Examination Handbook
  • Highlight your experience in a regulated banking environment, including any experience with examiner-facing roles
  • Emphasize your ability to develop and maintain coherent policy architectures and supporting standards stacks
  • Showcase your technical skills, including experience with cloud security, network security, and incident response
  • Be prepared to provide specific examples of your experience and accomplishments in the field of Information Security
  • Research Mercury's company culture and values to understand their approach to innovation and security
  • Prepare to discuss your approach to risk management and compliance in a fintech environment

This is a remote position listed on WFA Digital, the platform for professionals who work from anywhere. Browse more remote jobs across all categories.