Previous Job
Head of Security
Ref No.: 21-00098
Location: New York, New York
Position Type:Direct Placement

Ninth Wave is seeking to hire a Head of Information Security that will lead and operate a world class information security program. This role will be empowered to implement information security compliance processes and procedures while also being the subject matter expert in all-things information security. The Head of Information Security will establish, lead, and maintain the Information Security Management program comprised of policies, procedures, and systems to manage risks to Ninth Wave and its customers. This security leader will help maintain Ninth Wave's SOC 2 Type 2 and PCI-DSS compliance while expanding the use of standards like the NIST, CIS, and ISO27001.



  • Maintain policies, processes, and procedures to protect the confidentiality, integrity, and availability of Ninth Wave's data and services.
  • Mature the information security program to continually Client, reassess, and mitigate security risks as the business, product, and customer landscape changes.
  • Ownership over cloud infrastructure security, security operations, application security, and GRC.
  • Maintain compliance with industry control standards including SOC Type 2 and PCI-DSS.
  • Manage security across all aspects of our cloud infrastructure (Amazon AWS, Microsoft Azure services)
  • Serve as a technical mentor for security engineering.
  • Manage program to complete technology diligence processes with our customer and partners as we scale.
  • Partner with the product management, software development, infrastructure, and operations to ensure that Ninth Wave achieves confidentiality, integrity, and availability outcomes for its products and services.



  • 10 years of experience managing or leading information security functions.
  • Experience managing information security control standards, including SOC2, PCI-DSS, NIST CSF, and ISO 27001.
  • Experience working with products or businesses in FinTech, banking, financial services, other highly regulated sectors.
  • Strong background in API-centric SaaS enterprise financial software.
  • Consultative approach towards security with the ability to guide and educate developers on security best practices.
  • Experience in security operations, incident response and managing security incidents
  • Exceptional written and verbal communication skills.
  • Bachelor's degree in Computer Science or MIS.
  • Relevant certifications (CISSP, CISM, CCSP), advanced degree, or equivalent experience preferred.