Information Security Officer
Summary / Objective Shaw Systems is a leading national software provider serving the consumer lending and financial services industry. We are seeking a Chief Information Security Officer (CISO) to lead the protection of corporate and client information assets and drive a secure, scalable technology environment. This role owns enterprise security strategy, operations, compliance, and risk management while enabling secure adoption of AI, cloud, and automation platforms. The CISO serves as Shaw’s primary authority on information security, partnering across business, technology, and client teams to strengthen security posture and support growth. Organizational Scope Direct Reports: Service Operations Manager, Senior Security Engineers, Security/InfoSec Analysts Team Size: ~8 FTEs + contractors + SOC partner Enterprise Reach: Full client portfolio (financial services focus) Cross-Functional Influence: AI Committee; DevOps, Cloud, Implementation Responsibilities 1. Security Strategy & Program Leadership Define and mature enterprise information security strategy, policies, and standards Own and evolve Shaw’s Information Security Program and SOC 2 Type II compliance Serve as primary security representative for clients, auditors, and executives Lead risk identification, mitigation, and enterprise security roadmap Oversee access controls, third-party risk, and security readiness exercises (DR, incident tabletop) Present security posture, risks, and compliance status to leadership and external stakeholders Hold named accountability for security representations in client agreements (including MSAs and processing agreements); present security posture and risk to clients, prospects, auditors, and executive forums as required 2. Security Operations (SecOps) Oversee 24/7 SOC operations (via partner) and incident response lifecycle Manage threat detection, monitoring, vulnerability management, and remediation Lead response to authentication threats, phishing, and unauthorized access events Maintain and enhance security tooling across the stack, including Microsoft Defender, FortiClient VPN, Arctic Wolf MDR, Keeper, KnowBe4, PAM solutions, and data protection technologies (e.g., DLP) Ensure endpoint, identity, and infrastructure security across cloud and on-prem environments Drive network, cloud, and infrastructure hardening initiatives 3. AI Governance & Security Architecture Lead enterprise AI security strategy and rollout (Copilot, LLMs, AI tools) Design and enforce AI governance framework (usage policies, data protection, access controls) Architect secure AI/LLM environments (mitigating data leakage, prompt injection, etc.) Own Microsoft Purview strategy (DLP, labeling, information protection) Represent AI security posture to clients, auditors, and leadership Manage strategic vendor relationships, including Microsoft, Anthropic, Arctic Wolf, Fortinet, Keeper, and other security and AI partners, ensuring enterprise value and risk alignment 4. Service Operations Oversight Provide leadership oversight to Service Operations (infrastructure, endpoints, support) Ensure reliability, patching, identity governance, and cloud operations (M365/Azure) Drive SLA performance, operational efficiency, and automation initiatives Ensure operational rigor through established tooling and cadences, including patch management (e.g., WSUS), endpoint monitoring, and environment audits 5. Compliance, Risk & Audit Co-own SOC 2 Type II audit lifecycle and evidence management Maintain enterprise risk register and mitigation tracking Lead client/vendor security assessments and regulatory readiness Ensure alignment with frameworks (ISO 27001, NIST, FFIEC, GLBA, SOX) Ensure third-party vendor due diligence, security requirements, and contractual obligations are aligned with Shaw’s Information Security Program and documented appropriately Monitor regulatory developments (including AI and privacy laws) Own security representations in client agreements and audit responses Provide security review, guidance, and approval on security-related representations in client, regulatory, and third-party engagements, in partnership with executive leadership, Legal, and Compliance 6. Leadership & Culture Lead, mentor, and develop InfoSec and Service Ops teams Manage vendors, contractors, and partner performance Promote enterprise-wide security awareness and training programs Partner with HR on hiring, workforce planning, and organizational design 7. Strategic & Cross-Functional Collaboration Advise executive leadership on security and AI risk strategy Partner with DevOps, Cloud, and Implementation teams on secure design practices Support business development (security questionnaires, client discussions) Translate technical risk into business impact for diverse stakeholders
Requirements
Education Bachelor’s or Master’s degree in Computer Science, Engineering, or related field Experience & Expertise 10+ years in information security leadership 5+ years securing cloud environments (Azure preferred, AWS acceptable) Strong experience with SOC 2, ISO 27001, NIST, OWASP, FFIEC, GLBA, SOX Deep technical background across DevOps, infrastructure, and security tooling Expertise in network security, IAM, DLP, SIEM, and vulnerability management Experience with Microsoft security stack (Defender, Purview, Intune, Entra ID, Azure) Demonstrated experience with AI platforms and governance (e.g., Copilot, LLMs) Financial services or lending industry experience preferred Certifications CISSP (required) CCSP (required) ISSAP (preferred) Leadership Competencies Strategic security leadership and business alignment AI governance and emerging technology risk management Operational execution and compliance discipline Strong communication, stakeholder influence, and executive presence Analytical problem-solving and results orientation Vendor and partner management expertise Performance Expectations (First 12 Months) SOC 2 Type II audit completed with no material findings Enterprise AI governance framework fully implemented Microsoft Purview DLP and labeling deployed enterprise-wide Mature security operations cadence with measurable SLAs Updated BCP/DR program tested Improved phishing awareness and security training outcomes Supervisory Responsibility Leads a team of internal, contractor, and external partners supporting security operations and enterprise infrastructure. Location Hybrid: Within 75 miles of Houston, TX Remote (eligible states): TX, VA, FL, GA, ID, LA, MI, MN, NJ, NC, PA, UT Travel: 10–25% as needed
Work Environment
Full-time, Monday–Friday; standard business hours with occasional after-hours support as needed. Apply To This Job