Chief Information Security Officer

Full Time
San Francisco, CA
Areas of Interest: Security Program Management/Chief Information Security Officer
report a problem

The Information Security Officer is responsible for the continuous development and delivery of a comprehensive information security and privacy program for Social Finance, Inc and its affiliates. The Information Security Officer coordinates all activities related to the availability, integrity and confidentiality of customer, employee, and business information in compliance with the organization’s policies and procedures as well as industry regulations and laws.

The successful CISO is a visionary leader possessing strong skills in technology and business management. The role is responsible for identifying, evaluating, reporting, and managing information security risks in ways that meet compliance, regulatory requirements and affirm business trust. This requires proactive collaboration with business unit and engineering partners to ensure alignment and application of practices that both support corporate business goals and meet defined policies and standards for information security.

The CISO should be well versed in all areas of information security and have both financial services and technology knowledge on how cyber security programs are evolving in our industry.

By joining SoFi, you're joining a new kind of finance company based around speed, transparency, and alignment with our members’ interests. Our goal is to be the center of our members’ financial lives. We created student loan refinancing, addressing the biggest financial challenge this new generation has through a new approach to lending. We expanded into other types of loans, and then into insurance and wealth management with similarly inventive products. As the company has grown, we’ve been able to help more people with these tools.

SoFi has achieved significant growth, with big plans ahead. We're preparing to go global, with expansion to Australia and Canada planned this year. And we're well capitalized to power all this growth, having raised $1.9 billion in equity backing. But we'll only be able to continue this growth with great talent, and that includes you.


  • Coordinate the planning and development of SoFi’s information security and privacy capabilities.
  • Collaborate with IT, Engineering, Product Management and Marketing to implement and communicate on proper security controls for the SoFi products and IT infrastructure.
  • Establish appropriate policies, standards and controls to protect business assets based on the threat landscape and risks inherent to the SoFi business.
  • Work with the business to educate, advise, and influence activities with security and privacy risk implications
  • Maintain governance and proper protection for data assets stored on internal systems and the public cloud.
  • Maintain compliance with regulatory and legal requirements applicable to the SoFi business. Stay current with applicable Compliance, Legal, & Regulatory changes impacting the SoFi business.
  • Define, implement and execute the Security Incident Response process as overall leader during incident response. This includes coordination with law enforcement, relevant professional services firms, internal/external communications, incident investigation and implementation of corrective actions.
  • Represent SoFi’s information security at external events, with the press, regulators and business partners, including financial institutions and customers.
  • Manage and report on the Information Security and Privacy programs’ performance.
  • Hire, manage and mentor a team of individuals qualified to support the enterprise security needs.
  • Assumes a primary role in business continuity planning and testing.
  • As the senior information security officer, provide cybersecurity updates and communications to executives and the board of directors.
  • In partnership with the General Counsel's Office assure regulatory compliance with regional, national and state data privacy regulations.
  • Participate in enterprise risk management process advising senior management of technology risk. Develop and drive risk mitigation and remediation plans
  • Build the enterprise security framework: build the foundation and help define capabilities and processes to address SoFi’s security needs for the next 3 years. 

Minimum qualifications

  • BS degree in Computer Science or related technical field or equivalent practical experience
  • 15 years of practical experience in information security management and technical compliance
  • Strong knowledge of the financial services regulatory landscape impacting cyber security, secure product design, web and mobile security threats and mitigations
  • Excellent communication, management and leadership skills.
  • 5 years of experience with knowledge and experience with Software/Infrastructure/Platform-as-a-Service (SIPaaS) solutions and architectures.


  • Catered lunches, a fully stocked kitchen, and subsidized gym membership.
  • Competitive salary packages and bonuses.
  • A flexible vacation policy allows you to truly relax and reboot.
  • Comprehensive health, vision, dental, and life insurance as well as disability benefits.
  • 100% of health, vision, and dental premiums paid by SoFI for employees and their dependents.
  • 401(k) and education on retirement planning.
  • Tuition reimbursement on approved programs, up to $5,250 a year.
  • Monthly contribution to help you pay off your student loans.

Share this job:


SoFi is a new kind of finance company. From unprecedented products and tools to faster service and open conversations, we’re all about helping our members get ahead and find success. Whether they’re looking to buy a home, pay off their student loans, ascend in their careers, or invest in the future, the SoFi community works to empower our members to accomplish the goals they set and achieve financial greatness as a result.

Visit SoFi 's Social Media pages:
Company Industry: Financial Services
Company Type: Privately Held
Company Size: 501-1000