VP of Cybersecurity & Information Security

Executive leader responsible for directing Cybersecurity and Information Security programs, with enterprise-wide risk management and cross-functional governance.

Responsibilities

• Direct the organization’s Cybersecurity and Information Security domains, including Security Engineering & Operations and IT Risk & Compliance, aligning risk appetite, regulatory needs, and business priorities with the evolving threat landscape.
• Build and operate a metrics-driven security program focused on risk reduction, control effectiveness, incident response, identity security, cloud and platform security, regulatory compliance, automation, and continuous improvement; oversee security tech, threat monitoring, IAM controls, cloud architecture, audits, remediation, vendor performance, and executive reporting while collaborating with IT, engineering, development, platform, and business teams.
• Lead and manage Cybersecurity and Information Security functions, encompassing Security Engineering & Operations and IT Risk & Compliance.
• Advise senior leadership on strategic and operational security matters, influencing decisions and driving proactive initiatives to strengthen security posture, risk management, regulatory compliance, and business resilience.
• Develop and execute Cybersecurity and Information Security strategies aligned with business goals, risk appetite, regulatory requirements, and the threat landscape.
• Operate a metric-driven organization with KPIs that measure risk reduction, control effectiveness, incident response, identity security, cloud security, and compliance posture.
• Oversee security engineering teams responsible for platforms, tooling, architecture, and integrations across endpoints, networks, cloud, identity, and platform environments.
• Manage security operations including threat monitoring, event detection, incident response, investigations, and ongoing improvement of detection and response capabilities.
• Oversee identity security capabilities such as identity and access management, privileged access management, identity governance, Zero Trust initiatives, and privileged access controls.
• Lead cloud and platform security efforts including cloud security architecture, DevSecOps enablement, infrastructure-as-code security, container/runtime security, and cloud governance partnerships.
• Collaborate with enterprise engineering, development, platform, and technology teams to embed security into the software development lifecycle and support secure-by-design delivery.
• Stay current with threat trends and security technology advances, adjusting the organization’s security posture as needed.
• Provide guidance on security best practices, architectural patterns, and risk-based decision making to technology, development, engineering, and business partners.
• Establish a risk-based cybersecurity program aligned to business priorities, regulatory expectations, and evolving risk.
• Oversee IT Risk activities, including security audits, penetration testing, third-party assessments, control validation, and remediation tracking.
• Manage the end-to-end audit lifecycle, including planning, scheduling, execution, findings management, remediation tracking, and reporting.
• Ensure compliance with PCI DSS and ISO 27001, owning audits, control validation, and remediation efforts.
• Oversee annual reporting, regulatory submissions, partner security attestations, and related cybersecurity and information security documentation.
• Drive timely remediation of vulnerabilities, audit findings, control gaps, identity risks, cloud security risks, and security issues across the enterprise.
• Establish and maintain security policies, standards, control frameworks, and governance practices that support business, regulatory, technology, and risk management objectives.
• Implement continuous monitoring, detection, response, and reporting to proactively identify and address security risks.
• Lead ongoing optimization of security technologies, tooling, platforms, and resource utilization to boost effectiveness and reduce cost.
• Promote automation and technology-first solutions to reduce manual work and scale the Cybersecurity and Information Security programs.
• Leverage automation and AI to enhance threat detection, accelerate response, improve risk analysis, strengthen security operations, and scale capabilities.
• Manage security vendor relationships, contracts, service performance, and cost optimization across tools, services, and third-party providers.
• Provide executive-level reporting on security posture, risks, incidents, identity security, cloud security, control effectiveness, remediation progress, and compliance status.
• Develop and manage the Cybersecurity and Information Security budget, including tools, services, staffing, and vendor spend, balancing cost efficiency with program effectiveness.
• Foster business-oriented partnerships across functions to enable and protect key business outcomes and priorities.
• Share knowledge, mentor stakeholders, and educate teams on Cybersecurity and Information Security initiatives, opportunities, risks, and challenges.
• Support professional growth by providing feedback, coaching, and performance development for team members; handle performance appraisals, promotions, and staffing decisions in line with policy.
• Perform additional duties as assigned to meet evolving business needs.

Requirements

• Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or related field; equivalent experience may substitute for education.
• About 12 years of IT experience with substantial leadership in cybersecurity, information security, or related security functions.
• At least 3 years of managerial experience overseeing Security Operations, Security Engineering, IT Risk, Compliance, Identity Security, Cloud Security, DevSecOps, or related areas with decision-making authority.
• CISSP, CISM, or equivalent information security certification.
• Extensive experience managing security technologies, including SIEM, EDR, IAM, PAM, vulnerability management, cloud security, and network security tools.
• Proven work with identity security capabilities such as IAM, PAM, identity governance, Zero Trust, and privileged access controls.
• Experience with cloud and platform security including cloud security architecture, DevSecOps enablement, IaC security, container/runtime security, and cloud governance partnerships.
• Ability to partner with enterprise engineering, development, platform, and technology teams to integrate security into the software development lifecycle and promote secure-by-design delivery.
• Track record of managing audits, penetration testing programs, and enterprise remediation efforts.
• Experience building and operating incident response and investigation capabilities.
• Proven ability to align security programs with business priorities, risk appetite, regulatory requirements, and measurable outcomes.
• Strong experience with PCI DSS and ISO 27001 compliance.
• Demonstrated financial discipline in budgeting, vendor costs, resource utilization, and cost optimization.
• History of building metric-driven security programs with demonstrable improvements in risk posture and operations.
• Commitment to team development, engagement, and ongoing professional growth.
• Proven leadership through change and cross-department initiatives; effective at coordinating multi-team efforts.
• Strong vendor, contract, third-party, service performance, and cost management across security and IT risk functions.
• Ability to manage complex projects in a dynamic, fast-paced environment; strong decision making and negotiation skills.
• Strong ability to influence across the organization, coach, and partner with stakeholders at all levels.
• Ability to communicate complex information clearly to diverse audiences; comfortable presenting to senior leadership.
• Proficiency with Microsoft Office Suite; strong analytical and problem-solving skills to evaluate risk, threats, identity risk, cloud posture, control performance, and compliance.
• Reliable, flexible, and adaptable to shifting priorities and deadlines.
• Excellent interpersonal skills for professional communication with regulators, vendors, customers, and staff.

Technologies

• SIEM, EDR, IAM, PAM, vulnerability management tools
• AWS, Azure, GCP
• Microsoft Office Suite
• GRC platforms

Benefits

• Generous benefits package for full-time employees
• Benefits information available at https://www.marinerfinance.com/careers/benefits/

Hours of Work

• Work hours depend on the business hours of the service region
• Company may adjust the schedule as needed to address business requirements

Physical Demands

• Frequent sitting for extended periods; occasional reaching with hands and arms; speaking and listening requirements
• Occasional movement around the workplace; ability to lift up to 20 pounds occasionally
• Near and distance vision and the ability to adjust focus

EEO

Mariner Finance is an Equal Opportunity Employer and does not discriminate based on race, color, religion, creed, sex, gender, gender identity or expression, marital status, age, national origin, sexual orientation, caregiver status, citizenship, disability, or veteran status. The employee must be able to perform the essential duties of the role.