VP of Cybersecurity & Information Security

This senior leadership position combines strategic vision with hands-on oversight, delivering a metric-driven program that elevates the organization’s security posture and resilience in a fast-paced financial services environment.

Responsibilities

• Provide strategic direction and day-to-day leadership for Cybersecurity and Information Security, including Security Engineering & Operations and IT Risk & Compliance.
• Advise senior leadership on strategic and operational security matters, influencing decisions and driving proactive initiatives to strengthen risk management, regulatory compliance, and business resilience.
• Develop and execute security strategies aligned with business goals and the evolving threat landscape.
• Build and operate a metrics-driven security organization with KPIs spanning risk reduction, control effectiveness, incident response, identity security, cloud security, and compliance posture.
• Oversee security engineering teams responsible for platforms, tooling, architecture, and integrations across endpoint, network, cloud, identity, and platform environments.
• Manage security operations, including threat monitoring, event detection, incident response, investigations, and continuous improvement of detection capabilities.
• Oversee identity security programs covering IAM, privileged access management, identity governance, Zero Trust initiatives, and privileged access controls.
• Direct cloud and platform security efforts, including cloud security architecture, DevSecOps enablement, infrastructure-as-code security, container/runtime security, and cloud governance partnership.
• Partner with enterprise engineering, development, platform, and technology teams to integrate security into the software development lifecycle and promote secure-by-design delivery.
• Stay current on threat trends and security technologies, adapting the program to address emerging risks.
• Advise technology, development, engineering, and business partners on security best practices, architectural patterns, and risk-based decision-making.
• Establish a risk-based cybersecurity program aligned to business priorities and regulatory expectations.
• Oversee IT Risk functions, including audits, penetration testing, third-party assessments, control validation, and remediation tracking.
• Manage the end-to-end audit lifecycle, from planning to remediation reporting.
• Ensure PCI DSS and ISO 27001 compliance with ownership of audits, control validation, and remediation efforts.
• Oversee annual reporting, regulatory submissions, partner security attestations, and related cybersecurity documentation.
• Drive timely remediation of vulnerabilities, audit findings, control gaps, identity risks, and cloud security risks across the enterprise.
• Establish and maintain security policies, standards, control frameworks, and governance practices that support business and regulatory objectives.
• Implement continuous monitoring, detection, response, and reporting to proactively address risks.
• Lead optimization of security technologies, tooling, and platforms, with a focus on automation and cost efficiency.
• Leverage automation and AI to enhance threat detection, accelerate response, and scale security capabilities.
• Manage security vendor relationships, contracts, performance, and cost optimization across tools and third-party providers.
• Provide executive-level reporting on security posture, incidents, identity and cloud security, controls, remediation progress, and compliance status.
• Develop and manage the Cybersecurity and Information Security budget, balancing tools, services, staffing, and vendor spend.
• Foster business-focused partnerships across functions to enable secure outcomes and protect business priorities.
• Mentor stakeholders and support professional development within the security organization.
• Perform managerial duties including performance appraisals, goal setting, promotions, and staffing within policy and budget constraints.
• Perform additional duties as needed to support evolving business needs.

Requirements

• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field; equivalent experience may be considered.
• Twelve (12) years of IT experience with substantial leadership in cybersecurity or information security functions.
• Three (3) years of managerial experience directing Security Operations, Security Engineering, IT Risk, Compliance, Identity Security, Cloud Security, or DevSecOps.
• CISSP, CISM, or equivalent information security certification.
• Extensive experience managing security technologies including SIEM, EDR, IAM, PAM, vulnerability management, cloud security tools, and network security tools.
• Proven expertise with identity security capabilities, including IAM, PAM, identity governance, Zero Trust, and privileged access controls.
• Experience with cloud and platform security, DevSecOps enablement, IaC security, container/runtime security, and cloud governance.
• Ability to partner with engineering and development teams to integrate security into the SDLC and secure-by-design delivery.
• Experience managing audits, penetration testing programs, and enterprise remediation efforts.
• Experience building incident response and investigation capabilities.
• Track record of aligning cybersecurity programs with business priorities, risk appetite, and regulatory requirements, delivering measurable outcomes.
• Strong familiarity with PCI DSS and ISO 27001 compliance.
• Financial discipline in budgeting, vendor costs, and resource utilization.
• History of building metric-driven programs with measurable risk posture improvements.
• Leadership in talent development and performance management.
• Ability to lead through change and drive cross-department collaboration.
• Experience managing vendors, contracts, and third parties across security and IT risk functions.
• Strong multitasking ability in a dynamic environment with complex projects.
• Decisive and persuasive decision-making with strategic influence.
• Ability to build relationships, mentor, and partner across the organization.
• Excellent communication skills and the ability to explain complex concepts to diverse audiences.
• Proficiency with Microsoft Office.
• Analytical problem-solving skills to assess risk, threat trends, identity risk, cloud posture, controls, and compliance impacts.
• Reliable, flexible, and adaptable to changing priorities and timelines.
• Strong interpersonal skills for professional interaction with regulators, vendors, customers, and staff.

Technologies

• SIEM, EDR, IAM, PAM, vulnerability management, cloud security tools, DevSecOps, infrastructure-as-code security, container/runtime security, Zero Trust, AWS, Azure, GCP

Benefits

All full-time employees are provided with a generous benefits package in addition to monetary compensation.

Hours of Work

Work hours will depend on the business hours of the time zone serviced. To the extent permitted by law, the Company may, in its sole discretion, change the work schedule to address business needs.

Physical Demands

The role requires extended periods of sitting, occasional lifting up to 20 pounds, and standard visual and auditory requirements; some movement may be needed.

EEO

Mariner Finance is an Equal Opportunity Employer and prohibits discrimination on the basis of race, color, religion, creed, sex, gender, gender identity or expression, marital status, age, national origin, sexual orientation, familial or caregiver status, citizenship status, or veteran or disability status. The employee must be able to perform the essential functions of the role.