Chief Information Security Officer (CISO)

Company Description

Achieve is a leading digital personal finance company. We help everyday people move from struggling to thriving by providing innovative, personalized financial solutions. By leveraging proprietary data and analytics, our solutions are tailored for each step of our member's financial journey to include personal loans, home equity loans, debt consolidation, financial tools and education. Every day, we get to help our members move their finances forward with care, compassion, and empathetic touch. We put people first and treat them like humans, not account numbers.

Since 2002, Achieve has grown into one of the largest private consumer fintech unicorns in the U.S., with over $40B in enrollments for our industry-leading, tech-enabled debt resolution services business, and over $11Bn in personal and home loans originations via our banking-as-a-service partner.

Job Description

The Chief Information Security Officer (CISO) is responsible for establishing and executing the enterprise cybersecurity strategy for a high-growth, private fintech company operating in a highly regulated, cloud-first environment. As a forward-thinking technology and business leader, you recognize cybersecurity and artificial intelligence as strategic business enablers. You will partner across technology, product, legal, compliance, and operations to protect customer trust, enable secure innovation, and support the business future direction. Operating effectively at both the Senior Leadership Team/Board and operational levels, you will scale a mature, risk-based security program to align with regulatory expectations, investor scrutiny, and rapid fintech growth.

Key Responsibilities

Executive Leadership & Strategy

• Define and execute a multi-year, enterprise-wide cybersecurity strategy aligned with business objectives and future growth.
• Serve as a trusted primary security advisor to executive leadership, the Board of Directors, regulators, and external partners.
• Translate cyber risk into business impact and build a modern, metrics-driven, risk-based security organization focused on enablement, automation, and measurable risk reduction.
• Know when a regulated corporate governance function becomes the mainstay of the organization.

Governance, Risk & Compliance (GRC) & Public Company Readiness

• Knowledge and Oversight of SEC expectations and Sarbanes-Oxley Act (SOX) ITGCs processes.
• Direct enterprise security governance aligned to critical fintech regulatory obligations, including PCI DSS 4.0, SOC 1/SOC 2, GLBA, FFIEC guidance, and state privacy regulations.
• Develop and maintain board-level reporting and risk disclosures, while partnering with Legal, Finance, and Audit on cyber risk governance.
• Oversee enterprise risk management, third-party vendor security, and continuous audit readiness across frameworks such as NIST and ISO 27001.

Security Operations, Cloud & Product Security

• Oversee the Security Operations Center (SOC), incident response, threat detection, digital forensics, and vulnerability management.
• Drive robust cloud security posture and strategy across AWS, Azure, and/or GCP environments.
• Partner with Engineering and Product to embed secure-by-design and DevSecOps principles across the software development lifecycle (SDLC).
• Lead enterprise identity and access management (IAM) strategy, Zero Trust architecture, and data protection programs to safeguard customer financial data.
• Be the Trust Center customers need to know their data is secure.

AI Security, Governance & Innovation Strategy

• Serve as the executive sponsor for the secure, responsible, and business-aligned adoption of AI and machine learning technologies.
• Establish enterprise, controls, and guardrails to assess and manage AI risks, including data leakage, prompt injection, intellectual property protection, and model bias.
• Partner with engineering to enable secure AI innovation that enhances operational efficiency, fraud detection, and customer experience.
• Drive modernization leveraging AI-driven security operations, automation, and predictive threat detection.
• Guide the organization on its journey of AI advancements with a security mindset.

Team Leadership, Culture & Customer Engagement

• Build, mentor, and retain high-performing cybersecurity teams, fostering a culture of accountability and continuous improvement.
• Drive a shift from reactive compliance mindset to a proactive risk-management framework that enables business velocity and product innovation.
• Champion a security-first culture across engineering and business teams, balancing security rigor with business velocity.
• Act as the executive security lead during customer due diligence, strategic partnerships, and regulator interactions.

Qualifications

Required Experience & Competencies

• 12+ years of progressive cybersecurity leadership experience, including CISO or equivalent senior leadership responsibilities.
• Proven track record in fintech, financial services, and/or highly regulated environments.
• Technical expertise in cloud security architecture, DevSecOps, IAM, and modern attack vectors.
• Extensive experience with compliance and risk management frameworks (PCI DSS 4.0, SOC 2, NIST CSF, ISO 27001, GLBA).
• Demonstrated experience securing AI/ML systems or emerging technologies, including understanding AI-driven cyber risks.
• Experience building a defensible security posture that withstands external institutional audits and future investment events.
• Strong executive presence and communication skills, with extensive experience presenting to Boards of Directors and executive teams.
• Strategic thinker with strong operational execution capabilities and the ability to manage cyber crisis events and incident response.

Preferred Qualifications

• Proven experience with regulated corporate governance functions.
• Familiarity with M&A security integration and scaling.
• Experience governing enterprise AI programs and familiarity with frameworks like the NIST AI Risk Management Framework (AI RMF) and ISO/IEC 42001 7.
• Certifications such as CISSP, CISM, or CRISC.

Additional Information

All your information will be kept confidential according to EEO guidelines.

Achieve well-being with:

• 401 (k) with employer match
• Medical, dental, and vision with HSA and FSA options
• Competitive vacation and sick time off, as well as dedicated volunteer days
• Access to wellness support through Employee Assistance Program, physical and mental health wellness programs
• Pet care discounts for your furry family members
• Financial support in times of hardship with our Achieve Care Fund
• A safe place to connect and a commitment to diversity and inclusion through our six employee resource groups

We are proudly offering hybrid options in the Phoenix, AZ and San Francisco, CA metro markets.


Salary Range: $275,000 - $305,000 + bonus + equity + benefits.


This information represents the expected salary range for this role. Should we decide to make an offer for employment, we'll consider your location, experience, and other job-related factors.

Join Achieve, change the future.

At Achieve, we're changing millions of lives.
From the single parent trying to catch up on bills to the entrepreneur needing a loan for the next phase of growth, you'll get to be a part of their journey to a better financial future. We're proud to have over 3,000 employees in mostly hybrid and 100% remote roles across the United States with hubs in Arizona, California, and Texas. We are strategically growing our teams with more remote, work-from-home opportunities every day to better serve our members. A career at Achieve is more than a job-it's a place where you can make a true impact, have a sense of belonging, establish a fulfilling career, and put your well-being first.

Attention Agencies & Search Firms: We do not accept unsolicited candidate resumes or profiles. Please do not reach out to anyone within Achieve to market your services or candidates. All inquiries should be directed to Talent Acquisition only. We reserve the right to hire any candidates sent unsolicited and will not pay any fees without a contract signed by Achieve's Talent Acquisition leader.

#LI-KV1

Videos To Watch