Position Overview:

At SmartBiz, security is a critical pillar of who we are and how we operate. As our Chief Information Security Officer you will lead our information security strategy and initiatives. This will require assessing, recommending, designing, and improving our security solutions and processes. You will help drive the focus on the issues that matter and can see through the noise of all of the potential areas to focus. You’ll continue to build out a maturity model for security improvements partnering across the company to drive security best practices into the core operating model of the company.

While security is critical to our success, we also expect our CISO to take a pragmatic approach, balancing robust protection with the right level of process for the size, complexity, and growth stage of SmartBiz..

You can span the spectrum of presenting security topics to the team members and in the next moment level it up to present to the board on the status of our security program and roadmap. You understand the complexities of operating in a regulated industry and the requirements of governance and risk management associated with operating in such an environment.

You know what good looks like for a security organization. You bring that vision to SmartBiz for our security program with a passion to roll up your sleeves to get things done while also partnering closely with the rest of the technical leadership to establish a roadmap aimed at leveling up the organization by establishing security as a core tenet from IT Systems and Tools to Engineering secure SDLC.

You must be highly technical and adaptable to the rapid pace of development and delivery in a small but evolving company. The most successful leaders here are comfortable working with minimal supervision, are innovative, thoughtful, and can prioritize and effectively communicate complex issues.

How You Will Make An Impact:

• Be a critical member of the Product Development and Technology leadership team driving overall strategy and implementation of security processes, procedures, and governance through a combination of preventive and detective controls and policies in a cloud environment
• Present on the status and roadmap for infosec to Leadership and the Board primarily via the Management Risk and Compliance Committee and the Board Audit and Risk Committee
• Function in a DevSecOps capacity working closely with engineering and infrastructure teams to support and implement security at every level of the stack
• Work with operations teams to implement intrusion detection and prevention processes, techniques, and solutions
• Implement security architecture, methods, and controls required to meet security, compliance, and audit requirements
• Respond to, and when appropriate, resolve or escalate security incidents
• Develop and maintain documentation for security systems and procedures
• Lead the security training for the company ensuring the organization is prepared to deal with the potential threats the company may face

Who You Are:

• Experience with setting long term strategy for information security programs and successfully implementing those programs in a highly regulated industry
• Able to codify the information security program into policies that establish a clear framework to drive the company’s security related behaviors
• Deep knowledge of auditing and securing IT and Engineering Systems
• You are a player coach at heart, able to lead teams, but valuing being hands on - in the near term this role will not directly manage security engineers, but could in the future
• Strong technical background and a track record for being able to learn new technologies and domains in the ever evolving landscape of technology and its related security considerations
• Able to partner with all functions of the company, but especially adept at collaborating with Product, Engineering, and DevOps teams to utilize shared capacity for maximum impact
• Experience managing and supporting critical Developer infrastructure and secure SDLC
• Understanding of Application Security principles, SAST, DAST, and web application vulnerabilities such as OWASP Top 10, their risk, and remediations
  

Opportunities & Benefits at SmartBiz Bank

Join a mission-driven team that’s reimagining small business banking. At SmartBiz Bank, we’re building the future of financial access — empowering entrepreneurs to thrive while creating meaningful careers for our people.

What We Offer:

• Shape the future of small business banking — help drive innovation and financial inclusion for business owners nationwide.
• Competitive compensation — including salary, performance-based incentives (for certain roles), and equity participation in a fast-growing financial institution.
• Comprehensive benefits — 100% employer-paid medical, dental, and vision insurance for employees, spouses, and dependents. 100% employer-paid life and disability insurance, and an employee funded 401(k) retirement plan.
• Time to recharge — a flexible vacation policy designed to promote rest, balance, and well-being.
• Inclusive, people-first culture — guided by our values of empathy, excellence, and bold innovation, with equal opportunities for all.

-- SmartBiz Bank is an Equal Opportunity employer and proud to provide equal employment opportunity to all job seekers without regard to any status protected by applicable law. California residents can learn more about how we use your information by visiting https://sites.google.com/view/smartbizloans-employment-ccpa