About the roleInvestCloud is seeking an experienced Chief Product & Information Security Officer (CPISO) to lead the company's global information security strategy, governance, risk management, and incident response capabilities. Uniquely, this role carries explicit ownership of the security of InvestCloud's software products - ensuring that security is embedded by design across the full product development lifecycle, from architecture through to client delivery.
The CPISO will partner closely with executive leadership, Product, and Engineering teams, as well as cross-functional stakeholders, to protect InvestCloud's systems, data, and clients while enabling the business to scale securely.
Key responsibilities - Define and lead the enterprise information security strategy, policies, standards, and controls - spanning both corporate infrastructure and InvestCloud's software product suite
- Own product security across the full software development lifecycle (SDLC), including secure design principles, application security testing, vulnerability management, and secure-by-default standards for all client-facing products
- Partner with Product and Engineering leadership to embed security requirements into product roadmaps, architecture reviews, and release processes
- Oversee security operations, incident response, and the ongoing development of the company's incident response programme and CSIRT
- Provide regular security reporting, metrics, and risk updates to executive leadership and governance forums, including product-specific security posture
- Drive security, regulatory, and audit readiness across the organisation, including compliance with relevant financial services and data protection frameworks
- Partner with Technology, Legal, Compliance, Privacy, and Business leaders to ensure security requirements are embedded into operations and decision-making
- Lead and develop a high-performing security team - encompassing both product security and information security disciplines - and ensure the function is appropriately resourced
- Evaluate emerging threats, manage cyber risk, and strengthen security capabilities across cloud, platforms, data, product, and third-party environments
Qualifications - Significant leadership experience in information security, cybersecurity, or related disciplines, including a senior security leadership role with a clear track record of influencing executive-level decision-makers
- Demonstrated experience in product or application security, with a strong understanding of secure SDLC practices, application security (SAST/DAST/SCA), and DevSecOps
- Strong knowledge of security governance, security operations, incident response, risk management, identity and access management, and regulatory compliance
- Demonstrated ability to communicate effectively with executive stakeholders, boards, auditors, clients, and technical teams
- Experience building and leading security programmes in complex, regulated, and technology-enabled environments - ideally within financial services or enterprise software
- Strong judgment, credibility, and the ability to balance risk management with business enablement and product velocity
- Bachelor's degree required; advanced degree or relevant certifications (e.g. CISSP, CISM, CSSLP) preferred
The actual salary will vary based on applicant's education, experience, skills, and abilities, as well as internal equity and alignment with market data. The salary may also be adjusted based on the applicant's geographic location. Salary range: $350,000 - $375,000. Benefits include medical/Rx, dental, vision, disability, and life/AD&D insurance plans, Flexible Savings Account (FSA), Health Savings Account (HSA), Employee Assistance Plan (EAP), health advocacy, voluntary ancillary plans (accident, critical illness, hospital indemnity, legal, identity theft, auto/home, and pet insurance), 401(k) retirement savings plan with company match, and paid time off.
#LI-BH1