Head of Information Security

Smarkets

$130K — $200K *
Finance & Insurance
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 7+ years of experience in senior-level information security, preferably in financial services or regulated sectors.
  • Proven track record in leading cybersecurity, compliance, and resilience initiatives in high-risk environments.
  • Strong knowledge of CFTC guidelines, particularly Core Principle 20 and associated regulations.
  • Experience in security assessments, incident response, compliance audits, and disaster recovery programs.
  • Ability to manage relationships with engineering teams across different locations.
  • In-depth understanding of security frameworks and secure software development practices.
  • Excellent communication skills for executive and regulatory engagement.

Responsibilities

  • Define and implement the DCM's information security vision and strategy aligning with CFTC principles.
  • Lead risk management efforts to identify vulnerabilities and mitigate cyber threats across technology assets.
  • Establish and enforce security controls across infrastructure and software development processes.
  • Oversee the incident response framework for managing security events and recovery.
  • Direct disaster recovery programs ensuring operational continuity during disruptions.
  • Prepare documentation and logs for CFTC compliance audits.
  • Serve as the lead for cybersecurity audits and technology compliance, briefing the CEO and management regularly.

Benefits

  • 25 days of annual leave plus public holidays.
  • 401(k) with 100% match on first 6% of salary.
  • Private medical insurance reimbursement.
  • Performance bonus potential up to 25% of base salary.
  • Equity options through share scheme.
  • Annual $1,000 professional development budget.
  • Work From Anywhere policy for up to 20 days per year.
Full Job Description
CFTC-Regulated Business Unit (DCM)

Location: Chicago, IL. Fully remote to start, transitioning to 3 days/week in office.

The Role

This is a senior security leadership role sitting within our CFTC-regulated business unit, responsible for the information security, cybersecurity, and operational resilience of our Designated Contract Market (DCM). You will design and enforce the policies and controls that protect the confidentiality, integrity, and availability of our critical systems and data, in alignment with Core Principle 20 (System Safeguards) under 17 CFR a7 38.1050 et seq. This is a founding build: our licensing applications are in-flight and you will stand up the security programme through to go-live, then operate and mature it as the business scales. You will lead efforts to identify and mitigate cyber and physical threats, coordinate incident response, and ensure the DCM can continue operating under stress, working closely with engineering, risk, and compliance, including our UK-based teams, to embed security across the software development life cycle and infrastructure. You will work directly with the CEO and senior management, with the support of the Smarkets UK team behind you.

About You
  • Senior security leader with 7+ years of senior-level information security experience, ideally within financial services, exchange infrastructure, or critical regulated systems.
  • Demonstrated leadership in implementing cybersecurity, compliance, and resilience programmes in high-risk environments.
  • Deep familiarity with CFTC expectations around system safeguards, including Core Principle 20 and 17 CFR a7 38.1050 et seq.
  • Direct experience with security and risk assessments, incident response planning and execution, cybersecurity compliance audits (internal or regulatory), and disaster recovery and business continuity programmes.
  • Experience managing or working with geographically distributed engineering and infrastructure teams.
  • Strong understanding of security frameworks and secure software development practices.
  • Excellent communication and reporting skills, including for executive and regulatory audiences.


Responsibilities
  • Define and implement the DCM's information security vision, strategy, and programme, consistent with CFTC Core Principle 20 and industry-aligned best practice.
  • Lead risk identification, vulnerability management, and cyber threat mitigation across all DCM technology assets.
  • Ensure the design and enforcement of security controls across infrastructure, software development, vendor relationships, and end-user operations.
  • Own the incident response framework, including procedures for detection, containment, reporting, recovery, and root cause analysis.
  • Direct the business continuity and disaster recovery programmes, ensuring systems and teams can operate during disruption.
  • Prepare and maintain system safeguards documentation, audit logs, penetration tests, and other evidence for CFTC oversight and examinations.
  • Serve as the executive lead for cybersecurity audits, control testing, and CFTC technology compliance.
  • Collaborate with engineering, DevOps, product, and risk to ensure secure-by-design development and deployment, including across UK-based teams.
  • Regularly brief the CEO and senior management on security posture, threats, incidents, and risk levels.


Desirable Attributes
  • Personal interest in sports, exchanges, or trading
  • Experience securing exchange, clearing, or trading infrastructure.
  • Relevant certifications such as CISSP, CISM, or equivalent.
  • Familiarity with event contracts, prediction markets, or similar novel futures products and their treatment under the CFTC framework.
  • Experience engaging directly with regulators or examiners on technology and system safeguards.


Our Values
  • Push to win
  • Make others better
  • Give a shit
  • Be a pro
  • Bring the energy


Our values are at the heart of everything that we do. We believe these are the fundamentals to ensure we are delivering what's expected of us in the best way possible for ourselves and for those around us.

Compensation and Benefits

Base salary range: $130,000 to $200,000 USD per year. The actual offer within this range will depend on experience, qualifications, and other job-related factors.

We have designed our benefits offering around Health, Wealth, Lifestyle and Development. From day one you will receive:
  • 25 days' annual leave, plus public holidays.
  • 401(k) plan: Smarkets matches 100% of employee contributions up to the first 6% of salary. Participation is voluntary, with automatic enrolment at a default contribution rate of 6% unless you select an alternative rate or choose to opt out.
  • Private medical insurance: a monthly reimbursement towards the private health insurance plan of your choice.
  • Performance bonus of up to 25% of base salary.
  • Equity via share options scheme.
  • Annual professional development budget of $1,000 for conferences, training, courses, books, and other learning opportunities.
  • Work From Anywhere: up to 20 days per year (pro-rated) to work remotely from locations around the world.


Additional Information
  • This role is offered subject to satisfactory background screening and, where applicable, CFTC fitness and eligibility requirements.
  • We use Ashby, our applicant tracking system, to manage applications, and AI-assisted tools may be used to support parts of our recruitment process. Applications are reviewed by our team, and hiring decisions are made by people rather than by automated tools.

Similar Jobs

More Jobs at Smarkets

More Finance & Insurance Jobs

Find similar Head of Information Security jobs: