Candescent is the leading cloud-based digital banking solutions provider for financial institutions. We are transforming digital banking with intelligent, cloud-powered solutions that connect account opening, digital banking, and branch experiences for financial institutions. Our advanced technology and developer tools enable seamless, differentiated customer journeys that elevate trust, service, and innovation. Success here requires flexibility in a fast-paced environment, a client-first mindset, and a commitment to delivering consistent, reliable results as part of a performance-driven, values-led team. With team members around the world, Candescent is an equal opportunity employer.

Role Overview

As we expand our fintech ecosystem, AI capabilities, and security offerings, we are seeking a Chief Information Security Officer (CISO) to lead enterprise security, compliance, and trust — while shaping the future of identity, fraud detection, and platform-level defense across our products.

The Chief Information Security Officer (CISO) reports directly to the Chief Technology Officer (CTO) and serves as a core member of the Technology Leadership Team. This executive will define and execute Candescent’s enterprise-wide security, compliance, and risk management strategy, ensuring regulatory alignment (FFIEC, SOC2, ISO 27001, PCI-DSS), securing the company’s AI- and API-first platform, and advancing product-embedded identity and fraud detection capabilities. The CISO will partner across Product, Engineering, and AI teams to ensure security, trust, and compliance are foundational to Candescent’s platform and customer experience.

Key Responsibilities

Security & Compliance Leadership

• Lead enterprise-wide information security strategy and governance aligned to FFIEC, GLBA, NIST CSF, SOC2, ISO 27001, PCI-DSS, and GDPR.
• Manage regulatory relationships and ensure audit readiness with customers, regulators, and independent assessors.
• Define and monitor security risk metrics, dashboards, and board-level reporting.
• Partner with Legal, Risk, and Compliance teams to maintain proactive adherence to evolving banking and fintech regulations.

Product, Platform, and API Security

• Build and mature Secure SDLC practices integrating SAST/DAST, dependency scanning, and threat modeling.
• Lead a comprehensive API Security program addressing authentication, authorization, token management, rate limiting, payload inspection, and anomaly detection.
• Secure Open Banking and Fintech APIs, ensuring compliance with data security and privacy standards.
• Oversee penetration testing and bug bounty programs, emphasizing API and data-layer resilience.
• Collaborate with Product and Engineering to ensure secure-by-design principles are applied to all services, including microservices deployed in GCP and AWS.
• Embed fraud detection and identity protection mechanisms — such as device fingerprinting, behavioral analytics, and AI-based anomaly detection — directly into platform and product architectures.

Identity, Fraud Detection & Trust

• Oversee the architecture, compliance, and integrity of Candescent’s Identity and Fraud Detection products.
• Partner with Product and Engineering to enhance fraud prevention models and partner integrations for fraud detection.
• Establish governance and controls around customer identity data protection, in compliance with privacy frameworks.

AI Governance & Responsible AI

• Define and implement AI security and compliance frameworks covering model and AI tooling development, deployment, and monitoring.
• Partner with Candescent AI Labs to secure AI pipelines and defend against prompt injection, model inversion, and data leakage.
• Lead Responsible AI initiatives, aligning with regulatory guidance and customer expectations.
• Serve as an executive sponsor for AI risk management, bridging security, ethics, and compliance.

Cloud & Infrastructure Security

• Oversee identity and access management (IAM), encryption, key management (KMS), and Zero Trust Architecture across hybrid environments.
• Lead incident response, root cause analysis, and business continuity exercises.
• Collaborate with SRE and Platform teams to strengthen resiliency, observability, and reliability in production systems.

Fintech Ecosystem & Third-Party Risk

• Govern security and compliance for fintech integrations, payment networks, and core banking partners.
• Strengthen and lead a Vendor Risk Management (VRM) and Third-Party Assurance program.
• Engage directly with customer CISOs, auditors, and regulatory stakeholders to communicate Candescent’s security posture and roadmap.
• Ensure all third-party integrations meet FFIEC and GLBA security requirements.

Qualifications

• 15+ years in Information Security, including 5+ years in a CISO or senior security leadership role in financial services, fintech, or SaaS.
• Bachelor's degree in a relevant field such as computer science, information technology, or cybersecurity,
• Deep expertise in API Security, Cloud Security, Product Security, and Identity/Fraud Detection systems.
• Proven experience implementing FFIEC-aligned compliance frameworks and managing regulatory engagements.
• Hands-on familiarity with AI/ML security, data protection, and DevSecOps practices.
• Strong understanding of financial data privacy, Open Banking standards, and API threat prevention.
• Certifications such as CISSP, CISM, CCSP, or CRISC preferred.

Leadership Attributes

• Strategic and execution-focused; able to bridge compliance rigor with agile innovation.
• Strong collaborator with the CTO, CPO, and Engineering leadership to embed trust and security into the product DNA.
• Credible communicator with regulators, boards, and financial institution CISOs.
• Passionate about advancing AI-enabled security and fraud detection as differentiators in digital banking.

Why Join Candescent

• Report directly to the CTO and help define security and compliance strategy for a market-leading fintech platform.
• Build and scale AI-driven identity and fraud detection capabilities powering trust across our digital banking ecosystem.
• Lead a modern, API-first, multi-cloud security organization that enables secure innovation at scale.
• Influence the future of AI, security, and compliance in the financial technology industry.

Statement to Third Party Agencies
To ALL recruitment agencies: Candescent only accepts resumes from agencies on the preferred supplier list. Please do not forward resumes to our applicant tracking system, Candescent employees, or any Candescent facility. Candescent is not responsible for any fees or charges associated with unsolicited resumes.