Chief Information Security Officer

Why join Tipalti

Tipalti is one of the worlds fastestgrowing fintech companies. We free finance professionals to lead by modernizing the entire payables operation. We are a wellfunded latestage startup backed by highprofile investors. Our 2021 Series F funding round raised $270 million valuing us at over $8.3 billion. With total funding of just over $550 million and with more than 5000 global customers Tipalti is one of the most valuable private fintech companies in the world.

At Tipalti we pride ourselves on our collaborative culture the quality of our product and the capabilities of our people. Tipaltians are passionate about the work they do and keen to get the job done. Tipalti oers competitive benefits a flexible workplace career coaching and an environment where diverse individuals can thrive and make an impact. Our culture ensures everyone checks their egos at the door and stands ready to reach for success together.

Founded in Israel in 2010 Tipalti is a global business with approximately 1200 employees. We are headquartered in the San Francisco Bay Area (Foster City) with additional offices in Tel Aviv Plano Toronto Vancouver London Amsterdam and Tbilisi.

About the Role

As Tipaltis Chief Information Security Officer (CISO) you will own and lead all aspects of Information Security for Tipalti. Reporting to the CTO you will lead and manage three teams which are individually responsible for Governance Risk and Compliance Product Security and Security Operations. As CISO you will shape and execute our security strategy and roadmap ensuring trust resilience and compliance at scale. You will grow and lead the security department and work closely with Tipalti leadership to balance business growth with risk management. Externally you will represent Tipalti to customers auditors and regulators reinforcing our commitment to security and trust. Above all you will ensure that our customers data and operations remain secure as we scale.

Overall Security Governance Strategy

• Define and execute the companywide security strategy and roadmap
• Align security initiatives with Tipaltis business objectives and risk appetite
• Report on security posture to company executives and te board

Security Operations

• Infrastructure Security Collaborate with DevOps and IT teams to secure our infrastructure and cloud environment
• Endpoint Security Protect employee devices and access points
• SaaS Security Monitor and secure thirdparty SaaS applications
• Data Loss Prevention Implement controls to prevent unauthorized data access sharing and exfiltration across systems and endpoints
• Identity and Access Management Manage the companys access policy and controls
• Threat Detection & Incident Response Establish SIEM threat intelligence and forensic capabilities
• Incident Response Respond to security events conduct investigations and lead mitigation efforts

GRC (Governance Risk and Compliance)

• Risk Management & Assessments Perform regular risk assessments on Tipaltis systems processes and infrastructure and drive mitigation plans
• Certifications & Compliance Maintain compliance with SOC 2 ISO 27001 DORA NYDFS and other regulations
• Audits & Regulatory Compliance Lead security audits manage interactions with external auditors government agencies and regulatory bodies
• ThirdParty & Vendor Security Assessments Conduct security evaluations of vendors and partners to ensure data protection standards are met
• Security Policies & Frameworks Maintain and enforce companywide security policies ensuring crossfunctional adoption

Product Security

• Secure Software Development Lifecycle (SSDLC) Integrate security into our development processes shift left on security through the entire product lifecycle
• Application Security & Penetration Testing Manage the product security posture oversee regular penetration tests and drive vulnerability remediation
• API & Data Security Secure API endpoints implement bestpractices and data protection controls
• Privacy & Compliance by Design Ensure compliance with privacy regulations (GDPR CCPA etc. in product development
• Customer Assurance & Trust Manage security reviews customer security questionnaires and trust center

Security Culture & Leadership

• Lead and build the security team
• Create and roll out periodic security awareness training programs for employees
• Maintain a securityfirst culture through awareness programs phishing simulations and ongoing education
• Partner with business units across Engineering IT Legal Compliance and Operations to embed security across all functions

About You

• Bachelors degree in Computer Science Information Security or a related field (Masters or MBA is a plus)
• Professional certifications such as CISSP CISM CISA are strongly preferred.
• 15 years of experience in Information Security Cybersecurity or similar roles
• 3 years as a CISO or senior security leader in a fastgrowing organization
• Experience securing SaaS solutions in cloud environments (AWS Azure GCP) strong advantage
• Strong background in web application security (OWASP Top 10 DevSecOps and SSDLC
• Handson experience with cybersecurity incident response forensics and crisis management
• Familiarity withencryption data protection privacy regulations (GDPR CCPA PCIDSS SOC 2 ISO 27001 etc.
• Strong communication skills in both English and Hebrew ability to convey security risks to technical and nontechnical stakeholders
• Business and dataoriented mindset able to present security considerations in a structured datadriven way that enables informed business decisions
• Ability tostay ahead of emerging cybersecurity threats trends and compliance requirements