CISO , NY, Remote

Position: CISO New York, NY, Remote Location: New York

About the Company

Rain makes the next generation of payments possible across the globe. We’re a lean and mighty team of passionate builders and veteran founders. Our infrastructure makes stable coins usable in the real-world by powering card transactions, cross-border payments, B2B purchases, remittances, and more. We partner with fintechs, neobanks, and institutions to help them launch solutions that are global, inclusive, and efficient. You will have the opportunity to deliver massive impact at a hypergrowth company that is funded by some of the top investors in fintech, crypto, and SaaS, including Sapphire Ventures, Norwest, Galaxy Ventures, Lightspeed, Khosla, and several more. If you’re curious, bold, and excited to help shape a borderless financial future, we’d love to talk. Our Ethos We believe in an open and flat structure. You will be able to grow into the role that most aligns with your goals. Our team members at all levels have the freedom to explore ideas and impact the roadmap and vision of our company. What You’ll Do As CISO, you will own Rain’s security governance, risk, and compliance strategy , with a particular focus on ISO certification and regulatory readiness , while partnering closely with engineering, infrastructure, legal, and operations teams.

• Own and drive Rain’s information security and compliance strategy

, with a primary focus on ISO 27001 (and related standards) readiness, certification, and ongoing maintenance

• Serve as the executive owner for security compliance programs (e.g., ISO 27001, SOC 2, vendor risk, customer security reviews)
• Design, implement, and continuously improve Rain’s security governance framework

, including policies, standards, and risk management processes

• Partner closely with Engineering, Infrastructure, Product, Legal, and Operations to embed compliance and security requirements into technical and business workflows
• Lead and manage external audits, certifications, and assessments

, acting as the primary point of contact for auditors and assessors

• Translate regulatory, customer, and partner security requirements into practical, scalable controls that align with Rain’s architecture and operating model
• Own the risk management lifecycle

, including risk identification, assessment, prioritization, and executive reporting

• Establish and track security and compliance metrics

, reporting posture, progress, and risk to executive leadership and the board as needed

• Oversee incident response governance

, ensuring policies, playbooks, and escalation paths meet compliance and regulatory expectations You Are Likely to Succeed If You Have

• 8–12+ years of experience in information security, GRC, or security leadership roles, with demonstrated ownership of compliance programs
• Hands‑on experience leading ISO 27001 certification efforts (initial certification and/or ongoing surveillance audits)
• Experience operating as a security leader in a high‑growth, technology‑driven company, ideally in fintech, payments, or regulated environments
• Strong understanding of security governance, risk management, and control frameworks (ISO 27001/27002, SOC 2, NIST, etc.)
• Proven ability to partner effectively with engineering and technical teams to implement controls in cloud‑native and application‑driven environments
• Experience managing third‑party risk

, customer security questionnaires, and enterprise security reviews

• Ability to clearly communicate risk, tradeoffs, and priorities to executives and non‑technical stakeholders

Bonus Attributes (Nice-to-Haves)

• Experience with additional frameworks such as SOC 2 Type II, PCI DSS, ISO 22301

, or regional regulatory requirements

• Prior experience acting as a first or early security leader at a scaling company
• Familiarity with cloud security and modern application architectures

, even if not hands‑on day‑to‑day

• Experience supporting global customers or international compliance requirements
• Security or compliance certifications (e.g.,

CISSP, CISM, ISO 27001 Lead Implementer / Auditor )

• Experience presenting security posture or risk assessments to boards or executive committees

Things that enable a fulfilling, healthy and happy experience at Rain Unlimited time off Unlimited… Apply tot his job Apply To this Job