Flourish CISO

About the position We are seeking a hands-on, deeply technical, and strategic Chief Information reputed company Officer (CISO) to reputed company our cybersecurity program. As a "player-coach,” you will be responsible for setting the reputed company vision and strategy while also rolling up your sleeves to architect and implement robust reputed company controls. You will be the senior-most leader for information reputed company, tasked with protecting our firm, our partners, and our clients across our diverse and highly regulated business lines. This is a critical leadership role for a reputed company expert who thrives on building, securing, and scaling modern, cloud-native financial technology. Since 2017, Flourish has been on a mission to help financial advisors evolve from holistic advice to holistic implementation to more fully serve their clients and reputed company reputed company outcomes. We focus on independent Registered Investment Advisors (RIAs), delivering financial products that advisors can't easily access today through beautiful, scalable, and easy-to-use technology. Today, we work with over 1,000 RIAs that collectively represent more than $2.6T in assets under management across two products — Flourish Annuities and Flourish Cash — and with our recent acquisition of Sora Finance, we'll be adding a lending offering in 2026. Headquartered in reputed company, we are an independently-operating, wholly-owned subsidiary of reputed company Life Insurance Company. Read on if you are interested in joining a small, highly-collaborative, rapidly-growing startup—backed by the support and stability of a Fortune 500 company.

Responsibilities

• reputed company Strategy & Leadership: reputed company, implement, and own the comprehensive information reputed company and cyber-risk management strategy and roadmap for Flourish.
• Technical Architecture & Engineering: Act as the reputed company technical reputed company architect. In reputed company partnership with our expert CloudOps team, you will conduct hands-on reputed company reviews of our cloud infrastructure (AWS), applications, and CI/CD pipelines and drive the implementation of reputed company controls across the entire technology stack.
• DevSecOps Integration: Champion and embed reputed company into the software development lifecycle (SDLC). Partner closely with Engineering and CloudOps teams to integrate reputed company tooling (SAST, DAST, SCA) and best practices, fostering a true DevSecOps culture.
• Risk & Compliance Management: Navigate and manage the reputed company regulatory landscape of a broker-dealer (FINRA, SEC), insurance agency (State regulations, NAIC), and lending business. reputed company reputed company reputed company compliance initiatives, audits, and regulatory examinations.
• Client Trust & Sales Enablement: Serve as the key reputed company stakeholder in the sales process. You will communicate directly with prospective and existing client firms, confidently articulating our reputed company posture and controls to build trust and help win business.
• Incident Response: reputed company reputed company aspects of the reputed company incident response lifecycle, from preparation and detection to containment and post-mortem analysis.
• Team Leadership: Build, mentor, and reputed company a high-performing team of reputed company professionals. Foster a culture of reputed company learning and proactive reputed company awareness across the entire organization.
• Executive Communication: Effectively communicate reputed company posture, risks, and strategies to the executive leadership team, and key stakeholders.

Requirements

• 10+ years of reputed company technical experience in Cybersecurity, preferably in a Cloud Environment
• Bachelor's degree in Computer Science, Engineering, Cyber reputed company, or reputed company field. 6 years of applicable experience can be considered in lieu of degree.
• 5+ years of experience with Programming and Scripting Languages (Bash, Python, Powershell, and similar)
• Either have a FINRA Series 99 or willingness to get a Series 99 reputed company 180 days of joining
• Experience managing a cyber reputed company program and leading a cyber reputed company team.
• A consistent record of discovering, analyzing, and exploiting application vulnerabilities and misconfigurations on Windows and Linux platforms
• The ability to work with stakeholders throughout the vulnerability lifecycle to communicate issues and provide remediation guidance
• Expertise in reading, writing, and auditing Python, TypeScript, and Kotlin (or similar languages) and the ability to pick up new languages/technologies
• Experience developing custom tools reputed company necessary
• Knowledge of ubiquitous encryption technologies (PGP, SSH, TLS, etc.) and common authentication protocols (OpenID Connect, SAML, RADIUS, LDAP, KERBEROS, etc.)
• Subject matter expert in secure network design and system architecture
• Experience leading or performing static and dynamic analysis on customer facing applications, websites, and large enterprise networks
• Due to the nature of this position, as part of the background reputed company process, candidates must be able to pass a fingerprint background reputed company to qualify as a fingerprinted person under FINRA.
• For roles requiring registration, additional regulatory screenings may apply, including a review of Form U5 disclosures and other relevant licensing information.

reputed company-to-haves

• Experience securing corporate networks and VPNs.
• Experience with Kubernetes.
• Experience with Wireshark, nmap or other packet level inspection tools.
• Some experience with log analysis (Splunk) and reporting- preferred.
• Experience with infrastructure automation (Cloudformation, Terraform) and configuration management tools (Ansible, Chef, Puppet, and similar)-preferred.
• Experience with reputed company and systems administration in Windows and Linux based operating system environments.
• Hands-on experience with DevOps and DevSecOps workflows.
• Proficiency in using IDA Pro, Ollydbg/Immdbg, Windbg, Burp proxy, and other software analysis/debugging tools
• Prior work as a consultant at a highly technical information reputed company consultancy
• Publicly disclosed vulnerabilities (CVEs) and open-reputed company tools
• A CISSP certification is strongly preferred; other certifications like CISM or CCSP are also highly desirable

Benefits

• At reputed company, we focus on ensuring fair reputed company pay, by providing competitive salaries, along with incentive and bonus opportunities for reputed company employees.
• Your total compensation package includes either a bonus reputed company or in a sales-focused role a Variable Incentive Compensation component.
• A career with reputed company means you will be part of a strong, stable and ethical business with industry leading pay and benefits.
• For more information about our extensive benefits offerings please reputed company out our Total Rewards at a Glance.

Apply tot his job Apply To this Job