Director, Business Information Security Officer

---

Job description

About Pagaya

Shape the Future of Finance

Pagaya is building a leading artificial intelligence network to help our partners grow their businesses and better serve their customers.

Pagaya powers a leading artificial intelligence network that enables banks, fintechs, merchants, lenders, and other B2C businesses to provide their customers with greater access to financial services. We help partners grow their customer base while managing risk, all with a seamless customer experience.

Pagaya's network enables our partners' customers access to credit across Auto, Credit Card, Personal loans, and Point of Sale markets. We are also developing products in insurance, real estate, and more. Our network is fully automated and operating at scale - with the support of the Pagaya network, our partners have processed millions of applications, with a new application typically analyzed every second.

Let's create better outcomes together!

About The Role

The Director, Business Information Security Officer will lead the US affiliate, Pagaya Investments US LLC's, efforts to successfully implement and provide ongoing management and oversight of all relevant information security controls/solutions. The BISD will work closely with our Israeli Office of the CISO, and its security architectural team to evaluate and implement cyber security solutions in the domains of Cloud, IAM, DLP, mobile and endpoint security, security monitoring, security training and more to protect Pagaya׳s core assets, data and IP.

The ideal candidate has a unique set of skills that enables them to build and collaborate with our diverse network of partners and Global Information Security team having both direct impact and influence on Pagaya's rapidly growing business. The BISD will have an opportunity to work with the industry's most advanced security technologies, continually growing one's technical and managerial skills to protect and ensure Pagaya's continuing expansion efforts.

Responsibilities

You will be responsible for our security solutions technology stack for the US throughout the project lifecycle (including evaluation, implementation, management and ongoing operations, including reporting/metrics). Ensure all security solutions meet the localized business, regulatory and technical needs of the US affiliate, and report upstream to the Office of the CISO and Global CISO.

• Work closely with Pagaya׳s Global Security Engineering team, architecture and SecOps team members within the Office of the CISO to ensure consistent cross-company implementation of controls.
• Drive the secure deployment of a global security solution stack focused on cloud (IaaS and SaaS), mobile and endpoint related controls.
• Assist the Global CISO in the development, implementation and maintenance of up-to-date information security procedures, standards and guidelines and oversee the localized approval, training, and dissemination of security policies and practices.
• Manage a defense in depth approach that addresses all cross-department security requirements.
• Share and communicate end-to-end security solutions and the enterprise security posture (both orally and written) to executives, business sponsors, and customers and partners in a clear and concise manner that is in the vernacular of each group
• Create and manage information security and risk management awareness training programs for all US employees, contractors and approved system users.
• Work directly with the other business units to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.
• Facilitate the information security risk assessment process, as well as support audit programs such as internal security audits, ISO 27001, SOC2 and SOX audits, including the gathering of audit evidence, reporting and oversight of treatment efforts to address any negative findings/gaps.
• Manage business unit security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation.
• Monitor business unit metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.
• Manage outsourced US vendors that provide information security functions for compliance with contracted service-level agreements.
• Manage and coordinate operational components of US-based incident management, including detection, response and reporting.
• Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.
• Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information to the Global CISO about residual risk.
• Ensure localized audit trails, system logs and other monitoring data sources are reviewed periodically and comply with policies and audit requirements.
• Develop and oversee effective disaster recovery policies and procedures to align with the enterprise business continuity management program goals. Coordinate the development and testing of business unit specific plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas.
• Create and support POC/demos and present security solutions relevant to the business unit to the company relevant stakeholders
  
  

Requirements

7+ years of proven InfoSec management experience including hands-on information Security experience with key technologies such as endpoint security, email security, DLP, mobile device management, and SIEM.

• In-depth knowledge of a comprehensive stack of layered security controls and the technical aspects of their deployment and management.
• Experience with Cloud delivered solutions (IaaS, PaaS, SaaS - AWS)
• Knowledge in the majority of security domains such as: IAM, Cloud access broker (CAB), DLP, Endpoint Protection and Cloud native security solutions (focused on AWS), as well as security incident and event monitoring.
• 6+ years of proven experience in defining security requirements and deployment of solutions.
• Experience in leading cross-domain solutions
• In-depth knowledge of information security concepts, design/architecture, and methodologies
• Security-related certifications (CCSP, CISSP, CISM, CISA, etc.) are a plus.
• Experience supporting both internal and external security and compliance audits of an enterprise within a regulated industry such as financial services.
• Continuous learner with flexible mindset who has demonstrated the ability to be a nimble and creative thinker within an ever-evolving and dynamic organization.
• A self-starter with a solutions and consultative oriented mindset and strong attention to detail
• Exceptional communication, presentation, and stakeholder management skills, proven ability to partner across diverse stakeholders
• Proven ability to think strategically and commercially, work autonomously, and have strong execution skills
  
  

Our Team

Pagaya was founded in 2016 by seasoned research, finance, and technology entrepreneurs, and we are now 500+ strong in New York, Los Angeles, and Tel Aviv.

We move fast and smart, identifying new opportunities and building end-to-end solutions from AI models and unique data sources. Every Pagaya team member is solving new and exciting challenges every day in a culture based on partnership, collaboration, and community.

Join a team of builders who are working every day to enable better outcomes for our partners and their customers.

Our Values

Our values are at the heart of everything we do. We believe great solutions are built through a great community.

• Continuous Learning: It's okay to not know something yet, but have the desire to grow and improve.
• Win for all: We exist to make sure all participants in the system win, which in turn helps Pagaya win.
• Debate and commit: Share openly, question respectfully, and once a decision is made, commit to it fully.
• The Pagaya way: Break systems down to their most foundational element, and rebuild them unique to Pagaya.
  
  

More than just a job

We believe health, happiness, and productivity go hand-in-hand. That's why we're continually looking to enhance the ways we support you with benefits programs and perks that allow every Pagayan to do the best work of their life.