Chief Information Security Officer

Varo Money

Company Type

Varo is changing the future of banking with our mobile app: a frictionless bank account that also helps customers do more with their money. Varo is building a mobile bank that helps customers cover their expenses, pay their bills and build their wealth over time — so they can stop worrying about money and go live their lives. Unlike traditional banks or other fintech apps, Varo offers a complete solution with integrated deposit, budgeting, savings and lending products that help customers bank with ease and achieve better financial outcomes. There’s no reason for a bank branch on every corner anymore: all that customers need is a smartphone to bank seamlessly. Based in San Francisco and privately held, Varo has raised $78M to date, led by Warburg Pincus and The Rise Fund / TPG Growth.


The Chief Information Security Officer (CISO) reports to the Chief Compliance and Operations Risk Officer and works closely with Varo’s technology leadership and department.  The CISO has a dotted line reporting relationship to the Chief Executive Officer to fulfill the responsibilities as a risk executive with the organization. The CISO is responsible for overseeing the establishment and implementation, monitoring and enforcing of Varo’s information security standards.  The CISO is responsible for building an accountable, information security-conscious culture and system security infrastructure built on high quality standards, guidelines and controls that is regularly tested and reported.


  • Assist and oversee the continued development and monitoring of a risk based comprehensive enterprise security program to ensure that the integrity, confidentiality and availability of information is owned, controlled and properly processed by Varo.
  • Integrate information security risk management into business decisions and operations.
  • Advise IT leadership on necessary security controls and processes to protect the enterprise and the business lines commensurate with their assessed level of risk.
  • Develop, maintain and publish up to date information security policies, procedures, standards, controls and guidelines.  Oversee the approval, training and dissemination of such policies, procedures, standards, controls and guidelines.
  • Assist in the creation and management of information security and risk management awareness training programs for all employees, contractors and approved system users, including role-based training for employees with specialized security responsibilities.
  • Coordinate information security projects and initiatives together with resources from IT and business line teams.
  • Ensure that information security programs are in compliance with relevant laws, regulations and policies to minimize risk and audit findings.
  • Manage security incidents and events to protect corporate and IT assets, including intellectual property, regulated data and Varo’s reputation.
  • Be a member of and assist in the management of Varo’s Crisis Management Team.  Execute multiple table-top exercises and simulations to prepare participants for their roles in efficient breach response.
  • Along with IT, monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate course of action and response to such threats.
  • Balance the protection of information assets with the needs of the business.


  • Minimum of 10+ years of progressive experience in information security with a combination of risk management, information security and IT related responsibilities with regulated financial institutions, state or federal licensed financial service companies, and/or fintech companies.
  • Minimum of 4+ years of experience in a senior leadership role with increasing levels of responsibilities.
  • Experience with information security frameworks.  Knowledge of NIST, ISO, SOC 2, PCI, and/or Cobit.  Familiarity with Cyber Security Assessment Tool (CAT)
  • One or more of the following professional certifications:  CISSP, CISM, CERT, CISA, etc.
  • Ability to participate with and lead cross-functional interdisciplinary teams to achieve tactical and strategic goals.
  • Experience with third party service provider due diligence, negotiations, oversight, and monitoring.
  • Excellent written and verbal communication skills, interpersonal and collaborative skills.
  • Proven track record and experience in developing information security policies and procedures as well as successfully executing programs that meet excellence objectives in a dynamic environment.
  • Poise and ability to act calmly and competently in high pressure, high stress situations.
  • Must be a critical thinker, with strong problem-solving skills.
  • Excellent analytical skills and ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet over all objectives.
  • High level of personal integrity, ability to professionally handle confidential matters, and an appropriate level of judgment and maturity.
  • Thorough understanding of IT operations and the role and impact of information security on these operations.

Learn more about Varo by following us at:

Facebook -

Instagram -

LinkedIn -

Read Full DescriptionHide Full Description
Confirmed 15 hours ago. Posted 30+ days ago.

Discover Similar Jobs

Suggested Articles

One Step Register
Need an account? Sign Up