• Design and implement scalable guardrails for our multi-cloud infrastructure across AWS and GCP • Harden CI/CD pipelines and platform workflows to improve our software supply chain security posture • Practice and promote an everything-as-code approach across infrastructure, configuration, and policy • Automate repetitive security and compliance tasks so teams can stay aligned with frameworks without extra drag • Triage and review findings from cloud and infrastructure security tools, including CNAPP and CSPM platforms • Partner with engineers to prioritize risk, resolve findings, and improve controls over time

• Lead application security across our payment platform, including secure code review, threat modeling, and security architecture for new products • Own product security for new payment rails, including FBO account structures, stablecoin integration, and enhanced compliance features • Design and implement DevSecOps tooling and automation to improve security posture across CI/CD and infrastructure • Partner with engineering teams to embed security into the development lifecycle through automation, secure design patterns, and security champions • Drive security architecture decisions for customer-facing APIs, authentication systems, and data protection controls • Build monitoring and detection capabilities for application-layer threats, API abuse, and fraud patterns • Design infrastructure monitoring, automation, and remediation practices that keep our systems resilient and trustworthy • Collaborate with Compliance and Legal to ensure product features meet regulatory requirements (BSA/AML, KYC/KYB, state money transmission) • Influence technical strategy across Product, Platform, and Infrastructure teams on security and risk management

• PartnerOne is seeking a seasoned Information Security Manager to lead, scale, and mature the organization's security function. • This is a senior leadership role with a broad scope, encompassing direct team management, executive-level reporting, and full ownership of the company's security strategy and operational programs. • The Information Security Manager will translate organizational risk appetite into executable programs, build and develop a high-performing security team, and serve as the definitive security authority across the business. • This individual will influence product, engineering, compliance, and go-to-market decisions — ensuring security is a competitive differentiator and not just an operational requirement. • Own and drive PartnerOne's multi-year information security strategy, aligning program investments and priorities to business objectives, regulatory obligations, and risk tolerance. • Develop and present regular security risk reports, program health updates, and strategic recommendations to senior leadership and the Board. • Define, track, and communicate key security performance indicators and risk metrics, translating technical posture into business-relevant terms for executive audiences. • Manage the information security budget, including headcount planning, tooling investments, and vendor relationships — ensuring strong ROI and alignment with strategic priorities. • Serve as PartnerOne's senior internal authority on information security, advising the executive team on risk posture, material threats, and program maturity.

Role Description PartnerOne is seeking a seasoned Information Security Manager to lead, scale, and mature the organization's security function. This is a senior leadership role with a broad scope, encompassing direct team management, executive-level reporting, and full ownership of the company's security strategy and operational programs. The Information Security Manager will translate organizational risk appetite into executable programs, build and develop a high-performing security team, and serve as the definitive security authority across the business. This individual will influence product, engineering, compliance, and go-to-market decisions — ensuring security is a competitive differentiator and not just an operational requirement. Team Leadership & Organizational Development - Build, manage, and develop a high-functioning information security team, establishing clear roles, performance expectations, career pathways, and a culture of accountability and continuous improvement. - Set team priorities and allocate resources across security disciplines — including vulnerability management, incident response, application security, data protection, and audit — ensuring appropriate coverage and depth. - Mentor and develop mid-level security staff (including leads and analysts), actively investing in the professional growth of direct reports. - Define hiring plans and lead recruiting efforts to grow team capacity in alignment with company growth and evolving threat landscapes. - Foster a security-first culture across PartnerOne through active engagement, education, and relationship-building at all levels of the organization. Security Strategy & Executive Reporting - Own and drive PartnerOne's multi-year information security strategy, aligning program investments and priorities to business objectives, regulatory obligations, and risk tolerance. - Develop and present regular security risk reports, program health updates, and strategic recommendations to senior leadership and the Board. - Define, track, and communicate key security performance indicators and risk metrics, translating technical posture into business-relevant terms for executive audiences. - Manage the information security budget, including headcount planning, tooling investments, and vendor relationships — ensuring strong ROI and alignment with strategic priorities. - Serve as PartnerOne's senior internal authority on information security, advising the executive team on risk posture, material threats, and program maturity. Vulnerability Management & Configuration Compliance - Set the strategic direction for PartnerOne's vulnerability management and configuration compliance programs, establishing standards, accountability structures, and remediation SLAs. - Own security posture visibility through executive-level dashboards and risk scorecards, ensuring leadership has a clear and current picture of the organization's exposure. - Oversee structured risk treatment processes, ensuring non-compliance findings are triaged, assigned, and resolved — or formally accepted — with appropriate business context and documentation. - Drive sustained, measurable improvement in the organization's security posture over time through governance, accountability, and cross-functional coordination. Security Incident Response & Business Continuity - Establish and continuously mature PartnerOne's security incident response capability, including detection, triage, escalation, containment, recovery, and post-incident review processes. - Serve as the executive decision-maker during significant security incidents, providing authoritative leadership and clear communication to internal and external stakeholders. - Own PartnerOne's security-related Business Continuity and Disaster Recovery planning, ensuring the organization can maintain and restore critical operations following a security event. - Lead tabletop exercises and incident simulations to test response readiness and identify gaps before real events occur. Application Security & Secure Development - Oversee the Application Security program, ensuring that vulnerability scanning, code review standards, and penetration testing activities are embedded into the software development lifecycle. - Direct internal penetration testing efforts and, where appropriate, manage relationships with external security testing partners to validate application and infrastructure security. - Collaborate with engineering leadership to embed security requirements into architecture decisions, development standards, and release gates. - Establish application security KPIs and hold development teams accountable for the timely resolution of identified vulnerabilities. Client Data Protection & Privacy - Own PartnerOne's Client Data Protection program, defining the policies, controls, and monitoring practices that govern how client data is handled across the organization. - Ensure data handling practices across products, services, and operations are consistent with contractual commitments, regulatory requirements, and industry standards. - Conduct and oversee regular control reviews to validate data protection measures remain effective as the business and its threat environment evolve. - Collaborate with legal and compliance teams to address data privacy obligations and respond to client data-related inquiries or incidents. Customer Security Assurance & Commercial Support - Serve as the senior security authority for client-facing security reviews, executive-level customer discussions, and high-stakes due diligence engagements. - Oversee the team's completion of security questionnaires and assurance activities, ensuring accuracy, consistency, and timeliness across all client interactions. - Engage directly with enterprise clients and prospects at the executive level to build confidence in PartnerOne's security posture and capabilities. - Partner closely with sales and client success leadership to support RFP, RFI, and contract processes, ensuring security representations are accurate and competitively positioned. Audit, Compliance & Third-Party Risk - Lead PartnerOne's audit and compliance programs — including SSAE18 (SOC 1/SOC 2), PCI, and other applicable frameworks — from planning through report issuance. - Build and manage relationships with external auditors and assessors, serving as the primary point of contact for all formal compliance engagements. - Oversee the Third-Party Risk Management (TPRM) program, ensuring vendors, partners, and suppliers are assessed, monitored, and held to appropriate security standards. - Ensure audit-readiness is a continuous organizational state, not a reactive effort — building evidence collection, control testing, and documentation into ongoing operations. Security Governance & Policy - Own PartnerOne's information security policy framework, including policies, standards, procedures, and exception management processes — ensuring these remain current, enforceable, and business-aligned. - Represent Information Security on the Change Advisory Board (CAB) and other governance bodies, providing risk-based input on significant organizational and technology changes. - Lead security architecture reviews for major strategic initiatives and platform transitions, ensuring security is designed in from the start. - Develop and communicate PartnerOne's GenAI governance framework, enabling teams to adopt generative AI tools responsibly and securely. Threat Intelligence & Risk Management - Maintain an active, current understanding of the threat landscape relevant to PartnerOne's industry and technology environment, drawing on sources such as CISA, ISACs, and vendor intelligence feeds. - Translate threat intelligence into actionable risk guidance for the business, prioritizing mitigations based on likelihood, impact, and operational context. - Coordinate organizational responses to significant threat events or emerging vulnerabilities, ensuring timely, accurate communication and effective remediation across impacted teams. Security Awareness & Culture - Own PartnerOne's security awareness and training program, ensuring content is relevant, engaging, and compliant with regulatory and contractual training requirements. - Champion a culture of security ownership across the organization — empowering employees at every level to recognize risk and act accordingly. - Maintain active engagement with external security communities, industry groups, and peer networks to stay ahead of emerging risks and evolving best practices. Qualifications - 8+ years of progressive information security experience, including at least 3 years in a leadership or management capacity with direct reports. - Demonstrated experience owning and maturing a broad security program across multiple disciplines simultaneously. - Deep familiarity with compliance frameworks, including SOC 1/SOC 2 (SSAE18), PCI-DSS, and relevant data privacy regulations. - Proven ability to communicate complex security risk clearly and persuasively to executive and Board-level audiences. - Experience managing security in a SaaS, fintech, or similarly regulated technology environment preferred. - Relevant certifications (CISSP, CISM, CRISC, or equivalent) strongly preferred. - Track record of building and developing high-performing security teams in a fast-paced, growth-oriented environment.