SonicJobs Logo
Left arrow iconBack to search
  1. Home
  2. 75320, Dallas, TX
  3. Information Security Officer

Information Security Officer

Shaw Systems
Posted 5 days ago, valid for 8 days
Location

Dallas, TX 75320, US

Salary

Competitive

Contract type

Full Time

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Sonic Summary

info
  • Shaw Systems is looking for a Chief Information Security Officer (CISO) with 10+ years of information security leadership experience to protect corporate and client information assets.
  • The CISO will oversee enterprise security strategy, operations, compliance, and risk management while supporting the adoption of AI and cloud technologies.
  • This role requires expertise in securing cloud environments, particularly Azure, and strong experience with SOC 2, ISO 27001, and other security frameworks.
  • The position offers a competitive salary and is based in a hybrid work environment within 75 miles of Houston, TX, with remote options available in several states.
  • Candidates must hold certifications such as CISSP and CCSP, and have a strong background in financial services or lending industry experience.

Summary / Objective

Shaw Systems is a leading national software provider serving the consumer lending and financial services industry. We are seeking a Chief Information Security Officer (CISO) to lead the protection of corporate and client information assets and drive a secure, scalable technology environment.

This role owns enterprise security strategy, operations, compliance, and risk management while enabling secure adoption of AI, cloud, and automation platforms. The CISO serves as Shaw’s primary authority on information security, partnering across business, technology, and client teams to strengthen security posture and support growth.



Organizational Scope

  • Direct Reports: Service Operations Manager, Senior Security Engineers, Security/InfoSec Analysts
  • Team Size: ~8 FTEs + contractors + SOC partner
  • Enterprise Reach: Full client portfolio (financial services focus)
  • Cross-Functional Influence: AI Committee; DevOps, Cloud, Implementation



Responsibilities


1. Security Strategy & Program Leadership

  • Define and mature enterprise information security strategy, policies, and standards
  • Own and evolve Shaw’s Information Security Program and SOC 2 Type II compliance
  • Serve as primary security representative for clients, auditors, and executives
  • Lead risk identification, mitigation, and enterprise security roadmap
  • Oversee access controls, third-party risk, and security readiness exercises (DR, incident tabletop)
  • Present security posture, risks, and compliance status to leadership and external stakeholders
  • Hold named accountability for security representations in client agreements (including MSAs and processing agreements); present security posture and risk to clients, prospects, auditors, and executive forums as required


2. Security Operations (SecOps)

  • Oversee 24/7 SOC operations (via partner) and incident response lifecycle
  • Manage threat detection, monitoring, vulnerability management, and remediation
  • Lead response to authentication threats, phishing, and unauthorized access events
  • Maintain and enhance security tooling across the stack, including Microsoft Defender, FortiClient VPN, Arctic Wolf MDR, Keeper, KnowBe4, PAM solutions, and data protection technologies (e.g., DLP)
  • Ensure endpoint, identity, and infrastructure security across cloud and on-prem environments
  • Drive network, cloud, and infrastructure hardening initiatives


3. AI Governance & Security Architecture

  • Lead enterprise AI security strategy and rollout (Copilot, LLMs, AI tools)
  • Design and enforce AI governance framework (usage policies, data protection, access controls)
  • Architect secure AI/LLM environments (mitigating data leakage, prompt injection, etc.)
  • Own Microsoft Purview strategy (DLP, labeling, information protection)
  • Represent AI security posture to clients, auditors, and leadership
  • Manage strategic vendor relationships, including Microsoft, Anthropic, Arctic Wolf, Fortinet, Keeper, and other security and AI partners, ensuring enterprise value and risk alignment


4. Service Operations Oversight

  • Provide leadership oversight to Service Operations (infrastructure, endpoints, support)
  • Ensure reliability, patching, identity governance, and cloud operations (M365/Azure)
  • Drive SLA performance, operational efficiency, and automation initiatives
  • Ensure operational rigor through established tooling and cadences, including patch management (e.g., WSUS), endpoint monitoring, and environment audits


5. Compliance, Risk & Audit

  • Co-own SOC 2 Type II audit lifecycle and evidence management
  • Maintain enterprise risk register and mitigation tracking
  • Lead client/vendor security assessments and regulatory readiness
  • Ensure alignment with frameworks (ISO 27001, NIST, FFIEC, GLBA, SOX)
  • Ensure third-party vendor due diligence, security requirements, and contractual obligations are aligned with Shaw’s Information Security Program and documented appropriately
  • Monitor regulatory developments (including AI and privacy laws)
  • Own security representations in client agreements and audit responses
  • Provide security review, guidance, and approval on security-related representations in client, regulatory, and third-party engagements, in partnership with executive leadership, Legal, and Compliance


6. Leadership & Culture

  • Lead, mentor, and develop InfoSec and Service Ops teams
  • Manage vendors, contractors, and partner performance
  • Promote enterprise-wide security awareness and training programs
  • Partner with HR on hiring, workforce planning, and organizational design


7. Strategic & Cross-Functional Collaboration

  • Advise executive leadership on security and AI risk strategy
  • Partner with DevOps, Cloud, and Implementation teams on secure design practices
  • Support business development (security questionnaires, client discussions)
  • Translate technical risk into business impact for diverse stakeholders


Requirements


Education

  • Bachelor’s or Master’s degree in Computer Science, Engineering, or related field


Experience & Expertise

  • 10+ years in information security leadership
  • 5+ years securing cloud environments (Azure preferred, AWS acceptable)
  • Strong experience with SOC 2, ISO 27001, NIST, OWASP, FFIEC, GLBA, SOX
  • Deep technical background across DevOps, infrastructure, and security tooling
  • Expertise in network security, IAM, DLP, SIEM, and vulnerability management
  • Experience with Microsoft security stack (Defender, Purview, Intune, Entra ID, Azure)
  • Demonstrated experience with AI platforms and governance (e.g., Copilot, LLMs)
  • Financial services or lending industry experience preferred


Certifications

  • CISSP (required)
  • CCSP (required)
  • ISSAP (preferred)


Leadership Competencies

  • Strategic security leadership and business alignment
  • AI governance and emerging technology risk management
  • Operational execution and compliance discipline
  • Strong communication, stakeholder influence, and executive presence
  • Analytical problem-solving and results orientation
  • Vendor and partner management expertise


Performance Expectations (First 12 Months)

  • SOC 2 Type II audit completed with no material findings
  • Enterprise AI governance framework fully implemented
  • Microsoft Purview DLP and labeling deployed enterprise-wide
  • Mature security operations cadence with measurable SLAs
  • Updated BCP/DR program tested
  • Improved phishing awareness and security training outcomes


Supervisory Responsibility

  • Leads a team of internal, contractor, and external partners supporting security operations and enterprise infrastructure.


Location

  • Hybrid: Within 75 miles of Houston, TX
  • Remote (eligible states): TX, VA, FL, GA, ID, LA, MI, MN, NJ, NC, PA, UT
  • Travel: 10–25% as needed



Work Environment

  • Full-time, Monday–Friday; standard business hours with occasional after-hours support as needed.


Learn more about this Employer on their Career Site

Apply now in a few quick clicks

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Logo
SonicJobs
Your next career move. Sorted.
Search jobsbackground image

Contact us

© 2017 - 2026 SonicJobs Inc. All rights reserved

Terms & Conditions | Privacy Policy | Browse Jobs