Chief Product & Information Security Officer (CPISO)
Indexed description
The CPISO will partner closely with executive leadership, Product, and Engineering teams, as well as cross-functional stakeholders, to protect InvestCloud's systems, data, and clients while enabling the business to scale securely.
Key Responsibilities
- Define and lead the enterprise information security strategy, policies, standards, and controls — spanning both corporate infrastructure and InvestCloud's software product suite
- Own product security across the full software development lifecycle (SDLC), including secure design principles, application security testing, vulnerability management, and secure-by-default standards for all client-facing products
- Partner with Product and Engineering leadership to embed security requirements into product roadmaps, architecture reviews, and release processes
- Oversee security operations, incident response, and the ongoing development of the company's incident response programme and CSIRT
- Provide regular security reporting, metrics, and risk updates to executive leadership and governance forums, including product-specific security posture
- Drive security, regulatory, and audit readiness across the organisation, including compliance with relevant financial services and data protection frameworks
- Partner with Technology, Legal, Compliance, Privacy, and Business leaders to ensure security requirements are embedded into operations and decision-making
- Lead and develop a high-performing security team — encompassing both product security and information security disciplines — and ensure the function is appropriately resourced
- Evaluate emerging threats, manage cyber risk, and strengthen security capabilities across cloud, platforms, data, product, and third-party environments
- Significant leadership experience in information security, cybersecurity, or related disciplines, including a senior security leadership role with a clear track record of influencing executive-level decision-makers
- Demonstrated experience in product or application security, with a strong understanding of secure SDLC practices, application security (SAST/DAST/SCA), and DevSecOps
- Strong knowledge of security governance, security operations, incident response, risk management, identity and access management, and regulatory compliance
- Demonstrated ability to communicate effectively with executive stakeholders, boards, auditors, clients, and technical teams
- Experience building and leading security programmes in complex, regulated, and technology-enabled environments — ideally within financial services or enterprise software
- Strong judgment, credibility, and the ability to balance risk management with business enablement and product velocity
- Bachelor's degree required; advanced degree or relevant certifications (e.g. CISSP, CISM, CSSLP) preferred
Our Values
- Client Connected
- Human Centered
- Technology Forward
- Respect + Integrity
- Excellence
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search