openashbyhqa16z
Deputy Chief Information Security Officer
Sardine
LocationUnited States
WorkplaceRemote
EmploymentFullTime
Posted2026-05-13T13:10:48.481+00:00
Last observed2026-06-16 14:52:49.045405
Job ida16z-sardine:ashbyhq:a6273e60-b562-4cb7-90b1-2abbe9cfd738
Who we are: We are a leader in fraud prevention and AML compliance. Our platform uses device intelligence, behavior biometrics, machine learning, and AI to stop fraud before it happens. Today, over 300 banks, retailers, and fintechs worldwide use Sardine to stop identity fraud, payment fraud, account takeovers, and social engineering scams. We have raised $145M from world-class investors, including Andreessen Horowitz, Activant, Visa, Experian, FIS, and Google Ventures. Our culture: - We have hubs in the Bay Area, NYC, Austin, Toronto, and São Paulo. However, we maintain a remote-first work culture. #WorkFromAnywhere - We hire talented, self-motivated individuals with extreme ownership and high growth orientation. - We value performance and not hours worked. We believe you shouldn't have to miss your family dinner, your kid's school play, friends get-together, or doctor's appointments for the sake of adhering to an arbitrary work schedule. Location: Remote, United States Travel: Approximately once every 1–2 months, primarily in North America, with some potential international travel ABOUT THE ROLE Sardine is hiring a Deputy Chief Information Security Officer to partner closely with our CISO and help scale our security program as we grow. This is a senior, high-impact role for a security leader who can operate across multiple areas, including application security, GRC, security operations, cloud and SaaS security, corporate IT, customer trust, and overall security strategy. You’ll serve as a trusted partner to the CISO, help identify and prioritize the highest-risk areas, and represent Sardine’s security program with internal teams, customers, prospects, auditors, and industry stakeholders. We’re looking for someone who is broad, pragmatic, technically fluent, and comfortable in customer-facing settings. The right person can balance strong security judgment with the pace and trade-offs of a fast-moving startup. WHAT YOU’LL DO - Partner with the CISO on Sardine’s overall security strategy, roadmap, priorities, and execution - Help identify, prioritize, and address the highest-risk areas across the business - Support security reporting, executive updates, budgeting, vendor evaluation, and planning - Partner on key compliance initiatives, including PCI, SOC 2, ISO 27001, DORA, and future FedRAMP readiness - Support incident response and act as a deputy incident lead when needed - Work closely with Engineering on application security, secure SDLC, vulnerability management, threat modeling, and remediation - Assess and improve security across cloud infrastructure, SaaS tools, IAM, endpoint management, and corporate IT systems - Bring strong AppSec fluency, including understanding how code moves from design through production, CI/CD, testing, SAST/DAST, dependency scanning, and secrets management - Partner with Product and Engineering on security considerations for AI/ML systems, bot mitigation, and abuse prevention - Support customer-facing security conversations, RFPs, due diligence, security reviews, and executive briefings - Help build trust with enterprise customers by translating technical security concepts into clear business language - Partner cross-functionally with Legal, Sales, Engineering, Product, People, and IT - Champion a pragmatic security culture that enables the business while managing risk WHAT WE’RE LOOKING FOR - 10–15+ years of cybersecurity experience, including 3+ years in a senior leadership or director-level role - Broad security background across multiple domains, not a single-specialty profile - Strong application security experience and ability to assess technical risk without needing to be hands-on coding daily - Experience operating in a startup, scale-up, or similarly resource-constrained environment where prioritization and pragmatism are critical - Ability to evaluate risk, stack-rank priorities, and focus on the highest-impact security work - Strong working knowledge of compliance frameworks such as
This page is generated from the committed OpenOpps static snapshot. Use the source posting or apply link for the employer's current canonical posting state.