Fractional CISO

About Peach

Peach is a modern loan management and servicing platform empowering lenders to launch and scale new lending programs. We provide a fully integrated, configurable system of record with API-first architecture, enabling lenders to bring products to market quickly while maintaining full compliance and operational efficiency.

Peach is a rapidly scaling B2B SaaS platform. We are on a mission to scale to $100M ARR in the next few years. As we enter this next chapter, marketing will play a critical role in shaping our market position, amplifying our voice, and driving accelerated growth.

The Role

We’re looking for a hands on CISO that will help us lead, architect and implement and maintain our information security program. Lead our security architecture, cyber planning, define and implement security policies and procedures.

Join a small team of experts and make a huge impact on the rapidly growing industry. \n

What You'll Do Assess and identify security controls for sensitive and regulated data; refine and oversee compliance programs aligned with regulatory and international standards (e.g., ISO27001, SOC2). Prepare and present accurate and timely information in response to audits and inquiries; institutes a proactive culture to align activities and measurement with internal policy and regulatory requirements. Develop and drive implementation of a short and long term security strategy and goals in alignment with Peach's business objectives and culture. Oversee information security in enterprise IT infrastructure and in deployment and management of enterprise applications. Secure operations involving Engineering, and development operations, requiring connectivity and integration with third party partners. Responsible for the 24 x 7 x 365 Security Operations Center and accountable for availability of global security systems including monitoring, vulnerability management and other information protection capabilities. Perform gap analysis of current state versus industry best practices. Act as a Subject Matter Expert ('SME') and liaison for all InfoSec teams during discussions on technical architecture and design reviews; provides input, feedback, advice, and guidance. Manage communications with security leaders from clients and partner organizations. Oversee management of information security tools, contracts, documentation, standards, and processes to ensure an operating environment that is sound, sustainable, and compliant with company policies and requirements. Identify and classify risks related to new implementations or existing infrastructure and application solutions and provision of guidance for remediation. Establish and enhance Policies and Procedures to ensure the following of security best practices and compliance. Evolve Peach's capability to monitor threats and vulnerabilities as well as detect, investigate, respond to, and recover from incidents.

Who You Are 7+ years of enterprise information security or relevant technology experience. 2+ years experience leading a team of InfoSec/cybersecurity professionals.A breadth of hands-on and senior leadership experience in security, engineering, or IT management. In-depth understanding and management of global information security, and security technologies such as intrusion detection and content filtering, threat patterns, security architecture, application architecture, and compliance criteria. Thorough understanding of SDLC and Application Security Policies, Design and Documentation. Ability to communicate, interpret Infosec and playback requirements to a non-technical security team (ie non-functional requirements). Thorough understanding of Risk Management principles (Risk Register, Cyber risks etc). Fundamental understanding of Incident Management and Security Operations. Experience with cryptography, ethical hacking, computer forensics, information assurance, and intrusion detection and prevention methodologies. Experience securing and navigating cloud platforms, such as GCP or AWS platforms. Knowledge of common operating systems (e.g. Windows, Mac OS, etc.), endpoint security principles, networking services and protocols; understanding of security technologies (IDS, firewalls, SIEM), cloud security monitoring technologies and the desire to remain technically hands-on, but also operate on a strategic level. Excellent communication skills, especially the ability to communicate security and risk-related concepts to technical and non-technical audiences. Ability to understand the business context and technology challenges and handle uncertainty and apply appropriate security solutions in response to multiple risks and needs. Deep knowledge of relevant security and compliance frameworks, standards, and regulations (such as SOC2, NIST, COBIT, ISO270xx). Exceptional interpersonal, oral, and written communication skills. Capable of listening and obtaining clarification, changing approach or method to best fit the situation. Able to effectively partner with cross-functional teams to coordinate activities and accomplish goals. Ability to clearly and succinctly communicate verbally and in writing, translating technical jargon to correspond with the audience's knowledge and understanding. Strong organizational skills, ability to coordinate multiple tasks and support projects of varying complexity concurrently. Established history of taking a thoughtful action-oriented approach for meeting the demands of multiple internal customer groups and operational needs. Natural problem solver; analytical and oriented towards diagnosis and remediation. Creative and proactive thinker; can employ a user mindset and generate solutions and proactive recommendations for optimal end user experience.

\n $120 - $144 an hour \n

U.S. Work Authorization Statement:

Peach is unable to sponsor or take over sponsorship of an employment visa (e.g., H-1B) for this role, now or in the future. All applicants must be currently authorized to work for any employer in the United States on a full-time, permanent, and unrestricted basis.

Important Note on Job Scams

At Peach, we are committed to ensuring a safe and secure recruitment process for all candidates. We are aware of the potential for fraudulent job postings and scams. Please be advised of the following:

Official Communication: All official communication from Peach regarding your application will come exclusively from a verified peachfinance.com email address. We will never use a generic email service (e.g., Gmail, Yahoo) or a messaging app like Telegram or WhatsApp for interviews or job offers.

Initial Interview Step: The first step of our interview process is always a scheduled phone call from our Senior Recruiter. We will not begin the interview process with an online chat, text message, or other non-standard methods.

Requests for Money: Peach will never ask for payment, personal financial details, or bank information as part of our recruitment process. Any such request is fraudulent and should be reported immediately. If you have any doubts about the authenticity of a job posting or communication, please check our official careers page at www.peachfinance.com/careers or contact us directly at our corporate website."

Peach Equal Employment Opportunity Statement

Peach is an Equal Opportunity Employer (EEO). We value diversity and are committed to creating an inclusive environment for all employees and applicants. We do not discriminate on the basis of any legally protected characteristics, including, but not limited to: Race, Color, National Origin, or Ancestry, Religion or Creed (including all aspects of religious belief, observance, and practice), Sex/Gender (including pregnancy, childbirth, or related medical conditions), Gender Identity or Gender Expression (including Transgender Status), Sexual Orientation, Physical or Mental Disability (including HIV/AIDS and Cancer), Age (40 and over), Marital Status, Genetic Information (including a refusal to submit to a genetic test), Veteran or Military Status (including uniformed service), Medical Condition (as defined under California law), Political Affiliation or Activity, Status as a Victim of Domestic Violence, Assault, or Stalking.

Employment decisions at Peach are based on merit, qualifications, and business needs. We prohibit retaliation against any person who files a complaint, assists with an investigation, or opposes discrimination.

We also make reasonable accommodations for qualified applicants and employees with disabilities or religious beliefs.