Chief Information Security Officer at YapStone
Walnut Creek, CA, US

Developing innovative technologies to revolutionize the payments industry while helping customers transact in global marketplaces is not for the faint of heart.  We have big goals and are looking for people to join our team who want to leave a legacy. Just as you are committing to do your best work, Tom our CEO, commits to making this the best place you’ve ever worked. It’s a partnership from the very beginning.  If you are looking to step outside your comfort zone, learn new things, apply your skills, collaborate with brilliant people and have fun along the way, then you might be our next Yapster!  We promise to provide you with an amazing journey along your career.  At Yapstone, we don’t just accept difference — we celebrate it, we support it, and we thrive on it for the benefit of our employees. Yapstone is proud to be an equal opportunity workplace.

Are you a Security professional who is deeply curious, highly motivated, data-driven, emotionally intelligent, strategic, passionate about collaboration, and results-oriented?  Do you have strong skills in technology and business management?  Are you an effective educator, consultant, guide and leader?  If all of that sounds like you, Yapstone, located in Walnut Creek, California, is a licensed money transmitter seeking someone like you to be our new Chief Information Security Officer.  Reporting to the Chief Administrative Officer, the CISO will lead the information security program, be the chief security evangelist and proactively work with various Yapstone business units to ensure compliance with security requirements and best practices.

Primary Responsibilities

    Manage the enterprise's information security organization, consisting of direct reports and indirect reports. This includes hiring, training, staff development, performance management and annual performance reviews

    Manage comprehensive enterprise information security and risk management program for the Yapstone business, which operates in the cloud leveraging Amazon Web Services (AWS).

    Manage information security policies, standards and guidelines; oversee the approval, training, and dissemination of security policies and practices.

    Manage risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers.

    Provide regular reporting on the current status of the information security program to company senior business leaders as part of a strategic risk management program.

    Enhance information security management framework based on the following: International Organization for Standardization (ISO) 2700X, Sarbanes-Oxley Act (SOX), Payment Card Industry Data Security Standards (PCI DSS), Personally Identifiable Information (PII).

    Provide risk guidance for Product Engineering projects, including the evaluation and recommendation of technical controls.

    Liaise with the company’s development team to ensure alignment between the security and development practices.

    Liaise with Yapstone customers, clients, partners and stakeholders on security-related matters.

    Guide the company through internal and external audits, examinations and reviews related to security and participate in cross-functional teams in connection with regulatory and other audits and examinations.


    Bachelor's degree in business administration or a technology-related field, or equivalent work or education-related experience.

    Certification as a Certified Information Systems Security Professional (CISSP) and/or Systems Security Certified Practitioner (SSCP) is desirable.

    Minimum of 7 years of experience in a combination of risk management, information security and Product Engineering roles. At least 4 years in a senior leadership role in security.

    Relevant experience managing security for companies that leverage cloud technologies such as Amazon Web Services (AWS) and / or offer platform as a service (PaaS) with security commitments to customers and partners.

    Relevant experience working in the payment industry with a deep understanding of regulatory frameworks such as ISO, SOX, GDPR, PII, PCI, etc. is highly desired.

    Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences.

    Must be able to effectively liaise with internal direct reports and senior management as well as external customers, clients, partners and stakeholders.

    Must be a critical thinker, with strong problem-solving skills.

    Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX) and Payment Card Industry/Data Security Standard Personally Identifiable Information (PII).

    Strong project management, financial/budget management, scheduling and resource management skills.

    Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.