F2 Deputy CISO, Security Engineering, Threat Prevention, & Development

Novi Financial | Menlo Park, CA - Washington, DC

Apply Now

About Novi

Facebook Financial (F2) is the newest business division of Facebook (FB) leading all things related to financial services at Facebook, including Facebook Pay and the Novi digital wallet. We’re seeking deeply experienced security leadership talent to help enable and safeguard financial services with a truly global scale. The F2 Security Program is simultaneously responsible for, (a) enabling the business to achieve its goals at scale and pace; (b) safeguarding the business against real world security risks; and (c) addressing the regulatory scrutiny the business faces. Our goal is to make FB and F2 the premier place to work for cyber security, information security, and security engineering professionals. The F2 Deputy Chief Information Security Officer (D/CISO) Security Chief Technology Officer (CTO)/Director Security Engineering is a key leadership role leading the future of security for a financial services company with truly global scale. This includes maintaining a secure software development life cycle (SDLC) process, cryptographic protections, capacity/performance management, and threat prevention. The objective is to ensure that cybersecurity is incorporated into the intent of our development lifecycle and engineering processes. This role works most closely with the F2 product and engineering teams, the central FB security team, and FB enterprise engineering.

Responsibilities

  • Integrate security activities, and security intent into the SDLC to reduce the impact of vulnerable deployments.

  • Identify and standardize the requirements for policy, and design config changes.

  • Design, and manage systems, processes, and tools to improve system security, and mitigate risks to the environment.

  • Create and maintain tools and services to improve F2’s ability to meet security objectives. Implement security process automation to improve consistency and efficiency across F2 security processes.

  • Develop capabilities to integrate commercial security solutions into F2 processes and tools in order to most efficiently improve security posture.

  • Determine the appropriate amount of network resources to reduce the likelihood of any performance issues, improve consistency and quality, and be accountable for the reliability of F2’s services.

  • Manage network security processes and threat mitigation capabilities including

  • Firewall management, intrusion prevention, DNS security, credential stuffing mitigation, and DDOS attack mitigation.

  • Define sensitive data stores and leverage tools/processes to protect the information from threats, leakage, and exposure with a focus on the confidentiality side of security.

  • Manage F2’s data via processes, policies, and procedures throughout its lifespan to protect from both internal & external threats, exfiltration, DLP, and integrity modeling.

  • Leverage cryptographic best practices to protect the confidentiality, and integrity of sensitive F2 data.

  • Identify security requirements, potential threats/vulnerabilities, and quantify the criticality and prioritization.

  • Define sensitive data stores and leverage tools/processes to protect the information from threats, leakage, and exposure with a focus on the confidentiality side of security.

  • Protect F2’s environment through policies, and tools to reduce threat potential, and impact.

  • Implement security process automation to improve consistency and efficiency across F2 security processes.

  • Support business travel on an as needed basis (up to 20%).

Minimum Qualifications

  • Experience to move seamlessly from strategy to execution and deliver tangible results.

  • Experience consistently, and effectively defend their ideas and solutions.

  • Experience effectively analyzing risk within the context of business, and technology problems.

  • 10+ years of experience in information security, cybersecurity, and/or technology risk include experience leading architecture, engineering, operations, testing, authentication and access management.

  • Familiarity with compliance frameworks and regulatory requirements including NIST, ISO-2700, PCI Compliance, and MTL Licensing requirements.

  • Knowledge in communication, facilitation, leadership, delegation, and presentation skills, including demonstrated success in regulatory interactions.

  • Experience problem solving, and trouble-shooting skills.

  • Leadership and management experience leading 100+ FTE technical organizations.

  • Must obtain work authorization in country of employment at the time of hire, and maintain ongoing work authorization during employment.

Preferred Qualifications

  • Engineering or technical B.Sc. degree, with an advanced degree preferred.

  • Experience supporting offensive and/or defensive Government sponsored cybersecurity operations. Current or former holder of US National Security clearance(s) preferred.


Exchange rates and currencies shown are for illustrative purposes only. Novi and the Novi logo are trademarks owned by Facebook, Inc. Other names and brands may be claimed as the property of others.

© 2021, Novi Financial, Inc. or its affiliates. 

All rights reserved. NMLS ID # 1832154.