F2 Deputy CISO Governance, Risk, & Compliance

Novi Financial | Menlo Park, CA - Washington, DC

Apply Now

About Novi

Facebook Financial (F2) is the newest business division of Facebook (FB) leading all things related to financial services at Facebook, including Facebook Pay and the Novi digital wallet. We’re seeking deeply experienced security leadership talent to help enable and safeguard financial services with a truly global scale. The F2 Security Program is simultaneously responsible for, (a) enabling the business to achieve its goals at scale and pace; (b) safeguarding the business against real world security risks; and (c) addressing the regulatory scrutiny the business faces. Our goal is to make FB and F2 the premier place to work for cyber security, information security, and security engineering professionals. The F2 Deputy Chief Information Security Officer (D/CISO), Governance Risk and Compliance is a key leadership role managing F2’s framework of policies, procedures, and processes that enforces security objectives across all domains to prevent regulatory infractions and inconsistent applications of security.


  • Provide consideration, and guidance on regulatory matters and mitigate against uncertainty

  • Ensure adherence to defined standards in order for F2 to maintain legal and regulatory compliance

  • Implement both independent testing of F2 controls, and an ERM Interface to improve the organizations risk posture

  • Identify and analyze F2 information security, business continuity, and privacy risks and determine safeguards to reduce an incident’s probability of occurrence and impact

  • Establish a system of indicators for F2 to evaluate overall current risk at a glance for executive review and decision-making

  • Develop a method for exception management to a F2 compliance standard(s), including remediation/review cycles, sign-off requirements, and reporting

  • Facilitating effective security management and evaluating FB security governance controls for FB infrastructure that F2 relies on

  • Direct experience leading GRC organizations with the responsibility of risk and control self-assessments, defining and tracking KPIs, risk quantification framework, security exceptions process, as well as independent control testing, and standards compliance

  • Support business travel on an as needed basis (up to 20%)

Minimum Qualifications

  • Experience to move seamlessly from strategy to execution and deliver tangible results.

  • Experience in consistently, and effectively defending their ideas and solutions.

  • Experience in analyzing risk within the context of business, and technology problems.

  • 10+ years of experience in information security, cybersecurity, and/or technology risk include experience leading: architecture, engineering, operations, testing, authentication and access management.

  • Familiarity with compliance frameworks and regulatory requirements including NIST, ISO-2700, PCI Compliance, and MTL Licensing requirements.

  • Communication, facilitation, leadership, delegation, and presentation skills, including demonstrated success in regulatory interactions.

  • Problem solving, and trouble-shooting skills.

  • Leadership and management experience leading 100+ FTE technical organizations.

  • Must obtain work authorization in country of employment at the time of hire, and maintain ongoing work authorization during employment.

Preferred Qualifications

  • Engineering or technical BSc degree, with an advanced degree preferred.

  • Experience supporting offensive and/or defensive Government sponsored cybersecurity operations. Current or former holder of US National Security clearance(s) preferred.

Exchange rates and currencies shown are for illustrative purposes only. Novi and the Novi logo are trademarks owned by Facebook, Inc. Other names and brands may be claimed as the property of others.

© 2021, Novi Financial, Inc. or its affiliates. 

All rights reserved. NMLS ID # 1832154.