Flourish CISO

About the position We are seeking a hands-on, deeply technical, and strategic Chief Information Security Officer (CISO) to lead our cybersecurity program. As a "player-coach,” you will be responsible for setting the security vision and strategy while also rolling up your sleeves to architect and implement robust security controls. You will be the senior-most leader for information security, tasked with protecting our firm, our partners, and our clients across our diverse and highly regulated business lines. This is a critical leadership role for a security expert who thrives on building, securing, and scaling modern, cloud-native financial technology. Since 2017, Flourish has been on a mission to help financial advisors evolve from holistic advice to holistic implementation to more fully serve their clients and achieve better outcomes. We focus on independent Registered Investment Advisors (RIAs), delivering financial products that advisors can't easily access today through beautiful, scalable, and easy-to-use technology. Today, we work with over 1,000 RIAs that collectively represent more than $2.6T in assets under management across two products — Flourish Annuities and Flourish Cash — and with our recent acquisition of Sora Finance, we'll be adding a lending offering in 2026. Headquartered in New York City, we are an independently-operating, wholly-owned subsidiary of MassMutual Life Insurance Company. Read on if you are interested in joining a small, highly-collaborative, rapidly-growing startup—backed by the support and stability of a Fortune 500 company. Responsibilities • Security Strategy & Leadership: Develop, implement, and own the comprehensive information security and cyber-risk management strategy and roadmap for Flourish. • Technical Architecture & Engineering: Act as the lead technical security architect. In close partnership with our expert CloudOps team, you will conduct hands-on security reviews of our cloud infrastructure (AWS), applications, and CI/CD pipelines and drive the implementation of security controls across the entire technology stack. • DevSecOps Integration: Champion and embed security into the software development lifecycle (SDLC). Partner closely with Engineering and CloudOps teams to integrate security tooling (SAST, DAST, SCA) and best practices, fostering a true DevSecOps culture. • Risk & Compliance Management: Navigate and manage the complex regulatory landscape of a broker-dealer (FINRA, SEC), insurance agency (State regulations, NAIC), and lending business. Oversee all security compliance initiatives, audits, and regulatory examinations. • Client Trust & Sales Enablement: Serve as the key security stakeholder in the sales process. You will communicate directly with prospective and existing client firms, confidently articulating our security posture and controls to build trust and help win business. • Incident Response: Lead all aspects of the security incident response lifecycle, from preparation and detection to containment and post-mortem analysis. • Team Leadership: Build, mentor, and lead a high-performing team of security professionals. Foster a culture of continuous learning and proactive security awareness across the entire organization. • Executive Communication: Effectively communicate security posture, risks, and strategies to the executive leadership team, and key stakeholders. Requirements • 10+ years of related technical experience in Cybersecurity, preferably in a Cloud Environment • Bachelor's degree in Computer Science, Engineering, Cyber Security, or related field. 6 years of applicable experience can be considered in lieu of degree. • 5+ years of experience with Programming and Scripting Languages (Bash, Python, Powershell, and similar) • Either have a FINRA Series 99 or willingness to get a Series 99 within 180 days of joining • Experience managing a cyber security program and leading a cyber security team. • A consistent record of discovering, analyzing, and exploiting application vulnerabilities and misconfigurations on Windows and Linux platforms • The ability to work with stakeholders throughout the vulnerability lifecycle to communicate issues and provide remediation guidance • Expertise in reading, writing, and auditing Python, TypeScript, and Kotlin (or similar languages) and the ability to pick up new languages/technologies • Experience developing custom tools when necessary • Knowledge of ubiquitous encryption technologies (PGP, SSH, TLS, etc.) and common authentication protocols (OpenID Connect, SAML, RADIUS, LDAP, KERBEROS, etc.) • Subject matter expert in secure network design and system architecture • Experience leading or performing static and dynamic analysis on customer facing applications, websites, and large enterprise networks • Due to the nature of this position, as part of the background check process, candidates must be able to pass a fingerprint background check to qualify as a fingerprinted person under FINRA. • For roles requiring registration, additional regulatory screenings may apply, including a review of Form U5 disclosures and other relevant licensing information. Nice-to-haves • Experience securing corporate networks and VPNs. • Experience with Kubernetes. • Experience with Wireshark, nmap or other packet level inspection tools. • Some experience with log analysis (Splunk) and reporting- preferred. • Experience with infrastructure automation (Cloudformation, Terraform) and configuration management tools (Ansible, Chef, Puppet, and similar)-preferred. • Experience with security and systems administration in Windows and Linux based operating system environments. • Hands-on experience with DevOps and DevSecOps workflows. • Proficiency in using IDA Pro, Ollydbg/Immdbg, Windbg, Burp proxy, and other software analysis/debugging tools • Prior work as a consultant at a highly technical information security consultancy • Publicly disclosed vulnerabilities (CVEs) and open-source tools • A CISSP certification is strongly preferred; other certifications like CISM or CCSP are also highly desirable Benefits • At MassMutual, we focus on ensuring fair equitable pay, by providing competitive salaries, along with incentive and bonus opportunities for all employees. • Your total compensation package includes either a bonus target or in a sales-focused role a Variable Incentive Compensation component. • A career with MassMutual means you will be part of a strong, stable and ethical business with industry leading pay and benefits. • For more information about our extensive benefits offerings please check out our Total Rewards at a Glance. Apply tot his job