Vice President, Chief Information Security Officer (CISO)

Position Overview

The Vice President, Chief Information Security Officer (CISO) is responsible for establishing and leading the enterprise-wide strategy and vision for information security across Upbound. This executive-level role ensures the confidentiality, integrity, and availability of digital assets, data, and technology infrastructure by proactively assessing threats, setting strategic direction, and implementing robust security frameworks and architectures. The CISO is a trusted advisor to the executive leadership team and the Board of Directors on cybersecurity risk and compliance matters and is Upbound’s primary authority on information security.

The CISO is an executive-level position that reports directly to the Executive Vice President, Chief Technology Officer and serves as a key executive leader. This position is responsible for the oversight, development, implementation, and maintenance of Upbound’s information security strategy and governance framework. The CISO leads cross-functional efforts to assess risk, ensure compliance with industry standards, and protect Upbound’s mission-critical systems, sensitive member data, and confidential financial information. This role requires an accomplished leader with strategic foresight, deep cybersecurity acumen, and the ability to navigate and influence at the highest levels. The CISO builds collaborative relationships across business units, drives cultural change regarding cybersecurity awareness, and leads the company in responding to emerging threats in an ever-evolving threat landscape.

Key Responsibilities

• Lead the development, implementation, and continuous improvement of a long-term, risk-based cybersecurity strategy aligned with Upbound’s mission, vision, values, and business goals

• Define and lead Upbound’s cybersecurity strategy for Artificial Intelligence (AI), including AI governance, secure AI adoption, and risk management for AI-enabled products, platforms, and business processes

• Establish and oversee a DevSecOps program, embedding security controls, automation, and assurance into the software development lifecycle (SDLC), CI/CD pipelines, and cloud engineering practices

• Serve as Upbound’s executive authority on cybersecurity matters, providing strategic guidance to the Board of Director’s, executive leadership, and other stakeholders

• Build and oversee a governance structure that includes policies, standards, guidelines, and procedures that align with industry frameworks (e.g., NIST, ISO, COBIT).

• Direct enterprise-wide security risk assessments, gap analyses, and audits, ensuring the timely mitigation of identified vulnerabilities and risks

• Lead the creation, implementation, and testing of the enterprise Cybersecurity Incident Response Plan (CSIRP), and oversee forensics, investigations, and post-incident reviews

• Oversee compliance efforts related to privacy, regulatory mandates, and cybersecurity frameworks

• Foster a cybersecurity-aware culture across all levels of the organization through ongoing education, training, and communication strategies

• Direct the implementation of advanced security technologies, including threat intelligence platforms, security orchestration, and automated response tools

• Actively monitor the external threat landscape and anticipate shifts in regulatory or operational risks to proactively safeguard Upbound’s infrastructure

• Lead the security architecture function, ensuring that all new and existing systems are designed with appropriate security controls and protocol

• Develop, mentor, and retain top cybersecurity talent and manage vendor and third-party relationships to ensure delivery of critical security services

• Collaborate with business leadership to integrate cybersecurity into enterprise projects, digital transformation efforts, and vendor procurements

• Prepare and present cybersecurity updates, threat intelligence briefings, and annual security reports to executive leadership and the Board of Directors

• Develop and manage the cybersecurity annual strategic plan and operating budget

Qualifications

• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or a related field

• Master’s degree (MS, MBA, MPA) highly desirable

• Ten (10) years of progressively responsible experience in cybersecurity and information technology, including at least five (5) years in a senior leadership or executive-level role

• Proven experience in designing and managing enterprise-wide security programs, policies, and risk mitigation initiatives

• Demonstrated expertise in compliance, data privacy laws, risk management, incident response, and security frameworks

• Certifications such as CISSP, CISM or CISA preferred

Knowledge

• Executive-level leadership, strategic planning, and governance practice

• Enterprise risk management methodologies and cybersecurity frameworks

• Emerging technologies (e.g., AI, blockchain, zero trust) and their cybersecurity implications

• Security architecture and engineering, cloud security, endpoint protection, and encryption standards

• Business continuity and disaster recovery planning

• Procurement and contract negotiation for security technologies and services

Skills/Abilities

• Plan, organize, and manage cyber security infrastructure development, operations, and support

• Communicate complex security concepts clearly to both technical and non-technical audiences

• Inspire, manage, and grow a high-performing cybersecurity team

• Build an enterprise security architecture aligned with business strategy

• Develop policies and practices that balance security with operational efficiency

• Remain calm under pressure and make decisions during high-impact incidents

• Manage and prioritize multiple projects while maintaining a high standard of professionalism, confidentiality, and ethical conduct

• Exercise sound judgment, maintain confidentiality, and act with integrity and professionalism