Headquartered in Houston, Texas, Motiva refines, distributes, and markets petroleum products throughout the Americas. The company’s Port Arthur Manufacturing Complex in Port Arthur, TX, is comprised of North America’s largest refinery with a total throughput of 720,000 barrels per day, the world’s second largest lubricants plant, and an integrated chemical plant. Under exclusive long-term brand licenses with Shell and Phillips 66 (for the 76® brand), Motiva’s commercial operations supply more than 12 billion gallons of fuel to customers annually. Motiva is wholly owned by Aramco, one of the world’s largest integrated energy and chemicals companies.

Position Overview:

Reporting directly to the Vice President, Controller, and Enterprise Risk, the Chief Information Security Officer (CISO) at Motiva holds oversight over the organization's IT and OT enterprise information security programs.

Motiva seeks a cybersecurity leader to spearhead the implementation and management of the company's strategic security roadmap, governance, risk management, security operations, and security engineering functions across both Information Technology (IT) and Operational Technology (OT) domains. The CISO will play a pivotal role in driving cross-functional initiatives aimed at fortifying Motiva's cyber and information security program, providing expert knowledge and technical guidance. Continuously enhancing the program's maturity, the CISO will collaborate effectively to ensure Motiva's information security posture is future-ready, proactively identifying and mitigating current and potential risks, threats, and vulnerabilities.

As a key member of the VP, Controller, and Enterprise Risk Leadership Team, the CISO will work alongside peers to advise executive management on determining acceptable risk levels for the organization. Upholding Motiva's information security policies, the CISO will oversee processes safeguarding the privacy, accuracy, and accessibility of information concerning Motiva's clients, vendors, employees, and business operations. Proficient in business dynamics and well-versed in information protection and privacy laws, the ideal candidate will demonstrate the ability to work autonomously and collaborate with diverse stakeholder groups to uphold Motiva's secure environment.

• Provide overarching leadership and guidance to the Information Security organization, overseeing security operations, engineering, governance, risk management, compliance, operational technology, and related teams.
• Identify, report, and manage computer security incidents; promptly detect and communicate cyber threats; continuously monitor threats and implement appropriate preventative measures against security breaches.
• Direct and authorize the design of security systems; offer recommendations for enhancing existing and new security hardware, software, or associated tools.
• Establish a strategic framework to guide annual security investment decisions, incorporating sustainable metrics to measure performance and outcomes effectively.
• Uphold and enforce information system risk management and information security risk management framework and methodology; review and endorse information security policies, controls, and cyber incident response plans.
• Develop a comprehensive corporate education program to proactively educate the user community; collaborate on conducting annual mandatory information security awareness programs to alert employees to information security protocols and best practices.
• Ensure compliance with evolving laws and regulations, translating regulatory knowledge into actionable plans to mitigate potential risks and safeguard the enterprise.
• Provide regular briefings to the executive team on security status and risks; advocate for the overall security strategy and necessary budget allocation; disseminate security and risk management best practices across all business functions.
• Support routine security audits; engage with audit teams to address findings and facilitate resolutions.
• Interface with regulators as needed to ensure compliance with information security, data protection, and privacy laws or regulations.

• Possession of a professional security management certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or equivalent.
• Familiarity with common information security management frameworks including SOC 2, ISO/IEC 27001, ITIL, COBIT, and standards from NIST.
• Understanding of relevant legal and regulatory requirements, such as the Sarbanes-Oxley Act (SOX) and General Data Protection Regulation (GDPR).
• Minimum of 5 years of audit experience.
• Demonstrated advanced proficiency in IT systems security and technical security threats.

We reserve the right to amend or withdraw Motiva jobs at any time, including prior to the closing date. Depending on qualifications, the successful candidate may be offered a position at a more appropriate level and/or grade.

Applicants for regular U.S. positions must be authorized to work in the United States for Motiva Enterprises LLC without the need for sponsorship of an immigration authorization or visa (for example, TN, H-1B, or other employment-based immigration authorization or visa).

Motiva participates in E-Verify.

All qualified applicants will receive consideration for employment without regard to race, color, sex, national origin, age, religion, disability, sexual orientation, gender identity, protected veteran status, citizens

Our mission at Point is to make homeownership more valuable and accessible to all. Every day, we explore, build, and iterate to create innovative financial products that improve the lives of our customers. Together, we’re creating the premier full-stack home equity platform to help current homeowners access their home wealth and aspiring ones realize their dream of homeownership. Point has raised over $180M from Andreessen Horowitz, WestCap, Prudential and other leading investors.

Point seeks a driven, dynamic Head of Information Security to build and lead a comprehensive information security program and team. You will be establishing and maintaining an organizational-wide information security management program, collaborating with business stakeholders to drive initiatives in an exciting, fast-paced environment. As a strategic advisor, you will guide Point’s security posture and manage all aspects of Point’s information security program to ensure compliance with industry standards.

• Develop and maintain an information security strategy that aligns with organizational priorities, business objectives, regulatory requirements, and evolving risks, threats, and vulnerabilities.
• Grow and lead a highly skilled team managing and supporting security activity while overseeing the day-to-day relationships and activities.
• Implement and monitor a risk-based information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy, and recovery of information owned, controlled, and processed by the company.
• Review vendor contracts to ensure they meet security requirements.
• Oversee information security audits.
• Respond to external information security questionnaires.
• Partner with business units to ensure that risk management processes and security standards are understood and consistently applied across the company.
• Manage incident response plans and procedures as well as any security incidents and events.
• Evaluate security controls and opportunities for improvement and communicate recommendations to the executive team.
• Maintain a high degree of knowledge of current and proposed security changes impacting regulatory, privacy, and security industry best practice guidance.
• Develop and manage information security training and awareness across the company.

• Bachelor’s degree preferred in computer science, information assurance, MIS, or related field.
• At least 15 years of experience with 10 years of cybersecurity or information technology experience, preferably in the consumer financial industry.
• CISM or other industry security management certification.
• CISSP or other industry cybersecurity certification.
• Strong ability to identify needs, take initiative, and prioritize work efforts, balancing operational tasks with longer-term strategic security efforts.
• Ability to remain credible with the team and external constituents through sustained industry knowledge.
• Strong knowledge and understanding of information security management frameworks and various regulatory requirements such as SOC 2, NIST, SOX, and GLBA.
• Excellent project management, written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and non-technical audiences at various levels, ranging from investors to engineers.
• Demonstrated experience and success in senior leadership roles in risk management and information security.

Generous health benefits

• We provide medical, dental, and vision plans with options for flexible spending accounts (FSA) and health savings accounts (HSA). Point covers 99% of employee medical, dental, and vision premiums.

Unlimited paid time off

• Recharge with unlimited paid time off and 10 company holidays.

Flexible remote & onsite work

• Our teams work from many different locations and time zones. We support fully remote work and also have an amazing in-person environment in our downtown Palo Alto, CA HQ.

Fully paid parental leave

• Point will true-up wages from state-applicable PFL earnings so that the employee’s total gross pay will be equivalent to 100% of their regular base pay, as well as two weeks of fully paid leave to be available after exhaustion of state PFL.
• For employees in states without Paid Family Leave, Point will provide up to 8 weeks of paid parental leave.
• In addition, all employees will receive 4 weeks of fully paid transition time. For four weeks after returning from parental leave, and following the use of all other paid leave benefits, you may work part-time, meaning two or three days per week, and receive 100% of regular base pay.

Financial wellness

• We provide 401K retirement plans for employees as well as guaranteed life insurance and short- and long-term disability coverage. Full-time employees have the opportunity to take ownership in the company through equity options.

Extra work/life benefits

• We provide monthly stipends for internet, mobile plans, and a one-time home office reimbursement.

Point is proud to be an equal-opportunity employer. We provide employment opportunities regardless of age, race, color, ancestry, national origin, religion, disability, sex, gender identity or expression, sexual orientation, veteran status, or any other protected class. Each individual at Point brings their own perspectives, work experiences, lifestyles, and cultures with them, and we believe that a more diverse team creates more innovative products, provides better services to customers, and helps us all grow and learn.

Compensation at Point will be determined by skills, experience, and geographic location. Point has identified the expected annual base salary range for roles at this level based on market by tiers (Region | Location | Market Range):

• Tier 1 | San Francisco Bay Area, New York, Los Angeles, & Seattle | $185,600 - 278,400
• Tier 2 | Chicago, Austin, Denver, Boston, Washington DC, San Diego | $160,800 - 241,200
• Tier 3 | All other US metro areas | $148,800 - 223,200

This does not include any other potential components of the compensation package, including equity, benefits, and perks outlined above. At the launch of each position, we benchmark compensation to the appropriate role and level utilizing competitive compensation data from various data sources as references. At the offer stage, we use the signal we received from our interviews coupled with your experience, location, and other job-related factors to determine final compensation.

Finzly is headquartered in Charlotte, NC, and was founded in 2012 by financial engineers whose mission is to create a modern, real-time, and responsive platform for bankers who need to break free from core limitations. Our initial success and wider adoption arrived after the introduction of our foreign exchange, trade finance, lending, digital banking, and branch banking solutions. Finzly is on a mission to free banks from their core banking systems and core-vendor limitations, by creating an Appstore ecosystem that empowers banks to launch new products and services instantly and easily. Finzly enables financial institutions to make smarter technology decisions while getting to market at fintech speed.

Recently, Finzly has won the “Best and Brightest Companies to Work For” of 2022 & 2023 and the “Best Parallel Core Technology” award at the NACHA Smarter Faster Payments Conference in 2023.

About the Role:

Finzly is currently seeking a highly motivated Chief Information Security Officer to join our dynamic team based in Charlotte, NC. We are in search of an individual who thrives in a fast-moving environment and contributes to a team that embraces continuous delivery practices and places a strong emphasis on enhancing the customer experience. This role entails extensive collaboration and teamwork across various teams and organizational boundaries, playing a pivotal role in engineering services that consistently exceed customer expectations.

Our ideal candidate is a self-driven individual who excels at multitasking and flourishes as part of a collaborative team. Furthermore, we are seeking someone who possesses a genuine enthusiasm for exploring cutting-edge technologies, driving innovation, and thriving in a startup environment. If you're passionate about being part of a forward-thinking team, we encourage you to apply.

• Build and maintain effective relationships with business and technology stakeholders. Partner with the stakeholders across the company to raise awareness of risk management concerns.
• Develop and enhance an information security management framework (such as ISO, SOC2, etc.)
• Assist with the overall business technology planning by providing a current knowledge and future vision of technology and systems.
• Mitigate the risks various security threats pose to the organization's mission and goals.
• Developing secure business and communication practices, objectives, and metrics.
• Ability to develop and interpret standards, policies, and procedures and analyze systems and procedures, write and review standards and procedures, handle multiple projects.
• Work with external audit firms to achieve and maintain compliance accreditations.
• Manage client security assessments and develop internal security training programs and maintain materials for end-users.
• Stay current on security practices, threat landscape, laws, and regulations.
• Knowledge of network security threats and ability to implement preventative controls including firewalls, access controls, authentication systems, intrusion detection systems, VPNs, cryptography, etc.
• Ability to resolve advanced security issues in diverse and fast-paced environments.
• The ability to build good relationships at all levels and across all business units and organizations, and the ability to influence stakeholders of all levels.

• Minimum of 10 years of experience in a combination of risk management, information security, and IT jobs.
• Advanced knowledge in the information security domain.
• Experience implementing an internal information security program preferred.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001/27002, and NIST.
• Experience with Zero Trust Security tools like Zscaler is desirable.
• Familiarity with security tools such as SecureFrame and KnowBe4 is a plus.
• Excellent written and verbal communication skills and high level of personal integrity
• Innovative thinking and leadership with an ability to lead and motivate cross-functional teams.
• Specific experience in Agile (scaled) software development practices.
• Experience with cloud hosting environments such as AWS, Azure, etc.
• Experience in implementing SOC2 compliance is an added advantage. Specific experience in Agile (scaled) software development practices.
• Experience with cloud hosting environments such as AWS and Azure.
• Experience in implementing a SOC2 compliance is an added advantage.
• A bachelor's degree in information systems, business administration or a technology-related field is required.
• Professional security management certification is essential.

What We Offer:

• Full Benefits Package - medical, dental and vision coverage with HSA option
• Healthcare FSA and Dependent Care FSA
• Company-paid Life Insurance
• Company-paid Long-Term Disability
• Paid Holidays and generous Paid-Time Off
• Stock Options
• 401k Savings Retirement Plan
• Short Term Disability, Critical Illness and Accident Insurance
• Wellness Programs including Employee Assistance Program
• Annual Cash Bonus and more!