Chief Information Security Officer

Why join Tipalti?

Tipalti is one of the world’s fastest-growing fintech companies. We free finance professionals to lead by modernizing the entire payables operation. We are a well-funded, late-stage start-up backed by high-profile investors. Our 2021 Series F funding round raised $270 million, valuing us at over $8.3 billion. With total funding of just over $550 million, and with more than 5000 global customers, Tipalti is one of the most valuable private fintech companies in the world.

At Tipalti, we pride ourselves on our collaborative culture, the quality of our product and the capabilities of our people. Tipaltians are passionate about the work they do, and keen to get the job done. Tipalti offers competitive benefits, a flexible workplace, career coaching, and an environment where diverse individuals can thrive and make an impact. Our culture ensures everyone checks their egos at the door and stands ready to reach for success together.

Founded in Israel in 2010, Tipalti is a global business with approximately 1,200 employees. We are headquartered in the San Francisco Bay Area (Foster City) with additional offices in Tel Aviv, Plano, Toronto, Vancouver, London, Amsterdam and Tbilisi.

About the Role

As Tipalti’s Chief Information Security Officer (CISO), you will own and lead all aspects of Information Security for Tipalti. Reporting to the CTO, you will lead and manage three teams which are individually responsible for Governance Risk and Compliance, Product Security and Security Operations.  As CISO, you will shape and execute our security strategy and roadmap, ensuring trust, resilience, and compliance at scale. You will grow and lead the security department and work closely with Tipalti leadership to balance business growth with risk management. Externally, you will represent Tipalti to customers, auditors, and regulators, reinforcing our commitment to security and trust. Above all, you will ensure that our customers, data, and operations remain secure as we scale. 

Overall Security Governance Strategy

• Define and execute the company-wide security strategy and roadmap
• Align security initiatives with Tipalti’s business objectives and risk appetite
• Report on security posture to company executives and te board

Security Operations

• Infrastructure Security - Collaborate with DevOps and IT teams to secure our infrastructure and cloud environment
• Endpoint Security - Protect employee devices and access points
• SaaS Security - Monitor and secure third-party SaaS applications
• Data Loss Prevention - Implement controls to prevent unauthorized data access, sharing, and exfiltration across systems and endpoints
• Identity and Access Management - Manage the company’s access policy and controls
• Threat Detection & Incident Response - Establish SIEM, threat intelligence, and forensic capabilities
• Incident Response - Respond to security events, conduct investigations, and lead mitigation efforts

GRC (Governance, Risk, and Compliance)

• Risk Management & Assessments - Perform regular risk assessments on Tipalti’s systems, processes, and infrastructure, and drive mitigation plans
• Certifications & Compliance - Maintain compliance with SOC 2, ISO 27001, DORA, NYDFS, and other regulations
• Audits & Regulatory Compliance - Lead security audits, manage interactions with external auditors, government agencies, and regulatory bodies
• Third-Party & Vendor Security Assessments - Conduct security evaluations of vendors and partners to ensure data protection standards are met
• Security Policies & Frameworks - Maintain and enforce company-wide security policies, ensuring cross-functional adoption

Product Security

• Secure Software Development Lifecycle (SSDLC) - Integrate security into our development processes, shift left on security through the entire product lifecycle
• Application Security & Penetration Testing - Manage the product security posture, oversee regular penetration tests, and drive vulnerability remediation
• API & Data Security - Secure API endpoints, implement best-practices and data protection controls
• Privacy & Compliance by Design - Ensure compliance with privacy regulations (GDPR, CCPA, etc.) in product development
• Customer Assurance & Trust - Manage security reviews, customer security questionnaires, and trust center

Security Culture & Leadership

• Lead and build the security team
• Create and roll out periodic security awareness training programs for employees
• Maintain a security-first culture through awareness programs, phishing simulations, and ongoing education
• Partner with business units across Engineering, IT, Legal, Compliance, and Operations to embed security across all functions

About You

• Bachelor's degree in Computer Science, Information Security, or a related field (Master’s or MBA is a plus)
• Professional certifications such as CISSP, CISM, CISA are strongly preferred.
• 15+ years of experience in Information Security, Cybersecurity, or similar roles
• 3+ years as a CISO or senior security leader in a fast-growing organization
• Experience securing SaaS solutions in cloud environments (AWS, Azure, GCP) - strong advantage
• Strong background in web application security (OWASP Top 10), DevSecOps, and SSDLC
• Hands-on experience with cybersecurity incident response, forensics, and crisis management
• Familiarity with encryption, data protection, privacy regulations (GDPR, CCPA, PCI-DSS, SOC 2, ISO 27001, etc.)
• Strong communication skills in both English and Hebrew - ability to convey security risks to technical and non-technical stakeholders
• Business- and data-oriented mindset - able to present security considerations in a structured, data-driven way that enables informed business decisions
• Ability to stay ahead of emerging cybersecurity threats, trends, and compliance requirements

Interested in learning more about us?

Tipalti is the only company handling both global partner payments and accounts payable workflows for high-velocity companies across the entire financial operations cycle: onboarding and managing global suppliers, instituting procurement controls, streamlining invoice processing and approvals, executing payments around the world, and reconciling payables data across a multi-subsidiary finance organization. Tipalti enables companies to scale quickly by making payables strategic with operational, compliance, and financial controls. Through Tipalti, our clients can efficiently and securely pay thousands of partners and suppliers in 196 countries within minutes. 

Tipalti is fueled by a commitment to our customers and a desire to build lasting connections. Our client portfolio includes high-velocity businesses such as Amazon Twitch, GoDaddy, Roku, WordPress.com, and ZipRecruiter. We work hard for our 98% customer retention rate which is built on trust, reliability and innovation. Tipalti means we handled it" - a mission to which we are constantly committed.

Accommodations
Tipalti champions inclusive teams, in which every voice counts. We are committed to recruiting diverse candidates with varied personal experiences and abilities. We welcome applications from candidates belonging to historically underrepresented or disadvantaged groups, and maintain an equitable Talent Acquisition process that is free from discrimination.

As an equal opportunities employer, Tipalti complies with employment and human rights laws across the various jurisdictions in which we operate. Should you require reasonable adjustments or accommodations during the recruitment process, including access to alternate formats of materials, meeting spaces, or other accommodations that could better enable your full participation, please reach out to hr@tipalti.com for assistance.

Privacy
We are committed to protecting the privacy interests of job applicants and candidates. For more information about our privacy practices during our Talent Acquisition process, please refer to our Job Candidate Privacy Notice below:

Job Candidate Privacy Notice | Tipalti

www.tipalti.com/privacy/job-candidate-privacy-notice/