Director of Security Risk Engineering

The Opportunity:

As the Director of Security Risk Engineering, you will serve as a key senior leader working in direct partnership with the CISO to drive, shape, and mature Flywire's global enterprise security infrastructure and systems. In this role, you will bridge the gap between high-level security strategy and tactical engineering execution across six core domains: Application Security, AI Security, Cloud Security, Corporate Security, Security Operations (SecOps), and Red Teaming (Penetration Testing). 
In partnership with the internal stakeholder organizations, you will lead the organizational shift from technical recovery to global enterprise operational resilience, managing a highly impactful program that safeguards our global payment rails while fostering a culture of collaboration, innovation, and continuous improvement. A solid working knowledge of all aspects of cloud-native infrastructure, software applications, AI/LLM model development, governance & validation, and automated risk mitigation is required.
Responsibilities:

• Strategic Domain Leadership: Define, implement, and monitor a comprehensive security engineering strategy across Application Security, AI Security, Cloud Security, Corporate Security, Security Operations (SecOps/Incident Detection & Response), and Red Teaming (Penetration Testing), aligning initiatives with global business objectives and emerging financial threats.
• Team Management & Mentorship: Support the CISO to lead and manage the global security engineering organization, including hiring, training, mentoring, performance management, and budget oversight.
• Secure Architecture & Governance: Oversee the design and continuous improvement of secure architecture for systems, cloud infrastructure, networks, and applications, ensuring strict alignment with security best practices.
• Global Cross-Functional Collaboration: Partner with Business, Development, DevOps, Product, Program, Risk/Compliance, and IT leaders to seamlessly integrate security controls into all phases of the engineering and CI/CD lifecycle. Engage actively with external stakeholders, auditors and global regulators on related fronts.
• Advanced Cyber Risk Efficacy: Leverage AI and automated tooling to develop proactive measures, threat intelligence capabilities, and scalable defenses against vulnerabilities across all engineering domains.
• Adversarial / Penetration Testing: Personally adopt an attacker's mindset to identify complex attack chains, logic flaws, and zero-day vulnerabilities within financial platforms and product architectures.
• Incident Response & Operational Resilience: Direct and coordinate responses to critical enterprise security incidents, managing containment, forensic investigation, and rapid remediation efforts alongside SecOps.
• Regulatory Compliance Frameworks: Maintain an information security framework that ensures continuous readiness for strict industry audits and regulatory compliance requirements globally (e.g., NIST CSF 2.0, ISO 27001, PCI-DSS 4.0, DORA).
• Executive & Stakeholder Reporting: Define and maintain metrics that communicate security posture, program progress, and incident risk analysis to the CISO, senior executive leadership, and the Board.
• Innovation & Emerging Tech: Stay ahead of global fintech trends, adopting cutting-edge technologies and methodologies—specifically regarding secure AI deployment—to continuously strengthen the organization's security posture.