Title:  Senior Lead, Cybersecurity (Paisly)

Position Summary:

The Senior Lead, Cybersecurity plays a critical role in the daily execution and supervision of Paisly’s security operations. This individual is the key hands-on technical leader responsible for safeguarding the company’s systems, data and customers within our cloud-native environment and extensive Software as a Service (SaaS) interconnectivity.

The ideal candidate is an experienced leader and technical expert, deeply proficient in Development, Security and Operations (DevSecOps) practices. This role ensures security controls are effectively applied, acting as the primary escalation point for operational security issues and focusing on implementing technical solutions that balance business agility with security imperatives.

Essential Responsibilities:

• Serve as a trusted security advisor to Paisly leadership, assisting with business decisions that include appropriate risk considerations.
• Develop and maintain key risk indicators to measure cybersecurity risk, presenting security threats to senior and technology leadership.
• In the future, this role will include the responsibility of leading a small team of security professionals while driving a collaborative, business-aligned security culture.
• Maintain hands-on experience with Google Cloud Platform (GCP) security services and design.
• Practical experience with containerization and orchestration (Docker, Kubernetes/GKE) and/or serverless environments (e.g., Cloud Functions, Cloud Run).
• Experience implementing identity and access management in GCP, Cloud Identity and Access Management (Cloud IAM), workload identity federation, Security Assertion Markup Language (SAML) and Open IDConnect (OIDC).
• Experience conducting risk assessments, mapping controls to frameworks, National Institute of Standards and Technology (NIST), Cybersecurity Framework (CSF), Center for Internet Security (CIS Controls), ISO 27001, and communicating risk in business terms.
• Leverage the Adversarial Tactics, Techniques, and Common Knowledge (MITRE ATT&CK) framework to model threats, assess security control coverage against adversary tactics and enhance detection and response strategies.
• Participate in the security architecture review process to ensure that new products, services and infrastructure are designed and implemented with security built-in from the start.
• Enhance and oversee a data governance program, including data classification, encryption standards and Data Loss Prevention (DLP) strategies to protect sensitive information.
• Oversee the corporate threat intelligence program, translating intelligence from various sources into actionable defense improvements and proactive threat hunting.
• Proven ability to build and scale security processes in a growing organization.
• Partner with Engineering and Product teams to embed DevSecOps practices into CI/CD pipelines, including automated testing, secure builds and shift-left security.
• Oversee core security functions: incident response, vendor risk management, vulnerability management, identity and access management and security awareness.
• Ensure secure interconnectivity of Application Programming Interfaces (APIs), third-party integrations and cross-cloud data flows.
• Conduct and oversee tabletop exercises for disaster recovery, business continuity and incident response.
• Develop and track Key Performance Indicators (KPIs) and metrics to measure and report security performance and risk posture to Paisly and JetBlue leadership.
• Ensure compliance with applicable airline, financial, and data protection regulations (e.g., Payment Card Industry (PCI), Data Security Standard (DSS), General Data Protection Regulation (GDPR), Sarbanes–Oxley Act (SOX).
• Actively engage in security incident detection, investigation and remediation.
• Build and scale right-sized processes that balance agility with regulatory and enterprise standards.
• Other complex projects and duties as assigned.

Minimum Experience and Qualifications:

• Bachelor’s Degree; OR demonstrated capability to perform job responsibilities with a combination of a High School Diploma/GED and at least four (4) years of previous relevant work experience in Information Security, Computer Science, Business or a related field.
• Four (4) years of progressive Information Technology (IT) or security experience, with at least two (2) years in a direct security practitioner role.
• One (1) year experience leading cybersecurity teams.
• Hands-on experience with cloud-native environments such as Google Cloud Platform (GCP).
• Displayed knowledge of cloud security patterns (zero trust, Secure Software Development Life Cycle (SDLC), infrastructure as code security, DevSecOps).
• Proven ability to embed security into the software development lifecycle through DevSecOps practices, including automated security checks, infrastructure-as-code validation, and pipeline integration.
• Knowledge of security frameworks such as National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), International Organization for Standardization - Standard 27001 (ISO 27001), and Center for Internet Security (CIS) Controls.
• Excellent written and verbal communication skills, with the ability to translate technical risks into business terms.
• Proven ability to build and scale security processes from the ground up.
• Available for occasional overnight travel (10%).
• Must pass a ten (10) year background check.
• Must be legally eligible to work in the country in which the position is located.
• Authorization to work in the US is required. This position is not eligible for visa sponsorship.

Preferred Experience and Qualifications:

• Experience in technology, travel, retail, airline, or other regulated industry.
• Proven ability to work autonomously, set priorities and drive initiatives forward in a fast-paced environment.
• Experience operating within an affiliate or matrixed organizational model, balancing local business needs with enterprise security standards.
• Familiarity with container security, API security, identity & access management and zero-trust models.
• Proven ability to influence and drive technical security uplifts.
• One or more security certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certificate of Cloud Security Knowledge (CCSK), Certified Cloud Security Professional (CCSP), or similar.
• The use of ChatGPT or any other automated tool during the interview process will disqualify a candidate from being considered for the position

Crewmember Expectations:

• Regular attendance and punctuality.
• Potential need to work flexible hours and be available to respond on short-notice.
• Able to maintain a professional appearance.
• When working or traveling on JetBlue flights, and if time permits, all capable crewmembers are asked to assist with light cleaning of the aircraft.
• The use of ChatGPT or any other automated tool during the interview process will disqualify a candidate from being considered for the position.

Equipment:

• Computer and other office equipment.

Work Environment:

• Traditional office environment (hybrid flexibility may apply).

Physical Effort:

• Generally not required, or up to 10 pounds occasionally, 0 pounds frequently (Sedentary).