Head of Risk & Security

The Role

Akoya is seeking a seasoned, hands-on Head of Risk & Security to lead and mature our cybersecurity, risk management, and IT governance functions as we scale our secure, API-driven open finance network.

This leader will serve as the operational backbone of Akoya’s security and risk programs — translating strategy into execution. You will lead and develop a team across security engineering, cyber operations, risk, compliance, and IT, while partnering closely with Engineering, Product, Legal, Customer Success, and Business Development.

This role is ideal for a builder — someone who has scaled capabilities in security and risk functions in startup or fintech environments and understands the unique demands of serving both:

• Financial Institutions (Data Providers) with rigorous regulatory and third-party risk requirements
• Fintechs and Data Recipients operating in agile, API-first ecosystems

You will play a critical role in protecting Akoya’s Data Access Network and Open Finance Solution while strengthening trust across our ecosystem of financial institutions and fintech partners.

Key Responsibilities

Risk Management

• Mature and execute Akoya’s enterprise risk management (ERM) framework.
• Develop and track key risk indicators (KRIs) aligned with business OKRs.
• Lead third-party risk management across fintech partners, vendors, and service providers.
• Conduct product risk assessments across new open finance capabilities.
• Support regulatory readiness related to CFPB Section 1033 and evolving open banking requirements.

Security & Cyber Operations Leadership

• Lead day-to-day execution of Akoya’s cybersecurity program across product, infrastructure, and corporate environments.
• Operationalize secure-by-design principles across SDLC in partnership with Engineering.
• Oversee vulnerability management, penetration testing, red teaming, and incident response.
• Drive continuous improvement of zero-trust cloud architectures (AWS-centric).
• Enhance monitoring, automation, and threat intelligence capabilities.

Compliance & Regulatory Alignment

• Own operational execution of SOC 2 Type II and other certifications.
• Ensure alignment with NIST, ISO 27001/27002, GLBA, SOX, PCI (as applicable).
• Partner closely with Legal and Product on regulatory interpretation and implementation.
• Respond to due diligence inquiries from financial institutions, fintechs, investors, and regulators.

IT Governance & Internal Controls

• Oversee corporate IT governance in partnership with the IT Systems Administrator (end-user security, device management, identity, remote access).
• Ensure strong IAM, endpoint protection, DLP, encryption, and secure collaboration tooling.
• Align IT and Security controls with remote-first operating model.

Team Leadership & Organizational Development

• Lead and mentor security engineers, risk analysts, and IT personnel.
• Build scalable team structure aligned with growth in API volume and institutional adoption.
• Foster a strong security culture where accountability and transparency are embedded across functions.
• Act as a senior advisor to ELT.

Ecosystem Trust & External Engagement

• Interface directly with security and risk leaders at major financial institutions and fintech clients.
• Support sales and customer conversations requiring deep technical credibility.
• Represent Akoya in industry forums and working groups (e.g., FDX-aligned initiatives).

Qualifications

Not all applicants will have skills that match a job description exactly. Akoya values diverse experiences in other industries, and we encourage everyone who meets the required qualifications to apply. While having “desired” qualifications make for a strong candidate, we encourage applicants with alternative experiences to also apply. If your career is just starting or has not followed a traditional path, do not let that stop you from considering Akoya. We are always looking for people who will bring something new to the table!

Required Experience/skills

• 12+ years in enterprise risk, cybersecurity, or information security.
• 5+ years leading risk/security teams in fintech, SaaS, or regulated environments.
• Experience building or scaling security programs in startup or high-growth organizations.
• Deep cloud security expertise (AWS required; multi-cloud a plus).
• Strong hands-on knowledge of:
• • Zero-trust architecture
  • Secure SDLC
  • Threat modeling
  • Vulnerability management
  • Incident response
• Demonstrated ownership of SOC 2 and regulatory audits.
• Experience working with both:
• • Regulated financial institutions (bank-side risk expectations)
  • Fintechs or API-based SaaS platforms (data recipient expectations)

Preferred Experience/skills

• Experience in open banking / open finance ecosystems.
• Familiarity with FDX standards and OAuth/OIDC-based authentication models.
• Certifications such as CISSP, CISM, CRISC, or equivalent.
• Experience briefing executives or board-level stakeholders.

Akoya is an equal-opportunity employer.

This remote position is only available to individuals living in the greater Boston, MA, New York City, NY and Raleigh, NC areas. Candidates who do not live within these areas will not be considered for this role.