SECTION I · THE BRIEF
Brief #95121Updated 22 APR 2026REMOTEGreenhouseSOFTWARE COMPANIES
Employbl Company Profile

Head of Risk & Security

Akoya is a financial service company creating a new API-based network enabling access to consumer financial data. It also connects financial accounts and fintech apps reliably with APIs through a single integration on…

Location
Remote
Company size
20–100
Posted
2mo ago
Via
Greenhouse
Section II · Premium ProfileMembers only
  • 01Comp band & equity packageLocked
  • 02Seniority & experience requirementsLocked
  • 03Interview process & rubricLocked
  • 04Hiring manager & team contextLocked
  • 05Growth trajectory in this roleLocked
  • 06Offer & decision timelineLocked

7-day free trial · $25/mo · cancel anytime

Akoya logo

Head of Risk & Security - Akoya

View Company Profile
Job Title
Head of Risk & Security
Job Location
Remote in Boston, New York, Raleigh Areas
Job Description

Meet the future

Akoya is an API-based network backed by major financial institutions that creates a safer and more transparent way for people to safely send their personal financial data to third-party financial apps. If you are inspired and fascinated by innovative technology that solves complex, real-world problems, then join us as we transform how financial data is accessed and shared. Akoya offers a highly collaborative, fast-paced, and fun working environment and our team is comprised of diverse, creative, and driven professionals with expertise in the banking, securities, fintech, and data aggregation industries. We are an equal opportunity employer. Come join us and be part of this exciting journey – check out www.akoya.com for more information!

The Role

Akoya is seeking a seasoned, hands-on Head of Risk & Security to lead and mature our cybersecurity, risk management, and IT governance functions as we scale our secure, API-driven open finance network.

This leader will serve as the operational backbone of Akoya’s security and risk programs — translating strategy into execution. You will lead and develop a team across security engineering, cyber operations, risk, compliance, and IT, while partnering closely with Engineering, Product, Legal, Customer Success, and Business Development.

This role is ideal for a builder — someone who has scaled capabilities in security and risk functions in startup or fintech environments and understands the unique demands of serving both:

  • Financial Institutions (Data Providers) with rigorous regulatory and third-party risk requirements
  • Fintechs and Data Recipients operating in agile, API-first ecosystems

You will play a critical role in protecting Akoya’s Data Access Network and Open Finance Solution while strengthening trust across our ecosystem of financial institutions and fintech partners.

Key Responsibilities

Risk Management

  • Mature and execute Akoya’s enterprise risk management (ERM) framework.
  • Develop and track key risk indicators (KRIs) aligned with business OKRs.
  • Lead third-party risk management across fintech partners, vendors, and service providers.
  • Conduct product risk assessments across new open finance capabilities.
  • Support regulatory readiness related to CFPB Section 1033 and evolving open banking requirements.

Security & Cyber Operations Leadership

  • Lead day-to-day execution of Akoya’s cybersecurity program across product, infrastructure, and corporate environments.
  • Operationalize secure-by-design principles across SDLC in partnership with Engineering.
  • Oversee vulnerability management, penetration testing, red teaming, and incident response.
  • Drive continuous improvement of zero-trust cloud architectures (AWS-centric).
  • Enhance monitoring, automation, and threat intelligence capabilities.

Compliance & Regulatory Alignment

  • Own operational execution of SOC 2 Type II and other certifications.
  • Ensure alignment with NIST, ISO 27001/27002, GLBA, SOX, PCI (as applicable).
  • Partner closely with Legal and Product on regulatory interpretation and implementation.
  • Respond to due diligence inquiries from financial institutions, fintechs, investors, and regulators.

IT Governance & Internal Controls

  • Oversee corporate IT governance in partnership with the IT Systems Administrator (end-user security, device management, identity, remote access).
  • Ensure strong IAM, endpoint protection, DLP, encryption, and secure collaboration tooling.
  • Align IT and Security controls with remote-first operating model.

Team Leadership & Organizational Development

  • Lead and mentor security engineers, risk analysts, and IT personnel.
  • Build scalable team structure aligned with growth in API volume and institutional adoption.
  • Foster a strong security culture where accountability and transparency are embedded across functions.
  • Act as a senior advisor to ELT.

Ecosystem Trust & External Engagement

  • Interface directly with security and risk leaders at major financial institutions and fintech clients.
  • Support sales and customer conversations requiring deep technical credibility.
  • Represent Akoya in industry forums and working groups (e.g., FDX-aligned initiatives).

Qualifications

Not all applicants will have skills that match a job description exactly. Akoya values diverse experiences in other industries, and we encourage everyone who meets the required qualifications to apply. While having “desired” qualifications make for a strong candidate, we encourage applicants with alternative experiences to also apply. If your career is just starting or has not followed a traditional path, do not let that stop you from considering Akoya. We are always looking for people who will bring something new to the table!

Required Experience/skills

  • 12+ years in enterprise risk, cybersecurity, or information security.
  • 5+ years leading risk/security teams in fintech, SaaS, or regulated environments.
  • Experience building or scaling security programs in startup or high-growth organizations.
  • Deep cloud security expertise (AWS required; multi-cloud a plus).
  • Strong hands-on knowledge of:
    • Zero-trust architecture
    • Secure SDLC
    • Threat modeling
    • Vulnerability management
    • Incident response
  • Demonstrated ownership of SOC 2 and regulatory audits.
  • Experience working with both:
    • Regulated financial institutions (bank-side risk expectations)
    • Fintechs or API-based SaaS platforms (data recipient expectations)

Preferred Experience/skills

  • Experience in open banking / open finance ecosystems.
  • Familiarity with FDX standards and OAuth/OIDC-based authentication models.
  • Certifications such as CISSP, CISM, CRISC, or equivalent.
  • Experience briefing executives or board-level stakeholders.

Akoya is an equal-opportunity employer.

This remote position is only available to individuals living in the greater Boston, MA, New York City, NY and Raleigh, NC areas. Candidates who do not live within these areas will not be considered for this role.

 

The actual base pay offered may take into account the candidate's work location, relevant education, job-related knowledge, skills, and experience, among other factors.
Hiring Range:
$160,000$200,000 USD

Get the Saturday tech briefing

New company profiles, funding moves, and who’s hiring across the market — every Saturday morning.

Akoya Headquarters Location

Boston, MA

View company profile

Akoya Company Size

Between 20 - 100 employees

Akoya Founded Year

2018

Akoya Funding Rounds

View funding details