Head of Information Security
SmarketsCFTC-Regulated Business Unit (DCM)
Location: Chicago, IL. Fully remote to start, transitioning to 3 days/week in office.
About Smarkets
Smarkets is a prediction market exchange for sports and political trading that has handled over $50 billion in volume since 2010. We are upending the sports betting industry by growing a platform that offers the best value for traders, with not only the fairest prices but also the best technology, alongside a superior customer experience.
We believe the foundation to our success is attracting the best people to our organisation and creating a high-performance environment where they can thrive. We are searching for an atypical candidate with a wealth of regulated business experience to support the development of our CFTC business.
The Role
This is a senior security leadership role sitting within our CFTC-regulated business unit, responsible for the information security, cybersecurity, and operational resilience of our Designated Contract Market (DCM). You will design and enforce the policies and controls that protect the confidentiality, integrity, and availability of our critical systems and data, in alignment with Core Principle 20 (System Safeguards) under 17 CFR § 38.1050 et seq. This is a founding build: our licensing applications are in-flight and you will stand up the security programme through to go-live, then operate and mature it as the business scales. You will lead efforts to identify and mitigate cyber and physical threats, coordinate incident response, and ensure the DCM can continue operating under stress, working closely with engineering, risk, and compliance, including our UK-based teams, to embed security across the software development life cycle and infrastructure. You will work directly with the CEO and senior management, with the support of the Smarkets UK team behind you.
About You
Senior security leader with 7+ years of senior-level information security experience, ideally within financial services, exchange infrastructure, or critical regulated systems.
Demonstrated leadership in implementing cybersecurity, compliance, and resilience programmes in high-risk environments.
Deep familiarity with CFTC expectations around system safeguards, including Core Principle 20 and 17 CFR § 38.1050 et seq.
Direct experience with security and risk assessments, incident response planning and execution, cybersecurity compliance audits (internal or regulatory), and disaster recovery and business continuity programmes.
Experience managing or working with geographically distributed engineering and infrastructure teams.
Strong understanding of security frameworks and secure software development practices.
Excellent communication and reporting skills, including for executive and regulatory audiences.
Responsibilities
Define and implement the DCM's information security vision, strategy, and programme, consistent with CFTC Core Principle 20 and industry-aligned best practice.
Lead risk identification, vulnerability management, and cyber threat mitigation across all DCM technology assets.
Ensure the design and enforcement of security controls across infrastructure, software development, vendor relationships, and end-user operations.
Own the incident response framework, including procedures for detection, containment, reporting, recovery, and root cause analysis.
Direct the business continuity and disaster recovery programmes, ensuring systems and teams can operate during disruption.
Prepare and maintain system safeguards documentation, audit logs, penetration tests, and other evidence for CFTC oversight and examinations.
Serve as the executive lead for cybersecurity audits, control testing, and CFTC technology compliance.
Collaborate with engineering, DevOps, product, and risk to ensure secure-by-design development and deployment, including across UK-based teams.
Regular
Similar roles
Design & Tech
Related reads from TCHNX

The Quiet Revolution in Local-First Software
As major platforms face outages and data breaches, a new generation of developers is building applications that prioritise local data storage and peer-to-peer sync, challenging the cloud-first orthodoxy that's dominated tech for two decades.

The Quiet Revolution in Edge AI: Why Your Next Computer Might Not Need the Cloud
As neural processing units become standard in consumer devices, we're witnessing a fundamental shift in how AI applications work. Local processing is no longer a fallback; it's becoming the preferred architecture.

The Rise of AI-Assisted Code Generation 2: Are Developers Becoming Prompt Engineers?
As AI coding assistants reshape software development, the industry grapples with a fundamental question: is writing code giving way to writing prompts? We examine how London's tech scene is adapting to this seismic shift.

