we are looking for an experienced, hands-on Chief Information Security Officer to build and lead our security strategy from the ground up. As a fast-growing mature privately held startup, we need a security leader who can balance strategic vision with roll-up-your-sleeves execution. This role is ideal for someone who thrives in dynamic environments and excels at owning and driving Information Security end to end. The CISO will report to the companys COO.
Key Responsibilities
Oversee our companys end-to-end information security program, ensuring the protection of data, systems, applications, and employees.
Build, lead, and scale a high-performing security team of 5+ professionals.
Develop and implement a comprehensive security strategy aligned with business goals, industry best practices, and regulatory requirements.
Define and monitor company wide security policies, standards, governance frameworks, and technical controls (e.g., firewalls, IDS/IPS, endpoint security).
Lead Governance, Risk, and Compliance (GRC), including risk assessments, vulnerability management, incident response, and maintenance of the organizational risk register.
Drive proactive security monitoring and threat management, including insider threats, phishing, social engineering, credential theft, and emerging risks.
Conduct regular security assessments and partner with business units to identify, prioritize, and remediate vulnerabilities.
Ensure readiness for internal and external audits; manage the audit process with agencies, auditors, customers, and stakeholders.
Select, implement, and manage security technologies, tools, vendors, and processes supporting the organizations security objectives.
Closely collaborate with the IT team, who will be responsible for executing the security policies.
Collaborate with DevOps and engineering teams to strengthen security posture and embed secure-SDLC practices.
Provide executive-level communication and reporting to leadership and the board regarding cybersecurity risks, investments, and priorities.
Develop and deliver organization-wide security awareness and training programs.
Manage the security budget and resources efficiently.
Key Responsibilities
Oversee our companys end-to-end information security program, ensuring the protection of data, systems, applications, and employees.
Build, lead, and scale a high-performing security team of 5+ professionals.
Develop and implement a comprehensive security strategy aligned with business goals, industry best practices, and regulatory requirements.
Define and monitor company wide security policies, standards, governance frameworks, and technical controls (e.g., firewalls, IDS/IPS, endpoint security).
Lead Governance, Risk, and Compliance (GRC), including risk assessments, vulnerability management, incident response, and maintenance of the organizational risk register.
Drive proactive security monitoring and threat management, including insider threats, phishing, social engineering, credential theft, and emerging risks.
Conduct regular security assessments and partner with business units to identify, prioritize, and remediate vulnerabilities.
Ensure readiness for internal and external audits; manage the audit process with agencies, auditors, customers, and stakeholders.
Select, implement, and manage security technologies, tools, vendors, and processes supporting the organizations security objectives.
Closely collaborate with the IT team, who will be responsible for executing the security policies.
Collaborate with DevOps and engineering teams to strengthen security posture and embed secure-SDLC practices.
Provide executive-level communication and reporting to leadership and the board regarding cybersecurity risks, investments, and priorities.
Develop and deliver organization-wide security awareness and training programs.
Manage the security budget and resources efficiently.
Requirements:
5+ years of experience in senior leadership roles with a minimum of 2-3 years in a CISO role
10+ years of experience within an information security, GRC and Information Security organization, within a technology company.
Must have led external audits and presented to board and executive management.
Proven track record of building and implementing successful security programs.
Proven knowledge of IT GRC frameworks such as COBIT, ISO 27001, NIST, etc.
Experience building and operating a security incident response program.
Strong experience building a SSDLC framework and driving adoption within SWE teams.
Strong understanding of product security best practices and industry standards.
Excellent communication, presentation, and interpersonal skills.
Ability to work effectively in a global environment, and experience with international customers.
Relevant security certifications (e.g., CISSP, CISO, CISA, CISM).
Self-starter, self-driven executive who can work independently but also collaboratively.
5+ years of experience in senior leadership roles with a minimum of 2-3 years in a CISO role
10+ years of experience within an information security, GRC and Information Security organization, within a technology company.
Must have led external audits and presented to board and executive management.
Proven track record of building and implementing successful security programs.
Proven knowledge of IT GRC frameworks such as COBIT, ISO 27001, NIST, etc.
Experience building and operating a security incident response program.
Strong experience building a SSDLC framework and driving adoption within SWE teams.
Strong understanding of product security best practices and industry standards.
Excellent communication, presentation, and interpersonal skills.
Ability to work effectively in a global environment, and experience with international customers.
Relevant security certifications (e.g., CISSP, CISO, CISA, CISM).
Self-starter, self-driven executive who can work independently but also collaboratively.
This position is open to all candidates.
