Chief Information Security Officer (CISO)

About The Position

Requirements

• Minimum 7+ years in security operations with demonstrated hands-on experience
• Deep expertise in cloud security (AWS, Google Cloud, Azure)
• Proven ability to personally deploy and configure enterprise security tools
• Strong understanding of modern DevOps practices and CI/CD security integration
• Experience with security automation and orchestration
• Hands-on experience with FedRAMP certification processes
• Track record of achieving and maintaining SOC 2, ISO 27001, or similar certifications
• Understanding of regulatory compliance requirements and audit processes
• Experience leading security initiatives in fast-growing organizations
• Strong communication skills for collaborating with global, distributed teams
• Ability to translate technical security concepts for various stakeholders
• Comfortable working in a startup environment with evolving requirements

Nice To Haves

• Currently in a similar-sized company CISO role, or a Deputy CISO, Director of Security Operations, or similar 'CISO minus one' role at a larger organization
• Experience in identity management or authentication technologies
• Background in both security operations and security engineering
• Previous startup or scale-up experience
• Located in or willing to work EST hours (strong preference for NY/NJ area)
• Public-facing CISO experience (client communications) is a plus but not required

Responsibilities

• Design, implement, and manage a comprehensive security operations infrastructure
• Personally configure and deploy security tools, including endpoint protection, SIEM, and cloud security solutions
• Build and optimize security monitoring, incident response, and threat detection capabilities
• Drive automation initiatives to eliminate manual inefficiencies in security processes
• Lead compliance initiatives including FedRAMP, SOC 2, and other regulatory frameworks
• Partner with business analysts to navigate regulatory requirements and audits
• Develop and maintain security policies, procedures, and documentation
• Manage security risk assessments and remediation programs
• Secure cloud infrastructure across AWS, Google Cloud, and other platforms
• Integrate security into CI/CD pipelines, working closely with DevOps teams
• Implement and manage security tools (CrowdStrike, etc.) across the organization
• Conduct hands-on security reviews of architecture and code
• Partner directly with development and engineering teams on secure software development
• Oversee internal IT security (smaller component of role)
• Communicate security initiatives and status to leadership and stakeholders
• Coordinate with global teams to ensure consistent security practices

Benefits

• Opportunity to build and shape security at a growing startup
• Direct impact on product and company security posture
• Collaborative environment with talented engineering teams
• Competitive compensation and equity package
• Flexible work arrangements with preference for hybrid in NY/NJ area