Chief Information Security Officer (CISO)
About The Position
As CISO, you will own Lumafield's security function end-to-endâfrom cloud infrastructure and product security to customer data protection and regulatory compliance. This is a rare opportunity to define security culture and architecture at a high-growth company whose customers share some of the most sensitive intellectual property in the world: proprietary product designs, internal manufacturing processes, and competitive R&D data. You will report directly to the CEO, and partner closely with Engineering, Product, Operations, and Sales to make sure security enables the business rather than slows it down.
Requirements
- 10+ years of progressive experience in information security, with at least 3 years in a senior leadership role (CISO, VP of Security, or equivalent)
- Demonstrated success building or significantly maturing a security program at a high-growth technology company
- Deep expertise in cloud security, particularly AWS, including IAM, network security, data encryption, and cloud-native security tooling
- Strong working knowledge of compliance frameworks: SOC 2, ISO 27001, CMMC, FEDRAMP, and ITAR/EAR
- Track record of leading incident response for significant security events
- Excellent communicator â able to translate complex security risk into clear business terms for the leadership team, customers, and cross-functional partners
- Experience managing security in enterprise sales cycles, including responding to customer security questionnaires and participating in procurement reviews
Nice To Haves
- Background in industrial technology, hardware/IoT security, or manufacturing sectors
- Experience with medical device, aerospace, or defense industry compliance requirements
- Prior experience as a first or early CISO, comfortable operating with both strategic vision and hands-on execution
- Relevant certifications: CISSP, CISM, CCSP, or equivalent
Responsibilities
- Define and execute Lumafield's multi-year information security strategy, aligning it with business objectives and customer trust requirements
- Own security architecture for Voyager, our cloud-based CT analysis platform, including data storage, access controls, API security, and multi-tenant isolation
- Embed security into the SDLC by partnering with Engineering and DevOps on threat modeling, secure code review, vulnerability management, and penetration testing
- Extend security best practices to Lumafield's hardware products and firmware, including the Neptune and Triton scanner families
- Lead and maintain compliance certifications (SOC 2 Type II, ISO 27001) and oversee ongoing adherence to ITAR/EAR requirements across our export-controlled facility and customer engagements
- Be an integral part of our enterprise sales process â handle security questionnaires, support complex sales cycles, and build trust with InfoSec teams at major manufacturers
- Build and continuously test Lumafield's incident response plan; own the enterprise risk register and manage third-party vendor risk
- Champion a security-first culture through training, clear policies, and acting as a pragmatic advisor to business stakeholders
Benefits
- competitive cash and equity compensation
- health & wellness stipend
- 401k
- parental leave
- flexible PTO
- commuter benefits
- company wide events and more!
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Executive
Education Level
No Education Listed
Number of Employees
1-10 employees
