Chief Information Security Officer (CISO)

Bitsight•Boston, MA

2d•$280,000 - $375,000•Hybrid

About The Position

Bitsight is a cyber risk management leader transforming how companies manage exposure, performance, and risk for themselves and their third parties. Companies rely on Bitsight to prioritize their cybersecurity investments, build greater trust within their ecosystem, and reduce their chances of financial loss. Built on over a decade of technological innovation, its integrated solutions deliver value across enterprise security performance, digital supply chains, cyber insurance, and data analysis. We invented the cyber ratings industry in 2011 Over 3000 customers trust Bitsight Over 750 teammates are dispersed throughout Boston, Raleigh, New York, Lisbon, Singapore, and remote. About Bitsight Bitsight is transforming how organizations manage cybersecurity risk by delivering objective, data-driven insights into security performance. We leverage advanced AI to empower organizations with precise analytics derived from the industry's most extensive external cybersecurity dataset. With more than 3,500 customers and over 68,000 organizations active on our platform, Bitsight enables teams to identify vulnerabilities, detect emerging threats, prioritize remediation, and mitigate risks across their extended attack surface in real time. As a global leader in cyber risk ratings, we empower enterprises, insurers, governments, and other organizations to proactively manage risk across their digital ecosystem. The Objective We are seeking a strategic, operationally rigorous, and commercially engaged CISO who views security not as a cost center, but as a product differentiator and a catalyst for global trust. You will protect our enterprise value by securing our global infrastructure, while simultaneously building enterprise value by acting as a peer-level advisor to our customers, influencing our product roadmap, and defining how AI transforms cyber risk management. Role Overview Bitsight is seeking a Chief Information Security Officer to lead and evolve our global security program. This role is both inward-facing and outward-facing, requiring a leader who can balance internal enterprise defense with external market influence. Internal Defense & Cross-Functional Partnership: You will be responsible for protecting Bitsight’s internal systems, infrastructure, employees, products, and data. You will partner closely with executive leadership, Product, Engineering, Legal, IT, GRC, People, and customer-facing teams to continuously strengthen our security posture. Market Voice & Customer Trust: You will serve as a trusted security voice with customers, partners, analysts, media, and the broader cybersecurity community. AI-Powered Risk Strategy: Combining deep technical and operational security expertise with strong business acumen and executive presence, you will play a critical role in shaping Bitsight’s perspective on how organizations can understand, measure, and reduce cyber risk in an environment increasingly influenced by AI-driven threats.

Requirements

10+ years of experience in cybersecurity, information security, or risk management, including 5+ years leading enterprise, corporate, or product-adjacent security organizations in high-growth SaaS, cloud, technology, or cybersecurity companies.
Proven experience building, scaling, and maturing modern security programs across cloud-native, data-rich, and globally distributed environments.
A deep, hands-on background in modern cloud-native security including: IAM, incident response, DLP, and vulnerability management. This combined with an expert-level understanding of the evolving threat landscape, specifically AI-enabled risks such as GenAI attacks and automated reconnaissance. You bring this technical rigor together with the strategic pragmatism required to balance strict security priorities against operational realities, customer needs, and business growth.
Strong, practical experience with compliance and governance frameworks, including SOC 2, ISO 27001, NIST, and related standards.
Ability to be in our Boston headquarters regularly to collaborate with the executive team and lead the local security culture.
An exceptional communicator with sound judgment and the ability to serve as a steady hand during crises, combined with a deep commitment to mentorship, cross-functional collaboration, and driving a robust security culture at scale.
The ability to translate complex technical risks—including AI-driven threats—into clear business impact, options, tradeoffs, and actionable guidance. Contributes credibly to product, market, and thought leadership discussions without losing focus on day-to-day operational security execution.
A student of how LLMs and automation are changing the adversary's playbook. Leverages this curiosity alongside strong customer-facing instincts to build trust with sophisticated security, risk, and executive buyers.

Responsibilities

Oversee security across endpoints, IAM, cloud infrastructure (AWS/Azure), SaaS applications, and data protection programs. Lead incident response, threat detection, and vulnerability management.
Ensure our program keeps pace with a rapidly changing threat landscape, including AI-assisted phishing, GenAI attacks, and automated reconnaissance. Enable secure and responsible adoption of AI across the enterprise, balancing innovation velocity with appropriate governance, risk management, and protection of proprietary data assets. Define governance for secure enterprise AI adoption, including protecting proprietary datasets and responsible internal AI usage.
Drive security architecture practices in close partnership with Engineering, Product, and Product Security teams.
Lead enterprise risk assessments, mitigation planning, third-party risk, and business continuity initiatives.
Partner closely with Engineering, Product, IT, Legal, GRC, People, Finance, and Go-To-Market teams to operationalize security initiatives across the business.
Serve as an executive security sponsor in high-value customer, prospect, partner, and renewal conversations. Support customer trust initiatives, security reviews, audits, and executive briefings.
Partner with Product and Research teams to inform Bitsight’s strategy around AI-powered cyber risk, emerging threat behaviors, and how customers can better understand and manage exposure in a changing threat environment.
Translate complex technical telemetry and AI-driven threats into clear business risk, options, and actionable guidance for the CEO, CFO, and Board.
Establish security KPIs, metrics, and reporting frameworks to measure program effectiveness, operational maturity, and business impact.
Partner closely with Legal, Privacy, and GRC to ensure rigorous adherence to SOC 2, ISO 27001, NIST, privacy obligations, and emerging global AI regulations.
Serve as one of the public faces of Bitsight’s security and AI strategy, representing the company with customers, analysts, industry groups, regulators, and media.
Influence market understanding of how organizations can defend against AI-powered risks through better measurement, governance, prioritization, and continuous risk visibility.
Build strategic relationships with fellow security leaders, analysts, regulators, and partners across the cybersecurity ecosystem.