Chief Information Security Officer

Why Montrose Montrose is on a mission to protect the planet and public health using science, data, and technology at scale. Our commitment to environmental intelligence, regulatory insight, and advanced digital platforms drives our approach to security and risk management. The CISO role is pivotal in safeguarding our business, our clients, and our mission, moving beyond compliance optics to build a resilient, risk-based security culture that enables growth and innovation. This is not a checkbox compliance role. This is enterprise security leadership with real-world impact: embedding security into every layer of our technology stack, business processes, and product delivery. If you’re energized by building robust security programs, closing material risk gaps, and enabling modern engineering workflows, this role is built for you. The Role The Chief Information Security Officer (CISO) owns the strategy, architecture, and execution of Montrose’s enterprise security program. The CISO leads a cross-functional security team (Governance, Risk & Compliance, Security Operations, Identity & Access Management) and partners with Legal, Infrastructure, Applications, and Product Engineering to deliver a comprehensive, scalable, and audit-ready security posture. You will define how security is designed, governed, and operationalized, driving clarity where there is complexity and accountability where there is fragmentation. You’ll be bold about policy lifecycle management, asset visibility, and risk prioritization, while preparing the organization for the next generation of compliance, monitoring, and secure product delivery. What We Can Offer You Our mission is supported by our principles: We Value Our People, We Value Our Community, We Value Our Clients, We Value Our Shareholders. We differentiate ourselves with diverse talent. We care for the well-being and development of our people. So, we offer: Regular interaction and partnership with the executive team and senior leaders across Montrose Competitive compensation package: annual salary ranging from $275,000 - $300,000 USD; eligible for annual bonus of 30-40% Competitive medical, dental, and vision insurance coverage 401k with a competitive 4% employer match Progressive vacation policies and company holidays to ensure work/life balance A financial assistance program to help support peers in need known as the Montrose Foundation Access to attractive student loan rates to optimize your student loan payoff plans Key Responsibilities Enterprise Security Strategy & Architecture: Own the end-to-end vision and roadmap for Montrose’s enterprise security program; define reference architectures and governance principles aligned to NIST 800-171, ISO 27001, NIST CSF, CIS Controls. Risk Management & Compliance: Build and maintain a CMMC L2 compliant enclave; align governance and controls to regulatory frameworks; lead incident readiness and response. Security Operations & Architecture: Establish a complete asset inventory and validate tool coverage; segment and secure lab networks; partner with CTO and engineering teams to enable secure, modern software development. Policies, Training & Culture: Publish clear policies and governance procedures; ensure annual reviews and training; govern guest/external data sharing in M365. Team & Leadership: Lead and grow a high-performing security organization spanning GRC, SecOps, and IAM; serve as a trusted partner to executives. What Success Looks Like (9-12 Months) A clearly defined, well-governed enterprise security architecture is in place. Asset inventory and tool coverage are complete and validated; continuous monitoring is operational. CMMC readiness achieved; SOC 2/ISO 27001 certification plan is underway. Security policies are published, enforced, and aligned to best practices. Security is embedded in engineering workflows and product delivery.