Chief Information Security Officer

About The Position

Requirements

• 7–10 years of security leadership experience, including 3+ years in a Chief Information Security Officer or equivalent role (IT Security Officer, Deputy CISO, Managing Partner, IT Security Practice).
• Hands-on ownership and successful completion of multiple: SOC 2, HIPAA, CMMC, or NIST 800-171/800-53 audit cycles, including designing, leading and supporting the program.
• Demonstrated experience leading incident response for material incidents, including executive and customer communication, response strategy and repeatable successful outcomes.
• Experience managing and closely partnering with multiple 24x7 SOC teams (in-house, co-managed, and outsourced).
• Track record of building or significantly scaling a security team and the program it runs.
• Strong written and verbal communication, for example, demonstrated ability to move fluently between a board deck, a customer sales call, and a specific security service event.
• Comfort in operating in a fast-moving, client-service environment where security is both internal function and a company revenue driver.
• Warm and welcoming team-oriented demeanor with clear abilities to craft a positive security aware culture throughout an organization, and with its client base.

Nice To Haves

• Prior experience at an Enterprise Scale Organization, MSP, MSSP, or security consultancy.
• Direct vCISO or fractional CISO client facing delivery experience.
• Experience preparing an organization for new compliance certifications.
• Relevant certifications such as CISSP, CISM, CCSP, or CISA.
• Familiarity with the tooling common to MSP environments (RMM, PSA, EDR/XDR/AV, SIEM, ITDR, SAT etc).

Responsibilities

• Define and execute the enterprise information security strategy activities, roadmap, and budget.
• Own the internal risk management program: threat management, vulnerability management, access governance, and third-party risk.
• Lead all compliance and audit activities including SOC 2 Type II, and CMMC Level 2 certification.
• Serve as the executive security voice in client contracts, vendor contracts, security questionnaires, RFP responses and other compliance-related requests.
• Drive the security awareness and training program across all employees and contractors.
• Lead the strategy, staffing model, and tooling for our 24x7 Security Operations Center.
• Own the incident response program: runbooks, tabletop exercises, on-call rotations, and post-incident reviews.
• Be the executive lead during active security incidents affecting the company or our clients, including customer and regulator communication.
• Define detection engineering priorities and measure SOC effectiveness with clear KPIs (MTTD, MTTR, false-positive rate).
• Scale and mature our vCISO service line: delivery methodology, playbooks, solution architecting and senior client relationships.
• Directly advise our highest-value clients as their fractional CISO on strategy, board reporting, and regulatory posture.
• Shape our Governance, Risk, and Compliance (GRC) consulting offering, including readiness assessments, policy development, and audit support across SOC 2, HIPAA, CMMC, NIST and other.
• Partner with Sales to scope security engagements and convert technical credibility into pipeline.
• Partner with the CTO and Product team to define the roadmap for our security service offerings and any productized security tooling.
• Translate threat landscape shifts and client pain into product requirements and differentiated offerings.
• Represent the voice of the security practitioner in architecture and build-vs-buy decisions.
• Lead, mentor, and grow the existing security team; make the hiring and structural decisions needed to scale.
• Report regularly to the CTO and executive team on security posture, risk, and program investment.
• Represent the company's security practice externally at industry events, in analyst briefings, and with strategic partners.
• Develop and implement strategics plans that support the integration of acquired security practices and for the organic growth of the existing business in line with corporate goals.
• Maintain budgetary accountability for the Security Operations Team, and the Security Services Business Revenue.

Benefits

• Comprehensive medical, dental, vision, and 401(k) with match.
• Annual performance bonus and equity participation.
• PTO