Chief Information Security Officer (CISO)

Transact Campus•Atlanta, GA

1d•Hybrid

About The Position

Illumia empowers education, healthcare, and corporate enterprises with secure, intelligent technology that streamlines operations and enriches experiences for everyone they serve. Formed by the merger of Transact and CBORD, Illumia is a portfolio company of Roper Technologies (NYSE: ROP) serving more than 1,750 client institutions across higher education, healthcare, corporate, and senior living markets. Illumia serves over 12 million students, facilitates over $58 billion in transactions annually, and connects more than 1,100 colleges and universities through over 300 technology and integration partners. The company operates across three business units — Campus ID and Commerce, Integrated Payments, and Healthcare — with a portfolio spanning campus identity and access, commerce and payments, food and nutrition management, and data analytics. As a registered partner and ISO of Elavon (U.S. Bancorp), Illumia operates at the intersection of institutional technology and regulated financial services. The CISO is a senior technology leader responsible for Illumia’s enterprise-wide information security strategy, program, and culture. Reporting to the CTO, this role serves as the company’s top security leader — translating cyber risk into business language, protecting customer and institutional data, enabling compliant product growth, and building a world-class security organization. This is both a transformation and leadership role. The CISO will unify two legacy security programs (Transact and CBORD) into a single, cohesive operating model while maintaining continuous compliance and operational readiness. The ideal candidate thrives in complex, multi-product SaaS environments, understands how security is evolving in an AI-first world, and can operate confidently in the boardroom while remaining deeply trusted by engineering and product teams. Illumia follows NIST’s cybersecurity framework and maintains a public Security and Trust Center. Current certifications and compliance posture include SOC 2 Type I and Type II (including SOC 2+ HITRUST Type II for healthcare products), PCI DSS v4.0.1 across multiple product lines, TX-RAMP and GovRAMP authorizations, and HIPAA Security Compliance for healthcare products. The CISO will inherit this foundation and be expected to evaluate, evolve, and unify it into a single enterprise-class security operation.

Requirements

12+ years in information security, with 4+ years as CISO, Deputy CISO, or VP of Security
Proven leadership at a B2B SaaS or cloud-native company; experience scaling security through mergers, acquisitions, or platform consolidation
Deep expertise in cloud security architecture (AWS, Azure, and/or GCP), secure SDLC, and modern threat detection and response
Hands-on leadership of SOC 2 Type II and PCI DSS audits
Experience with FERPA, HIPAA, or other education and healthcare regulatory frameworks
Demonstrated ability to communicate security risk to non-technical executives, boards, and parent company leadership
Track record building and scaling security teams, including organizational design and vendor management
Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field required

Nice To Haves

PCI Level 1 experience strongly valued
HITRUST, GovRAMP, or TX-RAMP experience is a plus
Experience in a portfolio company or PE-backed environment is a plus
Master’s or MBA preferred
CISSP, CISM, CCSP, CISA, CRISC, or CCISO strongly preferred
Familiarity with AI security governance tools and Zero Trust architecture frameworks preferred

Responsibilities

Define and evolve a multi-year enterprise security roadmap across all three business units, aligned to business objectives and risk appetite
Serve as primary security advisor to the executive leadership team and primary security liaison to Roper Technologies
Lead the unification of security programs, toolsets, and policies inherited from Transact and CBORD
Lead Security Operations, GRC, Application Security, and Cloud Security functions
Own SOC 2, PCI DSS, HITRUST, TX-RAMP, GovRAMP, FERPA, and HIPAA compliance programs
Secure SaaS platforms and cloud environments through secure SDLC, vulnerability management, and penetration testing programs
Partner with Engineering and Product to embed security by design without impeding delivery velocity
Establish AI security governance to manage AI tool adoption and AI-specific risks across the organization
Lead or manage security operations (SIEM, EDR, XDR, threat intelligence) through in-house, MSSP, or hybrid models
Own the incident response program and business continuity / disaster recovery testing
Oversee corporate IT security including endpoint protection, patch management, and identity hygiene
Establish cross-business unit security governance to drive consistency while accommodating domain-specific requirements
Recruit, develop, and retain a high-performing security team; manage external vendors, MSSPs, and auditors
Maintain and evolve the public Security and Trust Center