Chief Information Security Officer

Why Montrose Montrose is on a mission to protect the planet and public health using science, data, and technology at scale. Our commitment to environmental intelligence, regulatory insight, and advanced digital platforms drives our approach to security and risk management. The CISO role is pivotal in safeguarding our business, our clients, and our mission, moving beyond compliance optics to build a resilient, risk-based security culture that enables growth and innovation. This is not a checkbox compliance role. This is enterprise security leadership with real-world impact: embedding security into every layer of our technology stack, business processes, and product delivery. If you’re energized by building robust security programs, closing material risk gaps, and enabling modern engineering workflows, this role is built for you. The Role The Chief Information Security Officer (CISO) owns the strategy, architecture, and execution of Montrose’s enterprise security program. The CISO leads a cross-functional security team (Governance, Risk & Compliance, Security Operations, Identity & Access Management) and partners with Legal, Infrastructure, Applications, and Product Engineering to deliver a comprehensive, scalable, and audit-ready security posture. You will define how security is designed, governed, and operationalized, driving clarity where there is complexity and accountability where there is fragmentation. You’ll be bold about policy lifecycle management, asset visibility, and risk prioritization, while preparing the organization for the next generation of compliance, monitoring, and secure product delivery. What We Can Offer You Our mission is supported by our principles: We Value Our People, We Value Our Community, We Value Our Clients, We Value Our Shareholders. We differentiate ourselves with diverse talent. We care for the well-being and development of our people. So, we offer: Regular interaction and partnership with the executive team and senior leaders across Montrose Competitive compensation package: annual salary ranging from $275,000 - $300,000 USD; eligible for annual bonus of 30-40% Competitive medical, dental, and vision insurance coverage 401k with a competitive 4% employer match Progressive vacation policies and company holidays to ensure work/life balance A financial assistance program to help support peers in need known as the Montrose Foundation Access to attractive student loan rates to optimize your student loan payoff plans Key Responsibilities Enterprise Security Strategy & Architecture: Own the end-to-end vision and roadmap for Montrose’s enterprise security program; define reference architectures and governance principles aligned to NIST 800-171, ISO 27001, NIST CSF, CIS Controls. Risk Management & Compliance: Build and maintain a CMMC L2 compliant enclave; align governance and controls to regulatory frameworks; lead incident readiness and response. Security Operations & Architecture: Establish a complete asset inventory and validate tool coverage; segment and secure lab networks; partner with CTO and engineering teams to enable secure, modern software development. Policies, Training & Culture: Publish clear policies and governance procedures; ensure annual reviews and training; govern guest/external data sharing in M365. Team & Leadership: Lead and grow a high-performing security organization spanning GRC, SecOps, and IAM; serve as a trusted partner to executives. What Success Looks Like (9-12 Months) A clearly defined, well-governed enterprise security architecture is in place. Asset inventory and tool coverage are complete and validated; continuous monitoring is operational. CMMC readiness achieved; SOC 2/ISO 27001 certification plan is underway. Security policies are published, enforced, and aligned to best practices. Security is embedded in engineering workflows and product delivery. Qualifications 10+ years of experience leading enterprise security programs and teams (GRC, SecOps, IAM) with direct CIO reporting. Demonstrated success aligning programs to NIST 800-171, ISO 27001, NIST CSF, CIS Controls, and achieving compliance. Proven ability to operationalize policy lifecycle management, incident response, and audit readiness. Track record partnering with Legal, Infrastructure, Applications, and engineering teams to reconcile control rigor with delivery needs. Ability to communicate effectively with executives, technical teams, and business leaders. You respectfully challenge your peers, and welcome the opportunity when others challenge you. You are flexible, resilient, and curious. Preferred Industry certifications (e.g., CISSP, CISM). Experience preparing for or implementing SOC 2/ISO 27001 audits and CMMC enclaves. Background in regulated, data-intensive, or multi-line-of-business environments. Why This Role Is Compelling As CISO at Montrose, you will own and shape the entire security program - transforming it from a reactive, compliance-driven function into a proactive, business-enabling force. You’ll have the mandate and executive support to build a modern, risk-based security culture that not only protects the organization but also empowers innovation and growth. Your leadership will directly impact Montrose’s ability to win and retain business, meet evolving regulatory demands, and deliver on our mission to protect the planet and public health. By partnering across IT, Legal, Product, and Operations, you’ll ensure that security is a strategic enabler, removing friction, building trust with clients, and supporting the rapid adoption of new technologies. If you want to drive meaningful change, influence business outcomes, and lead a security program that is respected as a business partner - not just a gatekeeper - this is the role. Make The Right Move To Accelerate Your Career Montrose is a leading environmental solutions company focused on supporting commercial and government organizations as they deal with the challenges of today and prepare for what's coming tomorrow. With ~3,400 employees across 100+ locations worldwide, Montrose combines deep local knowledge with an integrated approach to design, engineering, and operations, enabling Montrose to respond effectively and efficiently to the unique requirements of each project. From comprehensive air measurement and laboratory services to regulatory compliance, emergency response, permitting, engineering, and remediation, Montrose delivers innovative and practical solutions that keep its clients on top of their immediate needs – and well ahead of the strategic curve. For more information, visit www.montrose-env.com. We are going to be blunt – the way we work may not suit everyone. Montrose is a fast-paced, dynamic and high-growth company. You are your own boss, but you will get ample guidance and support from talented, engaged, super-smart colleagues from Montrose and its service providers. Therefore, if freedom, autonomy, and head-scratching professional challenges attract you, we could be the perfect match. Want to know more about Montrose? Visit montrose-env.com and have fun! Montrose is an Equal Opportunity Employer. Montrose is committed to providing access and reasonable accommodation in its employment for individuals with disabilities. We’re blazing new trails. Forget everything you think you know about how environmental companies work. Montrose Environmental Group was designed from the ground up to deliver a better experience and better outcomes for both our clients and our employees. We’re growing rapidly—with a purpose. We’re bringing the best minds on board, and giving them the freedom to focus on what matters most: coming up with ingenious, effective ways to measure, assess, and address real-world situations. The kind that face industries of all kinds right now, and the kind that we want to be the first to see on the horizon. When we do that, we add value. We create opportunities for our clients and ourselves. We grow. We learn. We make a real difference in the world around us. You can help lead the way. Are you ready to innovate? Collaborate? Meet the requirements of ever-evolving regulations and keep up with the demands of a dynamic, expanding team? Work across disciplines to develop solutions no one has seen before? Apply today to join our Montrose team! Montrose is committed to being an inclusive workplace. Montrose is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability. You can read more about EEO here or view the EEO Posters. If you’d like to view a copy of the company’s affirmative action plan or policy statement, please email [email protected]. If you have a disability and you believe you need a reasonable accommodation in order to search for a job opening or to submit an online application, please e-mail [email protected] or call 949-988-3500. This email and phone number are created exclusively to assist disabled job seekers whose disability prevents them from being able to apply online. Only messages left for this purpose will be returned. Messages left for other purposes, such as following up on an application or technical issues not related to a disability, will not receive a response.