CISO

About The Position

Requirements

• 15+ years of experience with Cyber Security including recent hands-on experience conducting audits and remediations, investigation of security incidents, and other security tasks as needed.
• Bachelor's degree or higher in Computer Science, ideally with Cyber Security specific certifications.
• Experience managing a small team of security analysts. Hiring, coaching and mentoring them as needed.
• Ability to work closely with Engineering, Operations, Legal, and Compliance teams on security related tasks and initiatives.
• Experience with obtaining and maintaining HiTrust certification.
• Experience with maintaining HIPAA and PCI Compliance at an Ecommerce (D2C) Company.

Responsibilities

• Manage and mature an enterprise-wide information security strategy.
• Align cybersecurity initiatives with business objectives and regulatory requirements.
• Communicate security risks and strategies to executive leadership and the board.
• Conduct risk assessments and manage security risks proactively.
• Ensure compliance with industry regulations (e.g., HIPAA, PCI, NIST).
• Oversee audits, security assessments, and incident response planning. Execute them hands-on as needed.
• Implement security governance and risk management frameworks.
• Oversee the security operations center (SOC) and threat intelligence programs.
• Develop and implement incident response plans and lead breach investigations.
• Ensure the deployment and management of security tools (firewalls, intrusion detection, endpoint protection).
• Monitor and respond to emerging threats and vulnerabilities.
• Implement data protection measures, including encryption and access controls.
• Work with legal teams to ensure compliance with data privacy laws.
• Conduct cybersecurity awareness training for employees.
• Promote a security-conscious culture across the organization.
• Work with IT, legal, and compliance to ensure security integration.
• Assess and manage security risks in third-party vendors and partners.
• Evaluate and implement new security solutions and architectures.
• Monitor for bot attacks, credential stuffing, and API security vulnerabilities.
• Deploy and manage web application firewalls (WAF), DDoS protection, and endpoint security.

Benefits

• Compensation: $150,000 - 180,000
• Discretionary Annual Bonus Eligibility: Up to 25%
• Medical, Dental, Vision, and 401K with a company match
• Dependent Care, FSA & HSA accounts
• Paid Parental & Bonding Leave
• Flexible PTO & office closure on all major holidays
• Monthly wellness & internet reimbursements
• Professional development including certification support & leadership coaching
• Mental Health resources
• 100% remote within the United States
• Must be able to work EST hours