Head of Information Security

GenLogs
35d
Match Resume

About The Position

GenLogs is a rapidly scaling information and intelligence company and our data, systems, and operational continuity are essential assets. We are hiring a Head of Information Security (CISO) to design, own, and continuously evolve GenLogs’ security program. This is a senior, independent security leadership role with direct C-suite access, explicit authority to challenge engineering and DevOps decisions, and responsibility for defining what must be secured first, next, and later—under real-world resource constraints. This role is not incident-response-heavy, red-team focused, or tool-driven. We are looking for a programmatic, strategic security leader who has built security from an advanced startup stage, understands how threats evolve faster than org charts, and knows how to set the tone of requirements without a large team.

Nice To Haves

  • Built or materially evolved a security program at a scaling startup
  • Experience prioritizing security under limited resources
  • Broad knowledge of cybersecurity programs in dynamic environments
  • Comfortable owning outcomes, not just advising
  • Strong judgment, executive presence, and political capability
  • May have engineering roots, but thinks in programs and risk, not tickets

Responsibilities

  • Own the Security Program — End to End
  • Design and own GenLogs’ company-wide information security strategy
  • Define the security roadmap under constrained resources
  • Set enforceable security requirements across engineering, operations, and corporate IT
  • Maintain independence from DevOps while collaborating closely with them
  • Serve as the final authority on security risk acceptance
  • Identify and Protect Existential Assets (Day-Zero Focus)
  • Identify GenLogs’ critical Tier 0 assets (data, systems, credentials, infrastructure)
  • Immediately prioritize: Identity & Access Management Data backup and recovery strategy Privileged access controls Credential hygiene
  • Define “company does not survive if this fails” scenarios and controls
  • Identity, Access, and Insider Threat Control
  • Own IAM strategy across all systems
  • Enforce least-privilege, role-based access, MFA, and privileged access reviews
  • Secure onboarding and offboarding as an insider-threat control mechanism
  • Reduce blast radius of credential compromise
  • Implement access governance with minimal friction
  • Endpoint, Device, and MDM Security
  • Secure all endpoints: laptops, mobile devices, and relevant field equipment
  • Own device inventory, encryption standards, patching cadence, and MDM enforcement
  • Define acceptable risk for BYOD vs managed devices
  • Address data exfiltration risks at the endpoint layer
  • Incident Readiness (Not Firefighting)
  • Define what incident response looks like before it happens
  • Establish: Incident response playbooks Executive decision trees Secure communication paths
  • Establish and manage an external incident-response retainer
  • Phased Security Roadmap
  • Build and maintain a phased execution plan
  • Revisit and adjust priorities as threats, company scale, and customer exposure change
  • Ensure security is always being built, never “finished”
  • SOC 2 Ownership (Means, Not the End)
  • Own SOC 2 end-to-end: Policies Controls Evidence Auditor relationship
  • Treat SOC 2 as baseline hygiene, not the finish line
  • Ensure compliance does not degrade operational velocity
  • Monitoring, Vulnerability Awareness, and Signal
  • Ensure monitoring exists for: Critical systems High-risk access Material security events
  • Track and respond to critical vulnerability disclosures
  • Focus on signal over noise—not tool sprawl
  • Executive Communication & Political Acumen
  • Brief the C-suite clearly on: Risk Tradeoffs Consequences
  • Advocate for security requirements in budget and roadmap discussions
  • Push back when necessary—with credibility and clarity
  • Translate technical threats into business risk
  • Government and Sensitive-Data Readiness
  • Position GenLogs for more sensitive enterprise and government work
  • Establish policies aligned with higher-assurance environments (without premature over-compliance)
  • Understand frameworks such as NISPOM at a practical level
  • Ensure early architectural decisions do not disqualify future opportunities

Benefits

  • Healthcare
  • Employer-covered comprehensive medical, dental, and vision plans
  • Employer contribution towards premiums of optional higher-end plans
  • Time Off
  • Unlimited PTO
  • Sick leave
  • Company holidays (GenLogs observes all US Government holidays)
  • Flexible leave for caregiving and medical needs
  • Family Support
  • Paid parental leave
  • Professional Development
  • Budget availability for approved professional development courses, certifications, and training
  • Travel Support
  • 100% travel reimbursement for all approved company travel and spending
  • Retirement Savings
  • 401(k) plan
  • A recruiter can provide more detail about the specific compensation and benefits associated with this role.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Executive

Education Level

No Education Listed

Job Search Resources

Similar Head of Information Security job opportunities

🔥 New JobHead of Information Security
Centific
Centific22h
🔥 New JobHead of Information Security (CISO)
Mission Lane
Mission Lane20h • Remote
Head of Information Technology
Keller Executive Search
Keller Executive Search • New York, NY13d
Head of Security
Applied Underwriters
Applied Underwriters • Omaha, NE12d • Onsite
Head of Security
Alpha Inc
Alpha Inc • Kula, HI5d • $80,000 - $100,000
Head of Security
LILT
LILT • Washington D.C., DC13d • Hybrid
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service