VP & Chief Information Security Officer

About The Position

Requirements

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field.
• 10+ years of progressive experience in information security, risk management, or IT leadership roles.
• 5+ years in a senior leadership position, preferably as a CISO, VP of Security, or equivalent executive role.
• Demonstrated success building and scaling enterprise security programs in high-growth or complex environments.
• Deep knowledge of compliance and regulatory frameworks including SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, and CCPA.
• Proven experience managing multi-million-dollar budgets and demonstrating ROI on security investments.
• Exceptional executive presence with demonstrated ability to communicate effectively with boards, C-suite executives, customers, and technical teams.
• Experience leading incident response and crisis management in enterprise environments.

Nice To Haves

• Master's degree in Cybersecurity, Business Administration, Risk Management, or related discipline
• Industry-recognized certifications such as CISSP, CISM, CISA, CCISO, CGEIT, or equivalent
• Experience in hybrid cloud, SaaS, colocation, or data center environments
• Track record of supporting revenue growth through security as a sales enabler and customer differentiator
• Background in regulated industries or managing security for service provider environments
• Experience with security transformation initiatives and modern security architecture patterns (Zero Trust, SASE, etc.)

Responsibilities

• Design and implement a scalable security strategy and governance model that aligns with business objectives, is adaptable, and anticipates the unique risks and requirements of hypergrowth.
• Design and execute a forward-looking cybersecurity strategy that supports innovation while maintaining customer trust and competitive differentiation, proactively positioning security as a competitive advantage that builds and sustains stakeholders' trust at scale.
• In partnership with Compliance Team, maintain and enhance compliance posture across multiple frameworks including SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, and CCPA 2.0.
• Establish automated, risk-based security governance frameworks and controls that scale effortlessly with the business, enabling decentralized and informed decision-making.
• Lead enterprise-wide threat detection, vulnerability management (TVM), and incident response programs with measurable effectiveness metrics.
• Instantiate security-as-code and automated frameworks for architecture, engineering, and operations to eliminate manual toil and support hypergrowth.
• Improve an operationalized proactive cyber resilience program focused on minimizing business impact during and after a security event.
• Lead the evolution of the SOC, leveraging automation and threat intelligence to achieve 24/7 coverage with maximum efficiency, and transition it towards a data-driven security-as-a-service model.
• Define and track business-oriented security metrics and key risk indicators (KRIs) that directly inform business leaders on risk exposure and the effectiveness of security investments.
• Drive continuous improvement in mean time to detect (MTTD) and mean time to respond (MTTR).
• Build a continuous compliance framework, using automation to maintain real-time audit readiness and demonstrate control effectiveness with minimal friction for product and engineering teams.
• Embed security and privacy by design into the product development lifecycle, enabling rapid innovation while meeting and exceeding customer expectations.
• Lead enterprise risk assessment programs and maintain a comprehensive risk register with clear mitigation strategies.
• Develop a risk quantification program to translate technical risks into business impacts and inform data-driven investment decisions for the executive team and board.
• Act as a strategic business partner to the CEO, C-suite, and board, using deep business acumen to align security with Flexential's growth objectives.
• Equip the sales and customer success teams to confidently communicate our security story, turning our security posture into a key enabler for winning and retaining enterprise customers.
• Scale security culture throughout the organization by empowering all teams to own their security, moving from a centralized security gatekeeper model to a decentralized security enablement model.
• Represent Flexential externally with customers, prospects, regulators, auditors, and industry organizations as a cybersecurity thought leader.
• Build strategic relationships with peer CISOs, industry groups, and security vendor partners.
• Build and mentor a high-performing security organization that is structured for scale, leveraging automation and delegation to maximize impact and embed security ownership across engineering and product teams.
• Cultivate an innovative and collaborative security culture that empowers the business to move fast securely, positioning the security team as an accelerator, not a roadblock.
• Create psychological safety that allows teams to learn from setbacks and continuously improve.
• Establish clear goals, performance metrics, and accountability frameworks aligned with organizational objectives.
• Implement structured career development paths and succession planning within the security organization.

Benefits

• Medical, Telehealth, Dental and Vision
• 401(k)
• Health Savings Accounts (HSA) and Flexible Spending Accounts (FSA)
• Life and AD&D
• Short Term and Long-Term disability
• Flex Paid Time Off (PTO)
• Leave of Absence
• Employee Assistance Program
• Wellness Program
• Rewards and Recognition Program