VP, Deputy Chief Information Security Officer (Remote)

Neumo Holdings LLC TX, US, TX
Remote

About The Position

Neumo is building a unified Information Security program across five lines of business and three legacy environments — Avenu, ITI, and GovOS. The CISO sets strategy and owns the board and executive relationship; the VP, Deputy CISO owns execution. This is a distinct, operational mandate: you run the program day to day, lead the four functional teams, make the working-level calls on tooling and process, and are personally accountable for the roadmap that gets us to SOC 1, SOC 2, PCI DSS, FedRAMP High, and GovRAMP. This role exists because compliance commitments at this scale don't run on strategy alone — they run on someone who manages the leads, resolves the conflicts, and keeps evidence collection, scans, and assessments on schedule across three environments that don't yet operate the same way.

Requirements

  • 10+ years in information security, with at least 4 years managing security teams or functional leads directly.
  • Direct experience operating through at least one SOC 2 or SOC 1 audit cycle and one PCI DSS assessment cycle as a control owner or program lead.
  • Track record of standardizing security tooling or process across multiple business units, products, or post-merger environments.
  • Comfortable making and owning tooling/process decisions without escalating every call upward — this role is judged on throughput, not just judgment.
  • Working knowledge of NIST CSF 2.0 and how it maps to GRC, AppSec, Cloud/Vuln, and SecOps functions.

Nice To Haves

  • Experience with FedRAMP or GovRAMP authorization work — control implementation, SSP development, or 3PAO assessment support — strongly preferred.
  • Experience with vulnerability management platforms (e.g., Tenable) and WAF/cloud security tooling a plus

Responsibilities

  • Directly manage the four functional leads — GRC, AppSec, Cloud/Vulnerability, and SecOps — setting priorities, removing blockers, and holding them accountable to delivery.
  • Run the operating cadence for the team: weekly leads sync, sprint/quarter planning, and performance management for direct reports.
  • Build a consistent operating model across the four functions so GRC, AppSec, Cloud/Vuln, and SecOps work from shared priorities rather than in silos.
  • Resolve tooling and process decisions at the working level across Avenu, ITI, and GovOS.
  • Own the standardization roadmap that brings three legacy environments onto common tooling, control sets, and operating procedures.
  • Act as the escalation point when legacy entities disagree on approach; make the call and move the work forward.
  • Own the operational roadmap behind SOC 1 and SOC 2: continuous evidence collection, control owners, and audit readiness ahead of annual audits.
  • Own PCI DSS operations: the annual assessment cycle plus quarterly scan cadence, remediation tracking, and scope management.
  • Drive the FedRAMP High authorization effort and the parallel GovRAMP pursuit — both multi-year, high-cost programs (FedRAMP High alone typically runs 12–24 months and $500K–$1M+) — translating authorization requirements into workstreams, milestones, and owners.
  • Maintain a single rolling roadmap across all frameworks so audit cycles, scan windows, and authorization milestones are sequenced, resourced, and visible — and don't collide.
  • Report program status, risks, and resourcing needs to the CISO with enough detail to support executive and board reporting.
  • Serve as the day-to-day owner of external audit and assessment relationships (e.g., compliance advisory firms, QSAs, 3PAOs), keeping evidence requests, timelines, and findings moving.
  • Manage tooling vendors supporting GRC, vulnerability management, and security operations, including renewal and consolidation decisions across the three legacy stacks.

Benefits

  • competitive benefits and compensation package
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service