- Company Name
- NEOGOV
- Job Title
- Vice President, Chief Information Security Officer (CISO)
- Job Description
-
**Job Title**
Vice President, Chief Information Security Officer (CISO)
**Role Summary**
Lead the end‑to‑end Information Security program for a fast‑growing SaaS organization, driving security maturity, embedding secure engineering practices, and ensuring compliance with FedRAMP, SOC 2, NIST 800‑53, GDPR, and CCPA. Serve as a strategic partner to product, engineering, data, DevOps, compliance, HR, and legal teams to secure the digital ecosystem, including AI/ML initiatives, while managing vendor risk and incident response.
**Expectations**
- Deliver a robust, secure, and compliant security posture that supports scalable product innovation.
- Act as a business enabler, translating technical security requirements into clear, actionable terms for cross‑functional stakeholders.
- Maintain and enhance policy, procedure, and governance frameworks aligned with evolving regulatory standards and business needs.
- Represent security to senior management, auditors, and regulators, providing metrics, risk assessments, and improvement plans.
**Key Responsibilities**
1. Design, implement, and oversee the complete Information Security program for the organization.
2. Lead the secure digital ecosystem strategy, integrating AI/ML, identity management, cloud security, and DevSecOps into product development pipelines.
3. Partner with product, engineering, and data teams to embed security‑by‑design principles in the software development lifecycle.
4. Guide secure and responsible adoption of AI/ML, covering data privacy, model governance, and infrastructure controls.
5. Manage the FedRAMP Moderate program, coordinating with compliance teams, engineering, and external assessors.
6. Champion security as a product differentiator to enhance customer trust and market positioning.
7. Continuously evolve security policies, standards, and procedures; ensure alignment with SOC 2, NIST 800‑53, and emerging requirements.
8. Lead business continuity, incident response, and disaster recovery planning; conduct exercises and report outcomes.
9. Conduct regular information‑security risk assessments and present findings to senior leadership.
10. Collect, analyze, and report security metrics and key performance indicators.
11. Negotiate and maintain relationships with security vendors, third‑party risk management, and service contracts.
12. Collaborate cross‑functionally to embed security practices into cloud infrastructure, development workflows, and operations.
**Required Skills**
- 10+ years of security and IT operations experience, 5+ in leadership roles.
- Proven track record managing security programs in SaaS, cloud‑native (AWS, Azure, Okta) environments.
- Deep knowledge of security architecture, IAM, application security, cloud infrastructure protection, and DevSecOps.
- Experience with FedRAMP Moderate, SOC 2, NIST 800‑53, GDPR, and CCPA compliance.
- Strong understanding of AI/ML security, data governance, and model lifecycle management.
- Excellent cross‑functional collaboration, risk communication, and business‑focused decision making.
- Strong vendor management and third‑party risk assessment capabilities.
- Ability to develop and present security metrics and risk reports to executives and auditors.
- Hands‑on technical fluency balanced with strategic leadership.
**Required Education & Certifications**
- Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, Business, or equivalent work experience.
- At least one professional security certification (e.g., CISSP, CISM, CISA, CIPP, CIPT).
---