Chief Information Security Officer

Chief Information Security Officer (CISO)

Our public-sector SaaS client is seeking an experienced Chief Information Security Officer (CISO) to lead enterprise-wide security, privacy, and risk management. This is a mission-critical leadership role supporting growth in state and local government (SLED) markets while enabling secure product innovation, AI adoption, and commercial scale.

The CISO will serve as the executive owner of cybersecurity risk, ensuring the company meets and exceeds the security, compliance, and regulatory expectations of a trusted Gov Tech SaaS provider. This leader will balance rigor with pragmatism, building a security-first culture that accelerates trust and growth without slowing the business.

• Define and execute a comprehensive, enterprise-grade security strategy aligned with business objectives and public-sector requirements
• Serve as the primary cybersecurity risk leader, reporting to the CEO, executive leadership team, and Board
• Build and scale high-performing Security, GRC, and Security Operations teams
• Position security as a business enabler that drives customer trust and enterprise deal velocity

• Own compliance across key frameworks including SOC 2 Type II, State
  
  RAMP, NIST (800-53 / 800-171), CJIS (as applicable), ISO 27001, and state privacy laws
• Lead audits, continuous monitoring, remediation, and third-party risk management
• Partner closely with Legal on privacy, data governance, AI policy, and contractual obligations
• Embed secure-by-design and privacy-by-design principles throughout the product lifecycle
• Establish and enforce a Secure Software Development Lifecycle (SSDLC) in partnership with Engineering
• Oversee application, infrastructure, and cloud security across AWS and Azure environments
• Own vulnerability management, penetration testing, and secure coding standards
• Lead incident response, crisis management, and breach notification for public-sector customers
• Ensure disaster recovery and business continuity plans meet government SLAs
• Conduct regular incident simulations and post-incident reviews

• Partner with Product and AI leadership to secure and govern AI initiatives
• Establish controls addressing AI-specific risks such as data leakage, model misuse, and regulatory exposure

• Act as the senior security authority with customers, prospects, auditors, and partners
• Support Sales and Customer Success with RFPs, security reviews, and compliance documentation
• Engage directly with customer CISOs, CIOs, and IT leaders across state and local agencies

• SOC 2 Type II completed with zero major findings
• Full alignment with CJIS and applicable SLED frameworks
• Significant reduction in vulnerabilities and faster incident response times
• SSDLC fully embedded across engineering teams
• High success rate in enterprise security reviews and reduced procurement friction

• 10+ years of progressive information security experience, including senior leadership roles
• Proven success securing SaaS platforms serving state and local government or highly regulated customers
• Deep expertise in SOC 2, NIST, CJIS, State
  
  RAMP, and public-sector security requirements
• Strong background in cloud security, Dev Sec Ops , and modern SaaS architectures
• Ability to clearly communicate risk to executives, boards, customers, and regulators

• Prior CISO, VP of Security, or equivalent executive role
• Direct experience working with state, county, or municipal agencies
• Familiarity with justice or public safety systems
• Experience in PE-backed or high-growth SaaS environments