Leads end-to-end information security including cloud architecture, product security, compliance (SOC 2, ISO 27001, ITAR), and incident response for a high-growth industrial tech company. Requires 10+ years experience with 3+ in senior leadership and deep AWS/cloud expertise.
180k – 220k/yr
On-site10+ YOESecurity Engineering
About the role
Responsibilities
Define and execute Lumafield's multi-year information security strategy, aligning it with business objectives and customer trust requirements
Own security architecture for Voyager, our cloud-based CT analysis platform, including data storage, access controls, API security, and multi-tenant isolation
Embed security into the SDLC by partnering with Engineering and DevOps on threat modeling, secure code review, vulnerability management, and penetration testing
Extend security best practices to Lumafield's hardware products and firmware, including the Neptune and Triton scanner families
Lead and maintain compliance certifications (SOC 2 Type II, ISO 27001) and oversee ongoing adherence to ITAR/EAR requirements across our export-controlled facility and customer engagements
Be an integral part of our enterprise sales process — handle security questionnaires, support complex sales cycles, and build trust with InfoSec teams at major manufacturers
Build and continuously test Lumafield's incident response plan; own the enterprise risk register and manage third-party vendor risk
Champion a security-first culture through training, clear policies, and acting as a pragmatic advisor to business stakeholders
Requirements
10+ years of progressive experience in information security, with at least 3 years in a senior leadership role (CISO, VP of Security, or equivalent)
Demonstrated success building or significantly maturing a security program at a high-growth technology company
Deep expertise in cloud security, particularly AWS, including IAM, network security, data encryption, and cloud-native security tooling
Strong working knowledge of compliance frameworks: SOC 2, ISO 27001, CMMC, FEDRAMP, and ITAR/EAR
Track record of leading incident response for significant security events
Excellent communicator — able to translate complex security risk into clear business terms for the leadership team, customers, and cross-functional partners
Experience managing security in enterprise sales cycles, including responding to customer security questionnaires and participating in procurement reviews
Nice-to-haves
Background in industrial technology, hardware/IoT security, or manufacturing sectors
Experience with medical device, aerospace, or defense industry compliance requirements
Prior experience as a first or early CISO, comfortable operating with both strategic vision and hands-on execution
Relevant certifications: CISSP, CISM, CCSP, or equivalent
The Deputy Chief Information Security Officer will partner with the CISO to scale the security program, operating across application security, GRC, security operations, and cloud security. This senior leader will identify high-risk areas, support compliance initiatives, and represent the security program to internal and external stakeholders.
235k – 270k/yr
Remote10+ YOESecurity Engineering
Deputy Chief Information Security Officer - Bank
MercurySan Francisco, CA +2
The Deputy Chief Information Security Officer will be the operating second to the CISO, owning the bank-entity scope of Mercury's 2LOD Information Security program. This role focuses on building and defending the program, ensuring examiner readiness, and leading remediation efforts for FFIEC IT control deficiencies.
243k – 354k/yr
Remote8+ YOESecurity Engineering
Field Chief Information Security Officer (Field CISO)
VantaUnited States
Acts as customer-facing security leader and trusted advisor, supporting sales in enterprise deals, leading C-suite briefings, and influencing product roadmap. Requires 10+ years security leadership, compliance expertise, and strong communication skills.
398k – 468k/yr
Remote10+ YOESecurity Engineering
CISO
RainNew York, NY
Owns security governance, risk, and compliance strategy with focus on ISO 27001 certification and regulatory readiness in a fintech environment. Partners with engineering and leadership to implement controls, manage audits, and report risks; requires 8-12+ years in security leadership.
Salary not listed
Hybrid8+ YOESecurity Engineering
Vice President, Threat Detection & Response
HuntressUnited States
Lead the Threat Detection & Response organization including SOC, detection engineering, and threat hunting teams. Drive strategy for an agentic SOC model, build leadership bench, and own security outcomes tied to business metrics.