Skip to content
LumafieldLumafieldSan Francisco, CA

Chief Information Security Officer (CISO)

Leads end-to-end information security including cloud architecture, product security, compliance (SOC 2, ISO 27001, ITAR), and incident response for a high-growth industrial tech company. Requires 10+ years experience with 3+ in senior leadership and deep AWS/cloud expertise.

180k – 220k/yr
On-site10+ YOESecurity Engineering

About the role

Responsibilities

  • Define and execute Lumafield's multi-year information security strategy, aligning it with business objectives and customer trust requirements
  • Own security architecture for Voyager, our cloud-based CT analysis platform, including data storage, access controls, API security, and multi-tenant isolation
  • Embed security into the SDLC by partnering with Engineering and DevOps on threat modeling, secure code review, vulnerability management, and penetration testing
  • Extend security best practices to Lumafield's hardware products and firmware, including the Neptune and Triton scanner families
  • Lead and maintain compliance certifications (SOC 2 Type II, ISO 27001) and oversee ongoing adherence to ITAR/EAR requirements across our export-controlled facility and customer engagements
  • Be an integral part of our enterprise sales process — handle security questionnaires, support complex sales cycles, and build trust with InfoSec teams at major manufacturers
  • Build and continuously test Lumafield's incident response plan; own the enterprise risk register and manage third-party vendor risk
  • Champion a security-first culture through training, clear policies, and acting as a pragmatic advisor to business stakeholders

Requirements

  • 10+ years of progressive experience in information security, with at least 3 years in a senior leadership role (CISO, VP of Security, or equivalent)
  • Demonstrated success building or significantly maturing a security program at a high-growth technology company
  • Deep expertise in cloud security, particularly AWS, including IAM, network security, data encryption, and cloud-native security tooling
  • Strong working knowledge of compliance frameworks: SOC 2, ISO 27001, CMMC, FEDRAMP, and ITAR/EAR
  • Track record of leading incident response for significant security events
  • Excellent communicator — able to translate complex security risk into clear business terms for the leadership team, customers, and cross-functional partners
  • Experience managing security in enterprise sales cycles, including responding to customer security questionnaires and participating in procurement reviews

Nice-to-haves

  • Background in industrial technology, hardware/IoT security, or manufacturing sectors
  • Experience with medical device, aerospace, or defense industry compliance requirements
  • Prior experience as a first or early CISO, comfortable operating with both strategic vision and hands-on execution
  • Relevant certifications: CISSP, CISM, CCSP, or equivalent

Skills

AWSIAMSOC 2ISO 27001Itar/EarThreat ModelingVulnerability ManagementPenetration TestingIncident ResponseCisspCismCcspCmmcFedRAMPIot Security
Sardine

Deputy Chief Information Security Officer

SardineUnited States

The Deputy Chief Information Security Officer will partner with the CISO to scale the security program, operating across application security, GRC, security operations, and cloud security. This senior leader will identify high-risk areas, support compliance initiatives, and represent the security program to internal and external stakeholders.

235k – 270k/yr
Remote10+ YOESecurity Engineering
Mercury

Deputy Chief Information Security Officer - Bank

MercurySan Francisco, CA +2

The Deputy Chief Information Security Officer will be the operating second to the CISO, owning the bank-entity scope of Mercury's 2LOD Information Security program. This role focuses on building and defending the program, ensuring examiner readiness, and leading remediation efforts for FFIEC IT control deficiencies.

243k – 354k/yr
Remote8+ YOESecurity Engineering
Vanta

Field Chief Information Security Officer (Field CISO)

VantaUnited States

Acts as customer-facing security leader and trusted advisor, supporting sales in enterprise deals, leading C-suite briefings, and influencing product roadmap. Requires 10+ years security leadership, compliance expertise, and strong communication skills.

398k – 468k/yr
Remote10+ YOESecurity Engineering
Rain

CISO

RainNew York, NY

Owns security governance, risk, and compliance strategy with focus on ISO 27001 certification and regulatory readiness in a fintech environment. Partners with engineering and leadership to implement controls, manage audits, and report risks; requires 8-12+ years in security leadership.

Salary not listed
Hybrid8+ YOESecurity Engineering
Huntress

Vice President, Threat Detection & Response

HuntressUnited States

Lead the Threat Detection & Response organization including SOC, detection engineering, and threat hunting teams. Drive strategy for an agentic SOC model, build leadership bench, and own security outcomes tied to business metrics.

250k – 320k/yr
Remote10+ YOESecurity Engineering