VP of Security/Chief Information Security Officer (CISO)

About the position

The VP of Security/Chief Information Security Officer (CISO) is a senior executive role responsible for establishing and overseeing the company's enterprise security strategy, policies, and risk management framework. This position ensures the security and compliance of SaaS solutions provided to small and mid-sized government clients across the United States, many of whom require StateRAMP, SOC2 certification, and advanced security controls. Reporting to the President and Chief Operating Officer, the VP of Security/CISO will lead efforts to secure cloud-based government solutions, manage incident response, strengthen corporate governance, and implement robust security procedures across the software development lifecycle (SDLC). This role partners with executive leadership to embed security into the company's DNA, ensuring a proactive approach to risk mitigation and regulatory compliance while balancing business innovation.

Responsibilities

• Develop and implement an enterprise security strategy aligned with business objectives and regulatory requirements.
• Oversee and enforce security governance, ensuring compliance with StateRAMP, SOC2, NIST CSF, CJIS, and other common regulatory frameworks.
• Serve as the primary executive liaison for security matters with customers, government entities, auditors, and partners.
• Lead the organization's threat intelligence, risk management, and vulnerability management programs.
• Build and maintain a robust security policy set to protect OpenGov, customer data and our infrastructure.
• Architect and maintain secure SaaS solutions deployed on AWS and Azure, ensuring adherence to cloud security best practices.
• Direct the implementation of DevSecOps methodologies to integrate security within CI/CD pipelines.
• Establish secure software development lifecycle (SDLC) standards, partnering with engineering and product teams to drive consistent secure coding practices.
• Oversee Security Operations and lead rapid incident detection, response, and recovery efforts.
• Enforce and test an enterprise-wide incident response plan, ensuring minimal disruption and regulatory compliance in case of breaches.
• Manage third-party security audits, penetration testing, and continuous security monitoring.
• Ensure the company achieves and maintains TXRAMP, StateRAMP and SOC2 certifications, working closely with engineering and audit teams.
• Collaborate with legal team to address evolving cybersecurity regulations and contract requirements.
• Lead, mentor, and grow a high-performing security team, including security engineers, analysts, and compliance professionals.
• Provide security briefings and risk updates to executive leadership and the board of directors.
• Foster a culture of security awareness through ongoing training and communication across all levels of the organization.

Requirements

• 10-15+ years of experience in cybersecurity leadership roles, with at least 10 years in an executive or senior leadership position.
• Proven experience securing SaaS applications in highly regulated industries, preferably government-focused cloud solutions.
• Operational expertise in common regulatory and security frameworks, such as StateRAMP, SOC2, NIST CSF, MITRE ATT&CK, and zero-trust security models.
• Deep knowledge of cloud security best practices for AWS, Azure, and/or GCP.
• Hands-on experience leading incident response and threat intelligence programs.
• Strong understanding of identity & access management (IAM), data encryption, and compliance frameworks.
• Relevant certifications highly preferred, such as CISSP, CISM, CISA, CCSP, or AWS Security Specialty.
• Exceptional leadership, communication, and stakeholder management skills.
• Prior experience securing SaaS products for government clients.
• Background in zero-trust architecture and AI-driven security monitoring.
• Experience working with public sector procurement and compliance teams.

Benefits

• Comprehensive healthcare options for individuals and families.
• Flexible vacation policy and paid company holidays.
• 401(k) with company match.
• Paid parental leave, wellness stipends, and HSA contributions.
• Professional development and growth opportunities.
• A collaborative office environment with weekly catered lunches.