CISO

  • Location

    Irvine

  • Sector:

  • Job type:

    Temporary

  • Salary:

    Negotiable

  • Contact:

    Tylah Knox

  • Contact email:

    t.knox@ioassociates.co.uk

  • Job ref:

    BBBH154578_1738167067

  • Startdate:

    ASAP

iO Associates are currently partnered with a software development organization with 600 users and 4,000 endpoints (including 3,000 servers.) They are currently using CrowdStrike managed services for EDR/MDR but needs strong internal leadership to guide incident response and overall security posture. They are looking for a Chief Information Security Officer to join their team.

This is a fully remote opportunity with a February start. Open to U.S citizens and Greencard holders.

Key Responsibilities:
Strategic Security Leadership
* Act as the interim executive in charge of the organization's overarching security strategy and roadmap.
* Report to executive leadership and potentially the board on security posture, risk, and strategic initiatives.
* Proactively assess emerging threats and recommend strategic mitigations that align with business goals.

Security Operations & Incident Response
* Provide oversight for daily security operations, including configuration and management of the CrowdStrike EDR/MDR environment.
* Investigate, triage, and coordinate incident response activities.
* Be on-call and available to handle urgent security events, potentially including evening wake-up calls in serious situations.

Risk Management & Policy
* Review, refine, and enforce security policies, procedures, and controls to address vulnerabilities and regulatory requirements.
* Conduct periodic risk assessments to identify and prioritize mitigation strategies.
* Liaise with third-party vendors and partners (e.g., managed security providers, IR firms) to ensure contractual obligations are met.

SOC 2 Compliance & Governance
* Collaborate with an external SOC 2 consultant to drive compliance efforts, ensuring timely evidence collection and control implementation.
* Serve as the point person for internal teams on governance frameworks (NIST CSF, ISO 27001) to maintain and improve security posture.
* Plan and execute a roadmap for sustainable compliance beyond the immediate SOC 2 scope.

DevOps & Product Security
* Integrate security best practices into a heavy DevOps environment, ensuring secure deployment pipelines and cloud-native architectures.
* Provide guidelines for secure coding, containerization, and CI/CD pipeline security.

Mergers & Acquisitions
* Strategic guidance on security considerations for any ongoing or future M&A activities.
* Conduct security due diligence, integrate security processes post-acquisition, and mitigate associated risks.

Team Development & Cross-Functional Leadership
* Mentor the existing IT/security staff, building their skills and confidence in handling security tasks.
* Work collaboratively with development, operations, and executive stakeholders to align security objectives with business priorities.
* Champion a security culture across the organization through training and awareness programs.

Required Qualifications & Experience
Security Leadership
* 5+ years of progressive experience in information security, including at least 2+ years in a leadership (Director, Sr. Manager, or CISO) capacity.
* Proven track record of aligning security strategy with overall business objectives.

Security Operations & Incident Response
* Strong hands-on experience with CrowdStrike or comparable endpoint security solutions.
*Demonstrable ability to lead complex incident response processes, including off-hours escalation.

Compliance & Auditing
* Direct experience with SOC 2 (and ideally other frameworks like NIST, ISO 27001).
* Understanding of governance, risk, and compliance (GRC) principles and their practical application.

DevOps & Cloud Security
* Familiarity with CI/CD pipelines, container security (e.g., Docker, Kubernetes), and cloud platforms (AWS, Azure, or GCP).
*Ability to advise on best practices for secure software development and infrastructure as code.

Mergers & Acquisitions
* Hands-on involvement in at least one M&A security integration or due diligence effort.

Company Scale
* Direct experience in smaller organizations (<500 employees), comfortable wearing multiple hats.
* Exposure to larger enterprises (5,000+ employees) to ensure familiarity with mature processes and governance.

Consulting & Communication
* 3+ years of consulting experience (major integrator or incident response firm preferred).
* Strong communication skills to interact with both technical teams and executive leadership.

Education & Certifications
* Bachelor's degree in Information Security, Computer Science, or related field (or equivalent experience).
* Industry-recognized certifications (CISSP, CISM, GIAC, etc.) strongly preferred.

Apply now or email to set up a chat to connect further.