CISO
-
Location
Irvine
-
Sector:
-
Job type:
-
Salary:
Negotiable
-
Contact:
Tylah Knox
-
Contact email:
t.knox@ioassociates.co.uk
-
Job ref:
BBBH154578_1738167067
-
Startdate:
ASAP
iO Associates are currently partnered with a software development organization with 600 users and 4,000 endpoints (including 3,000 servers.) They are currently using CrowdStrike managed services for EDR/MDR but needs strong internal leadership to guide incident response and overall security posture. They are looking for a Chief Information Security Officer to join their team.
This is a fully remote opportunity with a February start. Open to U.S citizens and Greencard holders.
Key Responsibilities:
Strategic Security Leadership
* Act as the interim executive in charge of the organization's overarching security strategy and roadmap.
* Report to executive leadership and potentially the board on security posture, risk, and strategic initiatives.
* Proactively assess emerging threats and recommend strategic mitigations that align with business goals.
Security Operations & Incident Response
* Provide oversight for daily security operations, including configuration and management of the CrowdStrike EDR/MDR environment.
* Investigate, triage, and coordinate incident response activities.
* Be on-call and available to handle urgent security events, potentially including evening wake-up calls in serious situations.
Risk Management & Policy
* Review, refine, and enforce security policies, procedures, and controls to address vulnerabilities and regulatory requirements.
* Conduct periodic risk assessments to identify and prioritize mitigation strategies.
* Liaise with third-party vendors and partners (e.g., managed security providers, IR firms) to ensure contractual obligations are met.
SOC 2 Compliance & Governance
* Collaborate with an external SOC 2 consultant to drive compliance efforts, ensuring timely evidence collection and control implementation.
* Serve as the point person for internal teams on governance frameworks (NIST CSF, ISO 27001) to maintain and improve security posture.
* Plan and execute a roadmap for sustainable compliance beyond the immediate SOC 2 scope.
DevOps & Product Security
* Integrate security best practices into a heavy DevOps environment, ensuring secure deployment pipelines and cloud-native architectures.
* Provide guidelines for secure coding, containerization, and CI/CD pipeline security.
Mergers & Acquisitions
* Strategic guidance on security considerations for any ongoing or future M&A activities.
* Conduct security due diligence, integrate security processes post-acquisition, and mitigate associated risks.
Team Development & Cross-Functional Leadership
* Mentor the existing IT/security staff, building their skills and confidence in handling security tasks.
* Work collaboratively with development, operations, and executive stakeholders to align security objectives with business priorities.
* Champion a security culture across the organization through training and awareness programs.
Required Qualifications & Experience
Security Leadership
* 5+ years of progressive experience in information security, including at least 2+ years in a leadership (Director, Sr. Manager, or CISO) capacity.
* Proven track record of aligning security strategy with overall business objectives.
Security Operations & Incident Response
* Strong hands-on experience with CrowdStrike or comparable endpoint security solutions.
*Demonstrable ability to lead complex incident response processes, including off-hours escalation.
Compliance & Auditing
* Direct experience with SOC 2 (and ideally other frameworks like NIST, ISO 27001).
* Understanding of governance, risk, and compliance (GRC) principles and their practical application.
DevOps & Cloud Security
* Familiarity with CI/CD pipelines, container security (e.g., Docker, Kubernetes), and cloud platforms (AWS, Azure, or GCP).
*Ability to advise on best practices for secure software development and infrastructure as code.
Mergers & Acquisitions
* Hands-on involvement in at least one M&A security integration or due diligence effort.
Company Scale
* Direct experience in smaller organizations (<500 employees), comfortable wearing multiple hats.
* Exposure to larger enterprises (5,000+ employees) to ensure familiarity with mature processes and governance.
Consulting & Communication
* 3+ years of consulting experience (major integrator or incident response firm preferred).
* Strong communication skills to interact with both technical teams and executive leadership.
Education & Certifications
* Bachelor's degree in Information Security, Computer Science, or related field (or equivalent experience).
* Industry-recognized certifications (CISSP, CISM, GIAC, etc.) strongly preferred.
Apply now or email to set up a chat to connect further.