Interim Chief Information Security Officer (CISO)

  • Location

    Tampa

  • Sector:

  • Job type:

    Temporary

  • Salary:

    Negotiable

  • Contact:

    Hannah Pegues

  • Contact email:

    h.pegues@ioassociates.com

  • Job ref:

    BBBH154533_1738170589

  • Startdate:

    ASAP


Interim Chief Information Security Officer (CISO)
Engagement Details:

  • Remote: Fully remote (client primarily on the East Coast, no onsite requirement)
  • Part-Time Start: 20 hours per week beginning in February
  • Full-Time Transition: Expands to 40 hours per week in April
  • Duration: 12-15 weeks (covering the current CISO's paternity leave)

Company Overview:

  • A software development company with approximately 700 users and 4,500 endpoints (including 3,500 servers)
  • A lean IT team of 10, with a primary IT security engineer who also functions as the CISO
  • Currently leveraging CrowdStrike managed services for EDR/MDR but requires strong internal leadership for security operations and incident response


Key Responsibilities
Strategic Security Leadership

  • Serve as the interim executive overseeing the organization's security strategy and roadmap
  • Report to executive leadership and potentially the board on security posture, risks, and initiatives
  • Proactively assess and mitigate emerging threats while aligning security with business goals

Security Operations & Incident Response

  • Oversee daily security operations, including CrowdStrike EDR/MDR management
  • Investigate, triage, and coordinate incident response efforts
  • Remain on-call for urgent security events, including potential after-hours incidents

Risk Management & Policy

  • Review and enhance security policies, procedures, and controls to address vulnerabilities and compliance requirements
  • Conduct risk assessments to prioritize mitigation efforts
  • Manage relationships with third-party security providers to ensure compliance with contractual obligations

SOC 2 Compliance & Governance

  • Work with an external SOC 2 consultant to drive compliance efforts, including evidence collection and control implementation
  • Provide guidance on governance frameworks (NIST CSF, ISO 27001) to strengthen security posture
  • Develop a long-term roadmap for maintaining compliance beyond the immediate SOC 2 scope

DevOps & Product Security

  • Embed security best practices into DevOps workflows, ensuring secure deployment pipelines and cloud-native architectures
  • Establish guidelines for secure coding, containerization, and CI/CD pipeline security

Mergers & Acquisitions

  • Provide strategic security oversight for any ongoing or future M&A activities
  • Conduct security due diligence, integrate security controls post-acquisition, and mitigate associated risks

Team Development & Cross-Functional Leadership

  • Mentor IT and security personnel, strengthening their capabilities in security operations
  • Collaborate with development, operations, and executive teams to align security with business priorities
  • Foster a security-conscious culture through training and awareness initiatives

Administrative & Reporting Duties

  • Manage security budgets, vendor relationships, and project timelines in the CISO's absence
  • Serve as the primary escalation point for security-related inquiries and decision-making


Required Qualifications & Experience
Security Leadership

  • 5+ years of experience in information security, with at least 2+ years in a leadership role (Director, Senior Manager, or CISO)
  • Proven ability to align security strategy with business objectives

Security Operations & Incident Response

  • Hands-on experience with CrowdStrike or similar endpoint security solutions
  • Demonstrated expertise in leading complex incident response efforts, including after-hours escalation

Compliance & Governance

  • Direct experience with SOC 2 compliance (additional experience with NIST and ISO 27001 is a plus)
  • Strong understanding of governance, risk, and compliance (GRC) principles

DevOps & Cloud Security

  • Familiarity with CI/CD pipelines, container security (Docker, Kubernetes), and cloud platforms (AWS, Azure, or GCP)
  • Ability to advise on secure software development and infrastructure as code best practices

Mergers & Acquisitions

  • Hands-on involvement in at least one M&A security integration or due diligence process
  • Experience dealing with complex environments resulting from multiple acquisitions

Company Scale & Consulting Experience

  • Experience in smaller organizations (<500 employees) with a hands-on, multi-functional approach
  • Exposure to enterprise-scale environments (5,000+ employees) to understand mature security processes
  • 3+ years of consulting experience, preferably with a major integrator or incident response firm

Education & Certifications

  • Bachelor's degree in Information Security, Computer Science, or a related field (or equivalent experience)
  • Industry certifications such as CISSP, CISM, or GIAC strongly preferred