Chief Information Security Officer (CISO) (Remote - US)

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Chief Information Security Officer (CISO) in United States.

This role offers a strategic and hands-on leadership opportunity to guide the organization’s information security, compliance, and risk management programs. The CISO will ensure that security practices align with business objectives, regulatory requirements, and emerging threats. You will collaborate closely with executive leadership, engineering teams, and project managers to integrate security into operations and product delivery. This position combines technical expertise, strategic vision, and strong relationship-building to maintain a secure, compliant, and resilient organization. The CISO will also serve as a trusted advisor, influencing security policies and shaping a culture of risk awareness across the company.

Accountabilities:

• Lead the design, implementation, and operation of information security and compliance programs.
• Maintain and enhance compliance with regulatory frameworks such as NIST 800-171, CMMC Level 2, and HIPAA.
• Represent the organization in security audits, risk assessments, and communications with external assessors.
• Partner with executive leadership to maintain security clearance requirements and operational integrity.
• Administer and enforce identity and access management (IAM), role-based access control (RBAC), and cloud security policies across platforms like AWS, Azure, and GCP.
• Conduct risk assessments, report findings, and recommend mitigation strategies to leadership.
• Develop and maintain internal security policies, ensuring they are practical, actionable, and understood across the organization.
• Deliver security awareness training and collaborate on integrating security into project planning and client-facing operations.

• Active security clearance or eligibility to obtain one.
• Hands-on experience with IAM, RBAC, and security operations in cloud environments (AWS, Azure, GCP).
• Proven success leading security audits, compliance assessments, and organizational risk management initiatives.
• Ability to interpret regulations and translate them into technical and business requirements.
• Deep understanding of NIST 800-171 compliance requirements and frameworks.
• Strong communication and documentation skills, capable of explaining complex security concepts in plain language.
• Experience mitigating organizational vulnerabilities and embedding security into software development lifecycles.
• Proven ability to foster collaboration across technical and non-technical teams in a professional services environment.
• Passion for public service and improving outcomes through secure and compliant technology.

Nice-to-have qualifications:

• Experience with CMMC, HIPAA, or FISMA frameworks.
• Hands-on administration of Google Workspace and infrastructure-as-code.
• Professional development experience in programming languages.
• Prior civic tech or remote-team experience.