Chief Information Security Officer (CISO)
Public Sector SaaS | GovTech
Our public-sector SaaS client is seeking an experienced Chief Information Security Officer (CISO) to lead enterprise-wide security, privacy, and risk management. This is a mission-critical leadership role supporting growth in state and local government (SLED) markets while enabling secure product innovation, AI adoption, and commercial scale.
The CISO will serve as the executive owner of cybersecurity risk, ensuring the company meets and exceeds the security, compliance, and regulatory expectations of a trusted GovTech SaaS provider. This leader will balance rigor with pragmatism, building a security-first culture that accelerates trust and growth without slowing the business.
What You’ll Do
Security Leadership & Strategy
- Define and execute a comprehensive, enterprise-grade security strategy aligned with business objectives and public-sector requirements
- Serve as the primary cybersecurity risk leader, reporting to the CEO, executive leadership team, and Board
- Build and scale high-performing Security, GRC, and Security Operations teams
- Position security as a business enabler that drives customer trust and enterprise deal velocity
Governance, Risk & Compliance (GRC)
- Own compliance across key frameworks including SOC 2 Type II, StateRAMP, NIST (800-53 / 800-171), CJIS (as applicable), ISO 27001, and state privacy laws
- Lead audits, continuous monitoring, remediation, and third-party risk management
- Partner closely with Legal on privacy, data governance, AI policy, and contractual obligations
Product, Engineering & Cloud Security
- Embed secure-by-design and privacy-by-design principles throughout the product lifecycle
- Establish and enforce a Secure Software Development Lifecycle (SSDLC) in partnership with Engineering
- Oversee application, infrastructure, and cloud security across AWS and Azure environments
- Own vulnerability management, penetration testing, and secure coding standards
Incident Response & Resilience
- Lead incident response, crisis management, and breach notification for public-sector customers
- Ensure disaster recovery and business continuity plans meet government SLAs
- Conduct regular incident simulations and post-incident reviews
AI Security & Responsible AI
- Partner with Product and AI leadership to secure and govern AI initiatives
- Establish controls addressing AI-specific risks such as data leakage, model misuse, and regulatory exposure
Customer Trust & Public-Sector Engagement
- Act as the senior security authority with customers, prospects, auditors, and partners
- Support Sales and Customer Success with RFPs, security reviews, and compliance documentation
- Engage directly with customer CISOs, CIOs, and IT leaders across state and local agencies
What Success Looks Like (12–18 Months)
- SOC 2 Type II completed with zero major findings
- Full alignment with CJIS and applicable SLED frameworks
- Significant reduction in vulnerabilities and faster incident response times
- SSDLC fully embedded across engineering teams
- High success rate in enterprise security reviews and reduced procurement friction
What We’re Looking For
Required
- 10+ years of progressive information security experience, including senior leadership roles
- Proven success securing SaaS platforms serving state and local government or highly regulated customers
- Deep expertise in SOC 2, NIST, CJIS, StateRAMP, and public-sector security requirements
- Strong background in cloud security, DevSecOps, and modern SaaS architectures
- Ability to clearly communicate risk to executives, boards, customers, and regulators
Preferred
- Prior CISO, VP of Security, or equivalent executive role
- Direct experience working with state, county, or municipal agencies
- Familiarity with justice or public safety systems
- Relevant certifications (CISSP, CISM, CRISC, CCSP)
- Experience in PE-backed or high-growth SaaS environments
