Chief Information Security Officer
Imprivata · Waltham, MA · 1 wk ago
HybridInformation TechnologyFull-time
Duties And Responsibilities
- Collaborate with executive leadership to define and execute a comprehensive information security strategy aligned with business objectives.
- Establish and maintain an enterprise-wide information security program, including governance, risk management, compliance, and incident response.
- Lead the development and enforcement of security policies, standards, and procedures across the organization.
- Assess and continuously improve the organization’s security posture, including application security, cloud security, infrastructure security, and endpoint protection.
- Define and monitor key risk indicators (KRIs) and key performance indicators (KPIs) to measure security effectiveness and maturity.
- Collaborate with product and IT leadership to ensure that secure design principles are embedded in product development and IT systems.
- Lead threat detection, incident response, and recovery efforts, including coordination with internal teams and external partners.
- Drive a culture of security awareness through training and education programs across the organization.
- Partner with legal, compliance, and audit teams to ensure adherence to regulatory requirements (e.g., SOC 2, HIPAA, GDPR, ISO 27001).
- Manage third-party risk programs, including vendor security assessments and ongoing monitoring.
- Work with product and non-product functions to ensure their use of AI aligns with proper security threat and risk protocols.
- Provide regular updates to executive leadership and the Board on security risks, incidents, and program maturity.
- Build, lead, and develop a high-performing information security team.
- Manage the information security budget and prioritize investments based on risk and business impact.
- Stay current with emerging threats, technologies, and industry best practices to continuously evolve the security program.
- Collaborate with product and engineering teams to ensure secure software development lifecycle (SDLC) practices.
Required Qualifications
- Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field; Master’s degree preferred.
- 12+ years of experience in information security, with at least 5+ years in a senior leadership role.
- Proven experience building and leading enterprise security programs in a SaaS or enterprise software environment.
- Deep knowledge of security frameworks and standards (e.g., NIST, ISO 27001, SOC 2, CIS).
- Strong understanding of cloud security (AWS, Azure, or GCP), application security, and modern security architectures.
- Experience with risk management, compliance, and regulatory requirements relevant to enterprise software companies.
- Experience with AI in corporate environments, including individual usage, the securitization of agents, and AI as a security threat from the outside.
- Demonstrated ability to communicate complex security topics to executive leadership and non-technical stakeholders.
- Strong leadership, team-building, and organizational skills.
- Proven track record of incident response leadership and crisis management.
- Relevant certifications such as CISSP, CISM, CISA, or equivalent strongly preferred.
- Strong business acumen, particularly in aligning security investments with financial and operational priorities.