Deputy Chief Information Security Officer
Sardine · United States · 3 wk ago
RemoteRemoteInformation TechnologyFull-time
About the role
Sardine is hiring a Deputy Chief Information Security Officer to partner closely with our CISO and help scale our security program as we grow. This is a senior, high-impact role for a security leader who can operate across multiple areas, including application security, GRC, security operations, cloud and SaaS security, corporate IT, customer trust, and overall security strategy.
Responsibilities
- Partner with the CISO on Sardine’s overall security strategy, roadmap, priorities, and execution
- Help identify, prioritize, and address the highest-risk areas across the business
- Support security reporting, executive updates, budgeting, vendor evaluation, and planning
- Partner on key compliance initiatives, including PCI, SOC 2, ISO 27001, DORA, and future FedRAMP readiness
- Support incident response and act as a deputy incident lead when needed
- Work closely with Engineering on application security, secure SDLC, vulnerability management, threat modeling, and remediation
- Assess and improve security across cloud infrastructure, SaaS tools, IAM, endpoint management, and corporate IT systems
- Bring strong AppSec fluency, including understanding how code moves from design through production, CI/CD, testing, SAST/DAST, dependency scanning, and secrets management
- Partner with Product and Engineering on security considerations for AI/ML systems, bot mitigation, and abuse prevention
- Support customer-facing security conversations, RFPs, due diligence, security reviews, and executive briefings
- Help build trust with enterprise customers by translating technical security concepts into clear business language
- Champion a pragmatic security culture that enables the business while managing risk
Qualifications
- 10–15+ years of cybersecurity experience, including 3+ years in a senior leadership or director-level role
- Broad security background across multiple domains, not a single-specialty profile
- Strong application security experience and ability to assess technical risk without needing to be hands-on coding daily
- Experience operating in a startup, scale-up, or similarly resource-constrained environment where prioritization and pragmatism are critical
- Strong working knowledge of compliance frameworks such as SOC 2, PCI DSS, ISO 27001, GDPR, CCPA, DORA, and ideally FedRAMP
- Experience participating in or leading security incidents
- Strong cloud, SaaS security, IAM, endpoint security, and zero-trust fundamentals
- Familiarity with AI-assisted workflows and emerging AI/ML security risks
- Customer-facing communication skills, with the ability to support sales, security reviews, and executive-level customer conversations
- A collaborative, business-enabling approach to security — someone who helps teams find safe paths forward rather than defaulting to “no”
- Strong leadership presence and ability to build trust with security, engineering, executive, and go-to-market teams