Reports to: CFO, and serves as a key advisor to the CEO with regular engagement with Audit & Risk Committee, and Board of Directors on enterprise risk and cybersecurity posture.

Direct Partners: CTO, CPO, Head of Marketing, Head of People

The Objective

We are seeking a strategic, operationally rigorous, and commercially engaged CISO who views security not as a cost center, but as a product differentiator and a catalyst for global trust. You will protect our enterprise value by securing our global infrastructure, while simultaneously building enterprise value by acting as a peer-level advisor to our customers, influencing our product roadmap, and defining how AI transforms cyber risk management.

Role Overview

Bitsight is seeking a Chief Information Security Officer to lead and evolve our global security program. This role is both inward-facing and outward-facing, requiring a leader who can balance internal enterprise defense with external market influence.

• Internal Defense & Cross-Functional Partnership: You will be responsible for protecting Bitsight's internal systems, infrastructure, employees, products, and data. You will partner closely with executive leadership, Product, Engineering, Legal, IT, GRC, People, and customer-facing teams to continuously strengthen our security posture.
• Market Voice & Customer Trust: You will serve as a trusted security voice with customers, partners, analysts, media, and the broader cybersecurity community.
• AI-Powered Risk Strategy: Combining deep technical and operational security expertise with strong business acumen and executive presence, you will play a critical role in shaping Bitsight's perspective on how organizations can understand, measure, and reduce cyber risk in an environment increasingly influenced by AI-driven threats.

Key Responsibilities

Security Operations, Risk Management & Resilience

• Modern Defense: Oversee security across endpoints, IAM, cloud infrastructure (AWS/Azure), SaaS applications, and data protection programs. Lead incident response, threat detection, and vulnerability management.
• AI-Native Security: Ensure our program keeps pace with a rapidly changing threat landscape, including AI-assisted phishing, GenAI attacks, and automated reconnaissance. Enable secure and responsible adoption of AI across the enterprise, balancing innovation velocity with appropriate governance, risk management, and protection of proprietary data assets. Define governance for secure enterprise AI adoption, including protecting proprietary datasets and responsible internal AI usage.
• Secure-by-Design: Drive security architecture practices in close partnership with Engineering, Product, and Product Security teams.
• Operational Resilience: Lead enterprise risk assessments, mitigation planning, third-party risk, and business continuity initiatives.

Product Influence & Customer Trust

• Cross-Functional Execution: Partner closely with Engineering, Product, IT, Legal, GRC, People, Finance, and Go-To-Market teams to operationalize security initiatives across the business.
• Strategic Customer Engagement: Serve as an executive security sponsor in high-value customer, prospect, partner, and renewal conversations. Support customer trust initiatives, security reviews, audits, and executive briefings.
• Product & Research Alignment: Partner with Product and Research teams to inform Bitsight's strategy around AI-powered cyber risk, emerging threat behaviors, and how customers can better understand and manage exposure in a changing threat environment.

Security Governance & Executive Leadership

• Executive Advisory: Translate complex technical telemetry and AI-driven threats into clear business risk, options, and actionable guidance for the CEO, CFO, and Board.
• Program Maturity: Establish security KPIs, metrics, and reporting frameworks to measure program effectiveness, operational maturity, and business impact.
• Compliance & Governance: Partner closely with Legal, Privacy, and GRC to ensure rigorous adherence to SOC 2, ISO 27001, NIST, privacy obligations, and emerging global AI regulations.

Industry Leadership & External Engagement

• Market Voice & Ambassadorship: Serve as one of the public faces of Bitsight's security and AI strategy, representing the company with customers, analysts, industry groups, regulators, and media.
• Industry Dialogue: Influence market understanding of how organizations can defend against AI-powered risks through better measurement, governance, prioritization, and continuous risk visibility.
• Ecosystem Relationships & Thought Leadership: Build strategic relationships with fellow security leaders, analysts, regulators, and partners across the cybersecurity ecosystem.

What We're Looking For

• Extensive Security Leadership: 10+ years of experience in cybersecurity, information security, or risk management, including 5+ years leading enterprise, corporate, or product-adjacent security organizations in high-growth SaaS, cloud, technology, or cybersecurity companies.
• Program Scaling & Maturation: Proven experience building, scaling, and maturing modern security programs across cloud-native, data-rich, and globally distributed environments.
• Technical & Threat Leadership:A deep, hands-on background in modern cloud-native security including: IAM, incident response, DLP, and vulnerability management. This combined with an expert-level understanding of the evolving threat landscape, specifically AI-enabled risks such as GenAI attacks and automated reconnaissance. You bring this technical rigor together with the strategic pragmatism required to balance strict security priorities against operational realities, customer needs, and business growth.
• Compliance & Governance: Strong, practical experience with compliance and governance frameworks, including SOC 2, ISO 27001, NIST, and related standards.
• Boston Presence: Ability to be in our Boston headquarters regularly to collaborate with the executive team and lead the local security culture.

Leadership Characteristics

• Leadership, Culture & Presence: An exceptional communicator with sound judgment and the ability to serve as a steady hand during crises, combined with a deep commitment to mentorship, cross-functional collaboration, and driving a robust security culture at scale.
• Risk Translation & Strategic Focus: The ability to translate complex technical risks-including AI-driven threats-into clear business impact, options, tradeoffs, and actionable guidance. Contributes credibly to product, market, and thought leadership discussions without losing focus on day-to-day operational security execution.
• Market Instincts & Intellectual Curiosity: A student of how LLMs and automation are changing the adversary's playbook. Leverages this curiosity alongside strong customer-facing instincts to build trust with sophisticated security, risk, and executive buyers.

The anticipated hiring base salary range for this position is US $280,000 to $375,000 annually for US-based employees. This range reflects the minimum and maximum target for new hire salaries for the position across all US locations, is based on a full-time work schedule, and is Bitsight's good faith estimate as of the date of this posting. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.In addition to base salary, this role is eligible for participation in a bonus or commission plan and an equity grant. Bitsight also offers a competitive benefits package, including but not but limited to medical, dental, and vision insurance; paid parental leave; flexible time off; a 401(k) plan with employee and company contribution opportunities; life and disability insurance; and tuition reimbursement.