Title: Chief Information Security Officer
Location: United States; Remote, EST
Experience: Executive
Job Function: Executive
Employment Type: Full-time
Industry: Computer and Network Security
About the position The Chief Information Security Officer (CISO) is responsible for defining and executing Keyfactor's enterprise-wide security strategy to safeguard customer data, product integrity, and corporate assets,. This role provides strategic leadership in building and maintaining a robust internal security posture, encompassing governance, risk management, compliance, and secure operations, while also serving as the external face of security to customers, partners, and regulators. The CISO ensures that Keyfactor's security practices inspire confidence, support business growth, and maintain industry-leading standards in digital trust and identity management.
Applicants must be legally authorized to work in the United States.ResponsibilitiesStrategic Leadership- Develop and implement a comprehensive enterprise security strategy that protects internal systems, operations, and corporate assets while reinforcing customer trust externally.
- Serve as the executive authority on information security, risk management, and security compliance, ensuring alignment with corporate objectives and regulatory requirements.
- Collaborate with product, engineering, and business teams to embed security design principles and practices across all Keyfactor offerings.
- Represent Keyfactor externally to customers, partners, industry forums, and regulators to strengthen trust, demonstrate compliance, and communicate security commitments.
Security Operations and Governance- Lead enterprise security operations, including threat detection, incident response, vulnerability management, and proactive risk mitigation.
- Maintain and continuously improve the Information Security Management System (ISMS), driving adherence to ISO 27001, SOC 2, FedRAMP, and emerging standards such as ISO 42001 for AI.
- Define and enforce security policies, procedures, and standards that ensure both internal resilience and external assurance for clients and partners.
Risk Management and Compliance- Conduct enterprise-wide risk assessments, audits, and reviews to identify, quantify, and mitigate security threats internally and across customer-facing services.
- Partner with Compliance and Legal teams to maintain adherence to global data protection, privacy, and regulatory standards (e.g., GDPR, CCPA, FedRAMP, AI).
- Act as the executive sponsor for security certifications, audits, and customer assurance initiatives that validate Keyfactor's external trust posture.
- Provide Keyfactor senior leadership periodic assessments on current and emerging threats and the organizations posture to remediate those threats.
- Ensure that Keyfactor's corporate security training and awareness program is optimized to engage employees and improve security culture.
Product Security and Customer Assurance- Collaborate with product and engineering teams to integrate security into the full product lifecycle, including design, development, deployment, and maintenance.
- Champion secure software development practices, cryptographic innovation, and identity management solutions that protect customer data and enhance trust.
- Serve as the point of contact for customers and partners regarding security concerns, audits, and assurance programs, strengthening Keyfactor's reputation as a trusted provider.
Leadership and Team Development- Build, lead, and mentor a high-performing global security organization focused on both internal protection and external assurance.
- Establish clear objectives, performance metrics, and professional development pathways for security, risk, and compliance teams.
- Foster a culture of proactive risk management, operational excellence, and cross-functional collaboration.
Minimum Qualifications, Education, and Skills- Extensive experience (approximately 15+ years) in information security, including senior leadership or CISO-level roles.
- Deep expertise in cryptography, PKI, identity management, cloud security, and enterprise security architecture.
- Demonstrated experience leading enterprise security strategy in SaaS or cloud-native organizations.
- Strong knowledge of regulatory and compliance frameworks, including ISO 27001, SOC 2, FedRAMP, GDPR, and emerging AI governance standards.
- Proven ability to communicate complex security concepts to executives, boards, customers, and regulators.
- Exceptional leadership, collaboration, and strategic planning skills.
Travel Requirements- Up to 40% travel required.
Compensation Salary will be commensurate with experience.
Culture, Career Opportunities and Benefits We build teams that continually strive to get better than the day before. You will be challenged daily and given opportunities to grow personally and professionally. We balance autonomy and structure to create an entrepreneurial environment to spur creativity and new ideas.
Here are just some of the initiatives that make our culture special:
- Second Fridays (a company-wide day off on the second Friday of every month minus November and December due to the Holiday schedule). Please note that this benefit is subject to change.
- Comprehensive benefit coverage globally.
- Generous paid parental leave globally.
- Competitive time off globally.
- Dedicated employee-focused ambassadors via Key Contributors & Culture Committees.
- DIVERSE Commitment, a call to action for a more inclusive and diverse future in business, society, and technology.
- The Keyfactor Alliance Program to support DEIB efforts.
- Wellbeing resources, wellness allowance, mindfulness app free membership, Wellness Wednesdays.
- Global Volunteer Day, company non-profit matching, and 3 volunteer days off.
- Monthly Talent development and Cross Functional meetings to support professional development.
- Regular All Hands meetings - followed by group gatherings.
