VP, Deputy Chief Information Security Officer (Remote)

Avenu Holdings LLC

$130K — $180K *
US-AnywhereRemote in Texas, US
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 10+ years in information security, with 4+ years managing security teams or functional leads.
  • Experience with at least one SOC 2 or SOC 1 audit and one PCI DSS assessment cycle as a control owner or program lead.
  • Strong preference for experience with FedRAMP or GovRAMP authorization processes.
  • Proficient in vulnerability management platforms and cloud security tools (e.g., Tenable).
  • Track record in standardizing security processes across multiple business units.

Responsibilities

  • Manage the four functional team leads in GRC, AppSec, Cloud/Vuln, and SecOps, ensuring accountability and delivery.
  • Run regular team operations, including performance management and planning sessions.
  • Establish shared operating models to enhance collaboration across the four functions.
  • Resolve tooling and process decisions among Avenu, ITI, and GovOS.
  • Standardize operations across legacy environments, prioritizing cohesive execution.
  • Lead and track operational roadmaps for compliance with SOC 1, SOC 2, and PCI DSS.
  • Manage vendor relationships and audit interactions for compliance assessments.

Benefits

  • Opportunity to lead a multi-faceted Information Security program across major business lines.
  • Experience managing complex compliance frameworks like SOC, PCI DSS, FedRAMP, and GovRAMP.
  • Collaboration with executive leadership and board-level reporting.
  • Potential to shape security tooling and processes across disparate environments.
  • Engage with external compliance advisory firms and audit organizations.
Full Job Description
Job Summary:

Neumo is building a unified Information Security program across five lines of business and three legacy environments - Avenu, ITI, and GovOS. The CISO sets strategy and owns the board and executive relationship; the VP, Deputy CISO owns execution. This is a distinct, operational mandate: you run the program day to day, lead the four functional teams, make the working-level calls on tooling and process, and are personally accountable for the roadmap that gets us to SOC 1, SOC 2, PCI DSS, FedRAMP High, and GovRAMP.

This role exists because compliance commitments at this scale don't run on strategy alone - they run on someone who manages the leads, resolves the conflicts, and keeps evidence collection, scans, and assessments on schedule across three environments that don't yet operate the same way.

Duties and Responsibilities:

Team Leadership
  • Directly manage the four functional leads - GRC, AppSec, Cloud/Vulnerability, and SecOps - setting priorities, removing blockers, and holding them accountable to delivery.
  • Run the operating cadence for the team: weekly leads sync, sprint/quarter planning, and performance management for direct reports.
  • Build a consistent operating model across the four functions so GRC, AppSec, Cloud/Vuln, and SecOps work from shared priorities rather than in silos.

Cross-Entity Execution
  • Resolve tooling and process decisions at the working level across Avenu, ITI, and GovOS
  • Own the standardization roadmap that brings three legacy environments onto common tooling, control sets, and operating procedures.
  • Act as the escalation point when legacy entities disagree on approach; make the call and move the work forward.

Compliance Program Operations
  • Own the operational roadmap behind SOC 1 and SOC 2: continuous evidence collection, control owners, and audit readiness ahead of annual audits.
  • Own PCI DSS operations: the annual assessment cycle plus quarterly scan cadence, remediation tracking, and scope management.
  • Drive the FedRAMP High authorization effort and the parallel GovRAMP pursuit - both multi-year, high-cost programs (FedRAMP High alone typically runs 12-24 months and $500K-$1M+) - translating authorization requirements into workstreams, milestones, and owners.
  • Maintain a single rolling roadmap across all frameworks so audit cycles, scan windows, and authorization milestones are sequenced, resourced, and visible - and don't collide.
  • Report program status, risks, and resourcing needs to the CISO with enough detail to support executive and board reporting.

Vendor & Audit Management
  • Serve as the day-to-day owner of external audit and assessment relationships (e.g., compliance advisory firms, QSAs, 3PAOs), keeping evidence requests, timelines, and findings moving.
  • Manage tooling vendors supporting GRC, vulnerability management, and security operations, including renewal and consolidation decisions across the three legacy stacks.


Education and Experience:
  • 10+ years in information security, with at least 4 years managing security teams or functional leads directly.
  • Direct experience operating through at least one SOC 2 or SOC 1 audit cycle and one PCI DSS assessment cycle as a control owner or program lead.
  • Experience with FedRAMP or GovRAMP authorization work - control implementation, SSP development, or 3PAO assessment support - strongly preferred.
  • Experience with vulnerability management platforms (e.g., Tenable) and WAF/cloud security tooling a plus


Knowledge, Skills and Abilities:
  • Track record of standardizing security tooling or process across multiple business units, products, or post-merger environments.
  • Comfortable making and owning tooling/process decisions without escalating every call upward - this role is judged on throughput, not just judgment.
  • Working knowledge of NIST CSF 2.0 and how it maps to GRC, AppSec, Cloud/Vuln, and SecOps functions.


Work Environment:
  • Office setting with a moderate noise level.
  • The employee will work at an individual workstation, using a telephone and computer.


Physical Demands:
  • Must be able to remain seated for extended periods.
  • Regular use of a computer and other office machinery, such as printers and copy machines.
  • Occasional movement around the office.
  • Frequent communication via telephone.


Similar Jobs

More Jobs at Avenu Holdings LLC

More Information Technology Jobs

Find similar VP, Deputy Chief Information Security Officer (Remote) jobs: