Chief Information Security Officer

Cygnostic is seeking an experienced and visionary Chief Information Security Officer (CISO) to act as the vCISO of our clients. You will be responsible for developing and implementing a comprehensive security program that includes cyber risk assessment, mitigation, and response strategies.

In this role, you will work closely with executive leadership, R&D, and security teams to ensure that our customer's security posture is robust and resilient in the face of evolving threats. The ideal candidate will have a deep understanding of both the technical and strategic aspects of information security, with the ability to communicate effectively across all levels of the organization.

Key Responsibilities

• Leadership & Strategy:

• Develop, implement, and manage client’s information security strategy, aligning it with their business objectives.
• Lead the security team, fostering a culture of security awareness and best practices across the organization.
• Act as a key advisor to the executive team on all matters related to information security and risk management.

• Security Operations:

• Oversee all aspects of the company’s information security program, including cyber risk assessment, vulnerability management, and incident response.
• Ensure the protection of the client's cloud and application environments, implementing advanced security measures and technologies.
• Lead the identification, assessment, and prioritization of cybersecurity risks and the development of action plans to mitigate them.

• Compliance & Risk Management:

• Ensure compliance with relevant regulations, standards, and best practices, including NIST, ISO 27001 Family, GDPR, SOC2, CSA and others.
• Develop and maintain policies and procedures to protect sensitive information and ensure data privacy.
• Manage security audits and assessments, working with external auditors and regulatory bodies as needed.

• Collaboration & Communication:

• Work closely with R&D, DevOps, and IT teams to integrate security into the Software Development Lifecycle (SDLC) and cloud operations.
• Communicate the company’s security posture to stakeholders, including the board of directors, clients, and partners.
• Educate and train employees on security best practices and ensure a high level of security awareness across the organization.

• Incident Response:

• Lead the response to security incidents, managing cross-functional teams during incidents, and ensuring timely resolution and communication.
• Continuously improve incident response plans and protocols, leveraging lessons learned from past incidents.

Qualifications

• Proven experience in a senior information security leadership role, preferably as a CISO or equivalent for at least 3 years.
• Extensive knowledge of cybersecurity frameworks, risk management, and regulatory compliance.
• Experience with cloud security, especially in AWS and Azure, and a strong understanding of securing complex, distributed environments.
• Expertise in implementing and managing security technologies, including SIEM, IDS/IPS, firewalls, and endpoint protection.
• Strong understanding of Secure Development Lifecycle (SDLC) practices and DevSecOps principles.
• Excellent communication and leadership skills, with the ability to influence and drive change at all levels of the organization.
• Relevant certifications such as CISSP, CISM, CISA, or equivalent.
• A strategic thinker with a proactive approach to problem-solving and risk management.
• High level of integrity, professionalism, and a commitment to excellence.

Why Cygnostic?

• Join a forward-thinking MSSP at the forefront of cloud and application security.
• Collaborate with a dynamic team that values innovation, collaboration, and customer-centric solutions.
• Be part of an organization that prioritizes security, quality, and continuous improvement.

If you are a seasoned security leader ready to shape the future of cybersecurity at Cygnostic, we invite you to apply and join us in our mission to protect our clients and empower their success.