Lead Information Security Officer

About the Role
We are seeking an experienced Lead Information Security Officer who combines the technical depth of an application security engineer with the strategic oversight of a security leader. The primary focus of this role will be on application security and technical implementation, while the secondary focus will be on compliance management, process governance, and long-term security strategy.
This position is designed for a professional who is not only comfortable with leading at the executive level but is also willing and able to directly engage in the technical aspects of securing applications and infrastructure. The successful candidate will be expected to work closely with engineering and operations teams to implement effective security controls, while also providing guidance on compliance, secure development practices, and organizational security direction.

Primary Responsibilities (up to 70% of work activity)
●Drive application security initiatives, including threat modeling, code reviews, penetration testing, and remediation of identified vulnerabilities.
●Integrate and maintain security tools within CI/CD pipelines to ensure secure development and deployment processes.
●Actively manage and secure production environments, ensuring timely response to emerging threats and vulnerabilities.
●Develop, implement, and enforce secure SDLC processes across teams and projects.
●Collaborate with development teams to embed security within the software development lifecycle.
Secondary Responsibilities (up to 30% of work activity)
●Oversee compliance with industry standards, regulatory requirements, and internal policies.
●Define, refine, and execute the company’s overarching security strategy, ensuring alignment with business objectives and risk appetite.
●Act as a bridge between technical security operations and executive leadership, ensuring clear communication of risks, priorities, and progress.

Requirements
●Proven experience as an Application Security Engineer, Security Architect, or similar role, with exposure to executive-level decision-making.
●Demonstrated understanding of compliance frameworks (such as ISO 27001, SOC 2, GDPR, or similar).
●Hands-on experience with enterprise security technologies including Jamf, Palo Alto (PAB, GP), AWS, Azure, Okta, and Cloudflare.
●Strong knowledge of modern CI/CD practices and their secure implementation.
●Excellent analytical, communication, and leadership skills, with the ability to influence both technical teams and executive stakeholders.