Find The RightJob.

Chief Information Security Officer

CHIEF INFORMATION SECURITY OFFICER

THE POSITION IN A NUTSHELL

Sciens is seeking a Chief Information Security Officer (CISO), who will be responsible for establishing and operating a right-sized, risk-based cybersecurity program that protects the company, supports growth initiatives, and aligns with value-creation objectives. This role balances hands-on execution with strategic oversight, ensuring security enables business performance and mergers & acquisitions (M&A) activity.

The key objectives of the role will be to:

Reduce cyber risk that could impact valuation
Establish repeatable, scalable security controls across the company
Support due diligence, integrations, and audits
Build a roadmap that will improve cyber maturity without enterprise-level cost or complexity
Provide clear, board-level visibility into risk posture

Deliver measurable reduction in critical vulnerabilities and incident risk
Perform successful audits and customer security assessments
Improve/reduce cyber insurance terms and premiums

WHAT YOU’LL BE DOING (and doing well!)

1. Security Strategy & Governance

Develop and maintain a pragmatic cybersecurity strategy and roadmap aligned to business objectives
Define security policies, standards, and procedures appropriate for a fast growing SMB environment
Establish cybersecurity governance, risk appetite, and reporting mechanisms
Present cyber risk updates to executive leadership and private equity (PE) stakeholders in plain business terms

2. Risk Management & Compliance

Identify, assess, and prioritize cyber risks using a risk-based approach
Oversee vulnerability management, penetration testing, and remediation efforts
Lead compliance initiatives, such as SOC 2, ISO 27001, NIST, CMMC, HIPAA, PCI-DSS
Ensure third-party and vendor risk management processes are in place

3. Incident Response & Resilience

Own the incident response plan, tabletop exercises, and breach readiness
Lead response to security incidents, ransomware events, or data breaches
Coordinate with legal, insurance, forensics, and external advisors as needed
Oversee backup, disaster recovery, and business continuity planning

4. Technology & Operations

Oversee core security tooling (IAM, endpoint security, SIEM/MDR, email security, cloud security)
Ensure secure configuration of cloud, SaaS, and on-prem environments
Partner closely with IT and operations teams to embed security into operations
Make cost-effective build vs. buy decisions

5. M&A Support

Support cybersecurity due diligence for acquisitions
Assess security posture of acquisition targets and provide risk summaries
Lead or advise on post-acquisition security integration and remediation
Align security maturity with PE exit strategy (strategic buyer or IPO readiness)

6. Culture & Awareness

Build a security-aware culture through training and phishing simulations
Act as a business-friendly security advisor
Educate leadership on cyber risk, insurance implications, and regulatory exposure

WHAT WE LIKE ABOUT YOU

Bachelor’s degree in Computer Science, Information Technology, or a related field (or equivalent work experience).
10+ years in information security, IT risk, or cybersecurity leadership
Experience in SMB, PE-backed, or high-growth environments
Strong working knowledge of:
- Cloud security (AWS, Azure, GCP, SaaS)
- Identity & access management
- Endpoint and network security
- Incident response and ransomware defense
- Proven ability to communicate cyber risk to non-technical executives and investors
Experience with at least one recognized security framework (NIST, ISO, CIS)

Excellent problem-solving and analytical skills.
Strong communication and interpersonal abilities.
Ability to manage multiple projects and meet deadlines in a fast-paced environment.

PREFERRED QUALIFICATIONS