Source Job

United States Unlimited PTO

  • Partner with the CISO to drive security strategy, roadmap, and execution across application security, GRC, and operations.
  • Support compliance initiatives including PCI, SOC 2, ISO 27001, DORA, and FedRAMP readiness.
  • Serve as a trusted security leader in customer-facing settings, translating technical risks into business language.

Application Security GRC Cloud Security IAM Compliance Frameworks

20 jobs similar to Deputy Chief Information Security Officer

Jobs ranked by similarity.

  • Owns product, cloud, engineering, vendor, AI-tooling, and compliance security functions.
  • Builds practical guardrails for AI tools, agents, MCPs, data leakage, and automation.
  • Understands OWASP, IAM, secrets, cloud security, vulnerability management, CI/CD, incident response, and frameworks like SOC 2, ISO 27001, GDPR, or HIPAA.

PlayPower Labs is a company focused on building practical security functions without slowing down teams. The organization values security sharpness, usefulness, and a product-minded approach, with a culture that balances protection and agility.

US Unlimited PTO

  • Serve as a senior security and compliance advisor for clients in finance, VC, PE, and biotech, translating complex requirements into practical action plans.
  • Lead consultative conversations on governance, risk, controls, AI adoption, and audit readiness, delivering clear executive-level recommendations.
  • Build and refine Outpost's service delivery playbooks, templates, and documentation to scale the offering and improve client experience.

Pliancy is fundamentally changing how businesses value technology, specializing in IT support for life sciences, capital management, and startups. With a people-first culture, the company prioritizes curiosity and empathy, investing in long-term employee success.

US

  • Design and implement comprehensive security architectures for network, application, data protection, and identity management.
  • Identify and assess security risks, developing mitigation strategies to reduce organizational risk.
  • Leverage automation across the technology stack to ensure best practices in Identity and Access Management.

HealthEdge provides software solutions for the healthcare industry. The company fosters a positive, fun, and collaborative work environment with an emphasis on mentoring and building influence.

US

  • Own and manage the compliance program including SOC 2 and ISO 27001 readiness and audits.
  • Lead risk assessments, control testing, and enterprise risk management processes.
  • Partner with Engineering, Security, Product, Legal, HR, and Operations to embed compliance into business processes.

Calendly is a scheduling platform used by millions to automate meetings and streamline time management. They are a rapidly growing SaaS company fostering a culture of learning and high performance.

Europe 5w PTO

  • Own and drive the compliance roadmap across multiple frameworks like ISO 27001, TISAX, SOC 2, and GDPR.
  • Implement ISO 27001 and adjacent frameworks end-to-end for customers, ensuring successful audits.
  • Mentor the compliance team, conduct internal audits, and act as the senior compliance voice for customers, auditors, and product.

Secfix automates security compliance for companies, helping them achieve ISO 27001, GDPR, TISAX, and SOC 2 quickly. They are a high-performing 100% remote team with hubs in Germany and the UK, backed by top VCs.

US

  • Manage security compliance programs against frameworks like PCI-DSS, NIST, and SOC 1/2, leveraging automation tools for continuous assessment.
  • Oversee identity and access management, including automated provisioning audits and anomaly detection.
  • Collaborate with engineering, DevOps, and product teams to integrate compliance into CI/CD and cloud infrastructure.

Prosper is a FinTech company focused on improving financial well-being. It is a growing company with a collaborative culture and offers resources for professional growth and holistic well-being.

Europe

  • Define and drive Morpho's security strategy across corporate, IT, cloud, application, supply chain, identity, incident response, threat intelligence, and counterparty security.
  • Build and lead the security function by hiring and developing a team while staying hands-on with threat modeling, architecture review, and incident response.
  • Represent Morpho's security posture externally to partners and institutions, and internally to leadership, partnering with engineering and integration teams.

Morpho is a leading Decentralized Finance (DeFi) lending protocol that raised funding from major investors to build an open credit network for borrowing and lending on-chain. With over $10 billion in deposits, Morpho is scaling its team to become the global open credit network, emphasizing a high-support, low-ego culture that navigates uncertainty in a nascent market.

United States

  • Lead the global cyber security strategy, governance, and operations to protect clients, systems, data, and brand reputation across all regions.
  • Define and execute the Information Security Management System (ISMS) aligned to ISO 27001, SOC2, and TISAX, while managing enterprise risk and compliance.
  • Serve as the senior authority on cyber risk, advising the CTO, Board, and customers, and act as executive incident commander for major cyber events.

JD Power is a proven leader in business-critical data and intelligence, powering auto-related decisions with proprietary data, advanced analytics, and deep industry expertise. The company is a global corporation with a diverse workforce and a culture focused on innovation, collaboration, and trust.

US Unlimited PTO

  • Manage and support compliance certifications including SOC 2, HITRUST, and ISO 27001 audits across the audit lifecycle.
  • Serve as the subject matter expert across the company on compliance frameworks and primary point of contact for external auditors.
  • Maintain the risk register, drive risk identification and reporting, and scale GRC function with AI and automation.

Garner transforms the healthcare economy by partnering with employers to redesign healthcare benefits using data-driven insights. It is a fast-growing healthcare technology company with a mission-driven team focused on making healthcare more affordable and high-quality.

Unlimited PTO

  • Lead AppSec program assessments to evaluate current state and help clients prioritize remediation efforts based on risk, resources, and organizational readiness.
  • Design pragmatic security workflows, processes, and tooling integrations that engineering teams will actually adopt.
  • Deliver polished client work including clear assessments, actionable roadmaps, and executive communications that drive decision-making.

GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. The company has grown to over 1,200 employees and serves as a trusted advisor to more than 6,200 customers.

US

  • Develop and maintain the enterprise IT GRC strategy, framework, and roadmap, presenting updates to executive leadership.
  • Lead enterprise IT risk assessments, maintain risk registers, and oversee remediation efforts.
  • Ensure compliance with regulations like NIST, ISO 27001, SOC, PCI-DSS, HIPAA, GDPR, and SOX.

Mission Critical Group is an end-to-end power solutions and services provider that accelerates time-to-power for mission critical environments. With over 1.5 million square feet of U.S. manufacturing capacity, the company supports data centers, healthcare, and industrial facilities where uptime is non-negotiable.

GRC Manager

Runway
US

  • Design and implement a comprehensive GRC framework addressing both traditional security controls and novel AI safety considerations.
  • Lead engagements with external auditors to obtain critical security certifications like SOC 2, ISO 27001/27701/42001, and FedRAMP.
  • Partner with AI research teams to develop and implement appropriate safeguards and controls for machine learning systems.

Runway builds AI to simulate the world through merging art and science, focusing on world models for progress in artificial intelligence. Our team consists of creative, open-minded, caring, and ambitious people determined to change the world, striving to continuously build impossible things.

Global 18w maternity 16w paternity

  • Serve as a primary compliance resource embedded in the Alma-to-Spring Health integration, mapping control environments and building a unified compliance organization.
  • Own and lead enterprise-level compliance programs including SOC 2 Type II, HITRUST, HIPAA, GDPR, ISO 27001, ISO 42001, and ITGC-SOX.
  • Develop and operationalize Spring Health's AI governance program, including policies, risk frameworks, and AI-specific compliance documentation.

Spring Health is a global mental health company on a mission to eliminate every barrier to mental health. With outcomes independently validated by JAMA Network Open, Spring Health reaches more than 170 million people worldwide through leading employers, health plans, and partners.

US

  • Monitor security alerts, vulnerabilities, and incidents across enterprise systems and assist in incident response.
  • Maintain compliance with standards such as NIST CSF, ISO 27001, and SOC 2 through audits and policy development.
  • Conduct security risk assessments, evaluate controls, and track remediation plans.

Mission Critical Group is an end-to-end power solutions and services provider that accelerates time-to-power for mission critical environments. With over 1.5 million square feet of U.S. manufacturing capacity, they support data centers, healthcare, and industrial facilities.

US

  • Maintain Risk Management Framework artifacts for DevSecOps pipeline inheritance of NIST SP 800-53 controls.
  • Complete and validate STIG/SRG checklists quarterly and provide monthly application STIG status reports.
  • Evaluate program risks, document mitigation strategies, and recommend courses of action to ensure continuous ATO compliance.

DecisionPoint is a company providing cloud services and DevSecOps solutions, supporting ARTRANS AWS environments. It is a regular full-time employer fostering a culture of security and compliance, with an active Secret clearance required for this role.

US Unlimited PTO 24w maternity 24w paternity

  • Lead corporate IT and enterprise security operations, including system architecture and budget management.
  • Partner with DevOps to ensure security requirements extend to the product platform.
  • Manage external SOC providers and MDR platforms across the corporate fleet.

VIA is a digital infrastructure company that provides mission-critical organizations with speed and security, specializing in agentic AI, zero-trust identity, quantum-resistant data, and offline stablecoin payments. The company is fast-paced and technology-focused, with a flat, non-traditional hierarchy emphasizing continuous coaching and cross-functional collaboration.

US 4w PTO

  • Collaborate with cross-functional teams to apply cybersecurity best practices across systems, applications, and cloud environments.
  • Lead portions of cybersecurity assessments across the technology stack, identifying vulnerabilities and recommending remediation strategies.
  • Assist in shaping cybersecurity risk management activities, helping prioritize and guide security initiatives to protect critical assets.

Rise8 builds custom, secure software for government organizations, measuring success by impact: lives saved, time returned, and missions advanced. Certified as a Great Place to Work® with 100% of employees saying they love working here, Rise8 offers a culture rooted in kindness, candor, and continuous learning.

US

  • Design and implement secure, scalable Azure cloud architectures including landing zones, hybrid environments, and migration from legacy systems.
  • Embed Zero Trust and security-by-design principles using Azure-native tools like Defender for Cloud, Sentinel, and Entra ID.
  • Act as Agile Product Owner for Azure infrastructure and security services, managing backlogs and roadmaps while ensuring compliance with regulatory frameworks.

Jobgether is an AI-powered job matching platform that connects candidates with hiring companies. They use a technology-driven process to review applications and share top-fitting candidates directly with employers.

US Unlimited PTO

  • Lead the technical work to achieve and maintain compliance certifications (SOC 2, ISO 27001, and the upcoming FedRAMP process)
  • Design and implement security controls across AWS infrastructure, CI/CD pipelines, Kubernetes, and application deployments
  • Build the automation, logging, and evidence collection required for continuous compliance

Zafran's mission is to stop the exploitation of vulnerabilities everywhere, using an Exposure Graph that maps and neutralizes real attack paths. Backed by Menlo Ventures, Sequoia Capital, and Cyberstarts, they are one of the fastest-growing companies in cybersecurity, with a culture of meaningful work and challenging teammates.

US

  • Support the day-to-day security posture of systems across cloud and on-prem environments, including vulnerability management and remediation tracking.
  • Partner with infrastructure, platform, and engineering teams on secure configuration, access control, logging, and incident readiness.
  • Support compliance activities related to GovRAMP, FedRAMP, PCI DSS, and internal reviews using AWS security tooling.

Grant Street Group is a growing company that provides SaaS products for electronic payments, auctions, and tax collection. The company fosters a culture of teamwork, professional excellence, and individual responsibility in a technology-rich remote environment.