Gofractional
We are seeking an experienced Fractional CISO to provide hands-on security leadership as we evolve our security function to support continued growth and European expansion. This is a permanent fractional engagement reporting directly to the CTO. You will own our information security strategy, maintain our ISO 27001 certification, build our security roadmap, and prepare the organisation for SOC 2 readiness in . This role requires someone who can operate both strategically and tactically - developing policy one day and reviewing cloud configurations the next. Key Responsibilities Strategy & Governance Develop and own the Information Security strategy aligned with ApprovalMax's business objectives and European expansion plans Maintain and continuously improve the Information Security Management System (ISMS) Create, review, and maintain core security policies, standards, and procedures Establish and chair a cross-functional Security Working Group (Engineering, Architecture, IT, HR) Build and present a multi-year security roadmap with clear milestones, resource requirements, and priorities Serve as the central authority on risk assessment, risk treatment, and risk acceptance decisions Assess and provide guidance on secure AI adoption across the organisation, including AI-powered product features and internal AI tooling Compliance & Certification Maintain ISO 27001 certification and prepare for the 2027 recertification audit Lead SOC 2 Type II readiness programme (target: ), including gap analysis and control mapping Ensure compliance with GDPR and data protection requirements across EU/UK/US/AU/NZ/CA/ZA jurisdictions Collaborate with external DPO support provider on privacy-related matters and customer security questionnaires as needed Cloud & Technical Security Provide security oversight across Azure, AWS, and Google Workspace environments Conduct access reviews and advise on identity and access management best practices Evaluate and guide implementation of security tooling (SIEM, vulnerability management, endpoint protection) Oversee VMware Workspace ONE MDM deployment and device security policies Advise engineering teams on secure SDLC practices, DevSecOps integration, and application security principles Operational Security Develop and maintain incident response plans and procedures Lead incident response tabletop exercises and post-incident reviews Provide guidance on business continuity and disaster recovery planning Advise on vendor security assessments and third-party risk management Awareness & Culture Design and deliver company-wide security awareness training programmes Mentor and upskill internal staff on security best practices Foster a security-first culture across all departments Act as a trusted advisor to leadership on emerging threats and security trends Stakeholder Engagement Report regularly to the CTO on security posture, risks, and programme progress Prepare board-level security presentations as required (infrequent) Support commercial teams by contributing to customer security discussions when escalated Qualifications 8+ years of progressive experience in information security, with at least 3 years in a CISO, Head of Security, or senior security leadership role Demonstrated experience in B2B SaaS environments, ideally in fintech, finance software, or similarly regulated industries Proven track record of achieving and maintaining ISO 27001 certification Experience preparing organisations for SOC 2 Type II certification Hands-on experience securing cloud environments (Azure and/or AWS required; GCP a plus) Experience with Google Workspace security configuration and administration Background working with distributed, remote-first engineering teams Technical Knowledge Strong understanding of cloud security architecture, identity management, and zero-trust principles Familiarity with secure software development lifecycle (SDLC) and DevSecOps practices Knowledge of MDM solutions (VMware Workspace ONE experience preferred) Understanding of API security and integration risk management Practical experience with security tooling: SIEM, vulnerability scanners, endpoint protection, etc. Awareness of AI/ML security risks, including secure AI adoption practices and emerging AI governance frameworks (desirable) Compliance & Regulatory Deep knowledge of ISO 27001:2022 requirements and audit processes Familiarity with SOC 2 Trust Service Criteria (Security, Availability, Confidentiality, Privacy) Understanding of GDPR, UK Data Protection Act, and international data transfer mechanisms Awareness of regional requirements across EU, UK, US, Australia, New Zealand, Canada, and South Africa Additional Information Growing international business with 10,000+ subscribers Regular performance-based compensation reviews 26 days paid time off 1 additional day off for your Birthday Remote office assistance Service years recognition financial reward
We are seeking an experienced Fractional CISO to provide hands-on security leadership as we evolve our security function to support continued growth and European expansion. This is a permanent fractional engagement reporting directly to the CTO. You will own our information security strategy, maintain our ISO 27001 certification, build our security roadmap, and prepare the organisation for SOC 2 readiness in . This role requires someone who can operate both strategically and tactically - developing policy one day and reviewing cloud configurations the next. Key Responsibilities Strategy & Governance Develop and own the Information Security strategy aligned with ApprovalMax's business objectives and European expansion plans Maintain and continuously improve the Information Security Management System (ISMS) Create, review, and maintain core security policies, standards, and procedures Establish and chair a cross-functional Security Working Group (Engineering, Architecture, IT, HR) Build and present a multi-year security roadmap with clear milestones, resource requirements, and priorities Serve as the central authority on risk assessment, risk treatment, and risk acceptance decisions Assess and provide guidance on secure AI adoption across the organisation, including AI-powered product features and internal AI tooling Compliance & Certification Maintain ISO 27001 certification and prepare for the 2027 recertification audit Lead SOC 2 Type II readiness programme (target: ), including gap analysis and control mapping Ensure compliance with GDPR and data protection requirements across EU/UK/US/AU/NZ/CA/ZA jurisdictions Collaborate with external DPO support provider on privacy-related matters and customer security questionnaires as needed Cloud & Technical Security Provide security oversight across Azure, AWS, and Google Workspace environments Conduct access reviews and advise on identity and access management best practices Evaluate and guide implementation of security tooling (SIEM, vulnerability management, endpoint protection) Oversee VMware Workspace ONE MDM deployment and device security policies Advise engineering teams on secure SDLC practices, DevSecOps integration, and application security principles Operational Security Develop and maintain incident response plans and procedures Lead incident response tabletop exercises and post-incident reviews Provide guidance on business continuity and disaster recovery planning Advise on vendor security assessments and third-party risk management Awareness & Culture Design and deliver company-wide security awareness training programmes Mentor and upskill internal staff on security best practices Foster a security-first culture across all departments Act as a trusted advisor to leadership on emerging threats and security trends Stakeholder Engagement Report regularly to the CTO on security posture, risks, and programme progress Prepare board-level security presentations as required (infrequent) Support commercial teams by contributing to customer security discussions when escalated Qualifications 8+ years of progressive experience in information security, with at least 3 years in a CISO, Head of Security, or senior security leadership role Demonstrated experience in B2B SaaS environments, ideally in fintech, finance software, or similarly regulated industries Proven track record of achieving and maintaining ISO 27001 certification Experience preparing organisations for SOC 2 Type II certification Hands-on experience securing cloud environments (Azure and/or AWS required; GCP a plus) Experience with Google Workspace security configuration and administration Background working with distributed, remote-first engineering teams Technical Knowledge Strong understanding of cloud security architecture, identity management, and zero-trust principles Familiarity with secure software development lifecycle (SDLC) and DevSecOps practices Knowledge of MDM solutions (VMware Workspace ONE experience preferred) Understanding of API security and integration risk management Practical experience with security tooling: SIEM, vulnerability scanners, endpoint protection, etc. Awareness of AI/ML security risks, including secure AI adoption practices and emerging AI governance frameworks (desirable) Compliance & Regulatory Deep knowledge of ISO 27001:2022 requirements and audit processes Familiarity with SOC 2 Trust Service Criteria (Security, Availability, Confidentiality, Privacy) Understanding of GDPR, UK Data Protection Act, and international data transfer mechanisms Awareness of regional requirements across EU, UK, US, Australia, New Zealand, Canada, and South Africa Additional Information Growing international business with 10,000+ subscribers Regular performance-based compensation reviews 26 days paid time off 1 additional day off for your Birthday Remote office assistance Service years recognition financial reward
Montrose Environmental Group
drives our approach to security and risk management. The CISO role is pivotal in safeguarding our business, our clients, and our mission, moving beyond compliance optics to build a resilient, risk-based security culture that enables growth and innovation.This is not a checkbox compliance role. This is enterprise security leadership with real-world impact: embedding security into every layer of our technology stack, business processes, and product delivery. If you're energized by building robust security programs, closing material risk gaps, and enabling modern engineering workflows, this role is built for you. The Role The Chief Information Security Officer (CISO) owns the strategy, architecture, and execution of Montrose's enterprise security program. The CISO leads a cross-functional security team (Governance, Risk & Compliance, Security Operations, Identity & Access Management) and partners with Legal, Infrastructure, Applications, and Product Engineering to deliver a comprehensive, scalable, and audit-ready security posture. Our mission is supported by our principles: We Value Our People, We Value Our Community, We Value Our Clients, We Value Our Shareholders. We differentiate ourselves with diverse talent. We care for the well-being and development of our people. So, we offer:Competitive compensation package: annual salary ranging from $275,000 - $300,000 USD; eligible for annual bonus of 30-40% Competitive medical, dental, and vision insurance coverage 401k with a competitive 4% employer match Key Responsibilities Qualifications 10+ years of experience leading enterprise security programs and teams (GRC, SecOps, IAM) with direct CIO reporting. Proven ability to operationalize policy lifecycle management, incident response, and audit readiness. Ability to communicate effectively with executives, technical teams, and business leaders. Experience preparing for or implementing SOC 2/ISO 27001 audits and CMMC enclaves. Why This Role Is Compelling Montrose's ability to win and If you want to drive meaningful change, influence business outcomes, and lead a security program that is respected as a business partner - not just a gatekeeper - this is the role.Montrose is a leading environmental solutions company focused on supporting commercial and government organizations as they deal with the challenges of today and prepare for what's coming tomorrow. With 3,400 employees across 100+ locations worldwide, Montrose combines deep local knowledge with an integrated approach to design, engineering, and operations, enabling Montrose to respond effectively and efficiently to the unique requirements of each project. From comprehensive air measurement and laboratory services to regulatory compliance, emergency response, permitting, engineering, and remediation, Montrose delivers innovative and practical solutions that keep its clients on top of their immediate needs - and well ahead of the strategic curve. For more information, visit We're blazing new trails. Forget everything you think you know about how environmental companies work. Montrose Environmental Group was designed from the ground up to deliver a better experience and better outcomes for both our clients and our employees.We're growing rapidly-with a purpose. We're bringing the best minds on board, and giving them the freedom to focus on what matters most: coming up with ingenious, effective ways to measure, assess, and address real-world situations. The kind that face industries of all kinds right now, and the kind that we want to be the first to see on the horizon.When we do that, we add value. We create opportunities for our clients and ourselves. We grow. We learn. We make a real difference in the world around us. You can help lead the way. Montrose is committed to being an inclusive workplace. Montrose is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability. You can read more about EEO or view the . If you'd like to view a copy of the company's affirmative action plan or policy statement, please email . If you have a disability and you believe you need a reasonable accommodation in order to search for a job opening or to submit an online application, please e-mail or call . This email and phone number are created exclusively to assist disabled job seekers whose disability prevents them from being able to apply online. Only messages left for this purpose will be returned. Messages left for other purposes, such as following up on an application or technical issues not related to a disability, will not receive a response.
drives our approach to security and risk management. The CISO role is pivotal in safeguarding our business, our clients, and our mission, moving beyond compliance optics to build a resilient, risk-based security culture that enables growth and innovation.This is not a checkbox compliance role. This is enterprise security leadership with real-world impact: embedding security into every layer of our technology stack, business processes, and product delivery. If you're energized by building robust security programs, closing material risk gaps, and enabling modern engineering workflows, this role is built for you. The Role The Chief Information Security Officer (CISO) owns the strategy, architecture, and execution of Montrose's enterprise security program. The CISO leads a cross-functional security team (Governance, Risk & Compliance, Security Operations, Identity & Access Management) and partners with Legal, Infrastructure, Applications, and Product Engineering to deliver a comprehensive, scalable, and audit-ready security posture. Our mission is supported by our principles: We Value Our People, We Value Our Community, We Value Our Clients, We Value Our Shareholders. We differentiate ourselves with diverse talent. We care for the well-being and development of our people. So, we offer:Competitive compensation package: annual salary ranging from $275,000 - $300,000 USD; eligible for annual bonus of 30-40% Competitive medical, dental, and vision insurance coverage 401k with a competitive 4% employer match Key Responsibilities Qualifications 10+ years of experience leading enterprise security programs and teams (GRC, SecOps, IAM) with direct CIO reporting. Proven ability to operationalize policy lifecycle management, incident response, and audit readiness. Ability to communicate effectively with executives, technical teams, and business leaders. Experience preparing for or implementing SOC 2/ISO 27001 audits and CMMC enclaves. Why This Role Is Compelling Montrose's ability to win and If you want to drive meaningful change, influence business outcomes, and lead a security program that is respected as a business partner - not just a gatekeeper - this is the role.Montrose is a leading environmental solutions company focused on supporting commercial and government organizations as they deal with the challenges of today and prepare for what's coming tomorrow. With 3,400 employees across 100+ locations worldwide, Montrose combines deep local knowledge with an integrated approach to design, engineering, and operations, enabling Montrose to respond effectively and efficiently to the unique requirements of each project. From comprehensive air measurement and laboratory services to regulatory compliance, emergency response, permitting, engineering, and remediation, Montrose delivers innovative and practical solutions that keep its clients on top of their immediate needs - and well ahead of the strategic curve. For more information, visit We're blazing new trails. Forget everything you think you know about how environmental companies work. Montrose Environmental Group was designed from the ground up to deliver a better experience and better outcomes for both our clients and our employees.We're growing rapidly-with a purpose. We're bringing the best minds on board, and giving them the freedom to focus on what matters most: coming up with ingenious, effective ways to measure, assess, and address real-world situations. The kind that face industries of all kinds right now, and the kind that we want to be the first to see on the horizon.When we do that, we add value. We create opportunities for our clients and ourselves. We grow. We learn. We make a real difference in the world around us. You can help lead the way. Montrose is committed to being an inclusive workplace. Montrose is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability. You can read more about EEO or view the . If you'd like to view a copy of the company's affirmative action plan or policy statement, please email . If you have a disability and you believe you need a reasonable accommodation in order to search for a job opening or to submit an online application, please e-mail or call . This email and phone number are created exclusively to assist disabled job seekers whose disability prevents them from being able to apply online. Only messages left for this purpose will be returned. Messages left for other purposes, such as following up on an application or technical issues not related to a disability, will not receive a response.