Chief Information Security Officer

Why Montrose 

Montrose is on a mission to protect the planet and public health using science, data, and technology at scale. Our commitment to environmental intelligence, regulatory insight, and advanced digital platforms drives our approach to security and risk management. The CISO role is pivotal in safeguarding our business, our clients, and our mission, moving beyond compliance optics to build a resilient, risk-based security culture that enables growth and innovation. 

This is not a checkbox compliance role. This is enterprise security leadership with real-world impact: embedding security into every layer of our technology stack, business processes, and product delivery. If you’re energized by building robust security programs, closing material risk gaps, and enabling modern engineering workflows, this role is built for you. 

The Role 
The Chief Information Security Officer (CISO) owns the strategy, architecture, and execution of Montrose’s enterprise security program. The CISO leads a cross-functional security team (Governance, Risk & Compliance, Security Operations, Identity & Access Management) and partners with Legal, Infrastructure, Applications, and Product Engineering to deliver a comprehensive, scalable, and audit-ready security posture. 

You will define how security is designed, governed, and operationalized, driving clarity where there is complexity and accountability where there is fragmentation. You’ll be bold about policy lifecycle management, asset visibility, and risk prioritization, while preparing the organization for the next generation of compliance, monitoring, and secure product delivery. 

What We Can Offer You 

Our mission is supported by our principles: We Value Our People, We Value Our Community, We Value Our Clients, We Value Our Shareholders. We differentiate ourselves with diverse talent.  We care for the well-being and development of our people.  So, we offer: 

• Regular interaction and partnership with the executive team and senior leaders across Montrose 

• Competitive compensation package: annual salary ranging from $275,000 - $300,000 USD; eligible for annual bonus of 30-40% 

• Competitive medical, dental, and vision insurance coverage 

• 401k with a competitive 4% employer match 

• Progressive vacation policies and company holidays to ensure work/life balance 

• A financial assistance program to help support peers in need known as the Montrose Foundation 

• Access to attractive student loan rates to optimize your student loan payoff plans 

Key Responsibilities 

• Enterprise Security Strategy & Architecture: Own the end-to-end vision and roadmap for Montrose’s enterprise security program; define reference architectures and governance principles aligned to NIST 800-171, ISO 27001, NIST CSF, CIS Controls. 

• Risk Management & Compliance: Build and maintain a CMMC L2 compliant enclave; align governance and controls to regulatory frameworks; lead incident readiness and response. 

• Security Operations & Architecture: Establish a complete asset inventory and validate tool coverage; segment and secure lab networks; partner with CTO and engineering teams to enable secure, modern software development. 

• Policies, Training & Culture: Publish clear policies and governance procedures; ensure annual reviews and training; govern guest/external data sharing in M365. 

• Team & Leadership: Lead and grow a high-performing security organization spanning GRC, SecOps, and IAM; serve as a trusted partner to executives. 

What Success Looks Like (9-12 Months) 

• A clearly defined, well-governed enterprise security architecture is in place. 

• Asset inventory and tool coverage are complete and validated; continuous monitoring is operational. 

• CMMC readiness achieved; SOC 2/ISO 27001 certification plan is underway. 

• Security policies are published, enforced, and aligned to best practices. 

• Security is embedded in engineering workflows and product delivery. 

Qualifications 

• 10+ years of experience leading enterprise security programs and teams (GRC, SecOps, IAM) with direct CIO reporting. 

• Demonstrated success aligning programs to NIST 800-171, ISO 27001, NIST CSF, CIS Controls, and achieving compliance. 

• Proven ability to operationalize policy lifecycle management, incident response, and audit readiness. 

• Track record partnering with Legal, Infrastructure, Applications, and engineering teams to reconcile control rigor with delivery needs. 

• Ability to communicate effectively with executives, technical teams, and business leaders. 

• You respectfully challenge your peers, and welcome the opportunity when others challenge you. 

• You are flexible, resilient, and curious. 

Preferred 

• Industry certifications (e.g., CISSP, CISM). 

• Experience preparing for or implementing SOC 2/ISO 27001 audits and CMMC enclaves. 

• Background in regulated, data-intensive, or multi-line-of-business environments. 

Why This Role Is Compelling 

As CISO at Montrose, you will own and shape the entire security program - transforming it from a reactive, compliance-driven function into a proactive, business-enabling force. You’ll have the mandate and executive support to build a modern, risk-based security culture that not only protects the organization but also empowers innovation and growth. 

Your leadership will directly impact Montrose’s ability to win and retain business, meet evolving regulatory demands, and deliver on our mission to protect the planet and public health. By partnering across IT, Legal, Product, and Operations, you’ll ensure that security is a strategic enabler, removing friction, building trust with clients, and supporting the rapid adoption of new technologies. 

If you want to drive meaningful change, influence business outcomes, and lead a security program that is respected as a business partner - not just a gatekeeper - this is the role. 

Make The Right Move To Accelerate Your Career 

Montrose is a leading environmental solutions company focused on supporting commercial and government organizations as they deal with the challenges of today and prepare for what's coming tomorrow. With ~3,400 employees across 100+ locations worldwide, Montrose combines deep local knowledge with an integrated approach to design, engineering, and operations, enabling Montrose to respond effectively and efficiently to the unique requirements of each project. From comprehensive air measurement and laboratory services to regulatory compliance, emergency response, permitting, engineering, and remediation, Montrose delivers innovative and practical solutions that keep its clients on top of their immediate needs – and well ahead of the strategic curve. For more information, visit www.montrose-env.com.  

We are going to be blunt – the way we work may not suit everyone. Montrose is a fast-paced, dynamic and high-growth company. You are your own boss, but you will get ample guidance and support from talented, engaged, super-smart colleagues from Montrose and its service providers. Therefore, if freedom, autonomy, and head-scratching professional challenges attract you, we could be the perfect match. 

Want to know more about Montrose? Visit montrose-env.com and have fun! 

Montrose is an Equal Opportunity Employer. Montrose is committed to providing access and reasonable accommodation in its employment for individuals with disabilities.