Optery is seeking a hands-on, entrepreneurial CISO to lead and extend our security program end-to-end. This is a hands-on builder role for someone who not only sets the strategy, but also executes the plan, manages controls, reviews data, and interacts directly with employees, customers and auditors. You will partner closely with company leadership to advance our security, privacy, compliance, and controls programs.
Optery’s security program is already well-established, having successfully completed its SOC 2 security audits every year since 2022 through to today.
You will be responsible for policies, risk, security operations, third-party/vendor security, application/product security, incident response, and supporting customer/security questionnaires. You will also be the internal champion for securing the organization and its people, customers, systems, and processes.
Own Optery’s information security strategy, roadmap, and policies, aligned to our industry-leading security and privacy products
Lead and extend Optery’s security program mapped to common frameworks (SOC 2, ISO 27001, CIS, NIST), appropriate for a high-growth, remote-first company
Partner with engineering to embed secure SDLC practices: threat modeling, code scanning, secrets management, access controls, and secure cloud configuration
Design and run an incident response program, including playbooks for data handling, data broker interactions, ransomware/social engineering scenarios, and customer notifications
Oversee identity and access management across core systems (SaaS, cloud, data, admin apps) following least-privilege principles
Lead vendor and third-party security reviews, especially for data- or privacy-impacting services
Partner with GTM, finance, ops, and sales to complete security questionnaires, DPAs, and customer diligence to unblock deals
Work with product/legal to ensure our data flows and retention/erasure practices align with CCPA, GDPR, and other consumer privacy laws we help our customers exercise
Define, track, and report security KPIs/KRIs to leadership and the board
Train and evangelize security practices across a distributed team so security is part of onboarding and day-to-day work
8+ years in information security, with increasing ownership across GRC, security engineering, and/or product/app security
Experience building or maturing a security program at a SaaS, data, cybersecurity, or privacy-focused company
Practical experience with SOC 2 and/or ISO 27001 (authoring policies, gathering evidence, working with auditors, driving remediation)
Strong understanding of cloud security (preferably AWS): networking, IAM, secret management, logging/monitoring
Comfortable meeting with customers, prospects, and partners to explain Optery’s security posture and win trust
Excellent written and verbal communication skills; able to write policies people can actually follow
Startup-friendly mindset: willing to prioritize, right-size controls, and make progress quickly
Experience at a company that handles PII
Experience securing distributed/remote teams and mixed contractor/employee environments
Background in data protection technologies (DLP, EDR, MDM, SSO, CASB) and how to roll them out in stages
Experience supporting enterprise sales cycles by answering security questionnaires
Recognized thought leader in security, fluent public speaker, and active participant in public-facing security communities and conferences
Optery is a fully remote global team. This role is based in the United States and requires working U.S. business hours (Eastern, Central, Mountain, or Pacific).
Base Salary: $200,000 - $220,000
Competitive Equity
Health, dental, and vision insurance
401(k) with employer match
Paid time off
Home office stipend
Optery values diversity and is an equal opportunity employer. We do not discriminate on the basis of race, color, religion, sex (including pregnancy and gender identity), national origin, sexual orientation, marital status, disability, genetic information, age, parental status, military service, or any other non-merit factor.
Loading similar jobs...
Discover fully remote job opportunities in the United States at USA Remote Jobs. Apply for roles like Software Developer, Customer Service Specialist, Project Manager, and more!