VP & Chief Information Security Officer

Key Responsibilities and Essential Job Functions Enterprise Security Strategy & Governance

Design and implement a scalable security strategy and governance model that aligns with business objectives, is adaptable, and anticipates the unique risks and requirements of hypergrowth.

Design and execute a forward‑looking cybersecurity strategy that supports innovation while maintaining customer trust and competitive differentiation, proactively positioning security as a competitive advantage that builds and sustains stakeholders’ trust at scale.

In partnership with the Compliance Team, maintain and enhance compliance posture across multiple frameworks including SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, and CCPA 2.0.

Establish automated, risk‑based security governance frameworks and controls that scale effortlessly with the business, enabling decentralized and informed decision‑making.

Lead enterprise‑wide threat detection, vulnerability management (TVM), and incident response programs with measurable effectiveness metrics.

Instantiate security‑as‑code and automated frameworks for architecture, engineering, and operations to eliminate manual toil and support hypergrowth.

Improve an operationalized proactive cyber resilience program focused on minimizing business impact during and after a security event.

Lead the evolution of the SOC, leveraging automation and threat intelligence to achieve 24/7 coverage with maximum efficiency, and transition it towards a data‑driven security‑as‑a‑service model.

Define and track business‑oriented security metrics and key risk indicators (KRIs) that directly inform business leaders on risk exposure and the effectiveness of security investments.

Drive continuous improvement in mean time to detect (MTTD) and mean time to respond (MTTR).

Build a continuous compliance framework, using automation to maintain real‑time audit readiness and demonstrate control effectiveness with minimal friction for product and engineering teams.

Embed security and privacy by design into the product development lifecycle, enabling rapid innovation while meeting and exceeding customer expectations.

Lead enterprise risk assessment programs and maintain a comprehensive risk register with clear mitigation strategies.

Develop a risk quantification program to translate technical risks into business impacts and inform data‑driven investment decisions for the executive team and board.

Act as a strategic business partner to the CEO, C‑suite, and board, using deep business acumen to align security with Flexential’s growth objectives.

Equip the sales and customer success teams to confidently communicate our security story, turning our security posture into a key enabler for winning and retaining enterprise customers.

Scale security culture throughout the organization by empowering all teams to own their security, moving from a centralized security gatekeeper model to a decentralized security enablement model.

Represent Flexential externally with customers, prospects, regulators, auditors, and industry organizations as a cybersecurity thought leader.

Build strategic relationships with peer CISOs, industry groups, and security vendor partners.

Build and mentor a high‑performing security organization that is structured for scale, leveraging automation and delegation to maximize impact and embed security ownership across engineering and product teams.

Cultivate an innovative and collaborative security culture that empowers the business to move fast securely, positioning the security team as an accelerator, not a roadblock.

Create psychological safety that allows teams to learn from setbacks and continuously improve.

Establish clear goals, performance metrics, and accountability frameworks aligned with organizational objectives.

Implement structured career development paths and succession planning within the security organization.

Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or related field.

10+ years of progressive experience in…