Compare your current skills to what this opportunity needs—we'll show you what you already have and what could strengthen your application.
Job Description
Chief Information Security Officer (CISO) (includes ISSO responsibilities)
Location :
Wall Township, NJ (Hybrid) | Reports to : CEO (dotted line to CFO for risk) |
Clearance :
U.S. Person required; Public Trust eligible About the Role 911inform is hiring a Chief Information Security Officer (CISO) to lead our security, compliance, and risk program across our FedRAMP Moderate, SOC 2, and
ISO 27001
environments.
This is a player-coach role:
the CISO sets strategy and personally owns ISSO-level execution until the program scales. You will be the executive accountable for the security of a SaaS platform protecting public-safety customers, with direct ownership of FedRAMP ConMon, board-level risk reporting, and the security roadmap.
Strategic / Executive
Responsibilities Security Strategy & Roadmap — Define and execute the multi-year security strategy aligned to 911inform's FedRAMP Moderate authorization, customer commitments, and growth plans. Executive & Board Reporting — Present security posture, risk register, and incident metrics to the CEO, CFO, and board; own cyber insurance renewal (currently trending to $10M+). Risk Management — Own the enterprise risk register; ensure critical and accepted risks route to the CFO per internal policy. Regulatory & Customer Assurance — Serve as the executive face of security for federal, state, and enterprise customers; lead responses to RFP security questionnaires and customer audits. Program Leadership — Build and mentor the security function (starting with the ISSO role embedded in this position); set hiring plan as the program matures. Incident Command — Serve as Incident Commander for Sev-1/Sev-2 security incidents; own external notifications, legal coordination, and post-incident reporting. Vendor & M&A Diligence — Lead security diligence on strategic vendors, partners, and any acquisition/integration activity. Budget Ownership — Own the security budget, tooling rationalization, and ROI justification. ISSO / Hands-On Responsibilities (performed directly until backfilled) Maintain the FedRAMP Moderate SSP, appendices, and supporting artifacts. Run monthly
ConMon:
Tenable scans, POA&M updates, inventory, and significant change requests. Drive POA&M remediation within FedRAMP timelines and document deviations. Lead SOC 2 Type II and
ISO 27001
audit cycles end-to-end, including evidence packaging. Conduct or oversee quarterly access reviews across AWS GovCloud/Commercial, M365 GCC, MongoDB Atlas for Government, CrowdStrike, Tenable, Action1, Jira, and other in-boundary systems. Maintain and exercise the Incident Response Plan; run annual tabletop exercises and document evidence.
Own third-party risk management:
vendor onboarding, DPA/SLA review, risk register, and CFO routing for critical risks. Author and maintain core security policies: Access Control, Privileged Access, Data Management, IR, Secure SDLC, Third-Party Management. Oversee endpoint and vulnerability platforms (CrowdStrike, Tenable, Action1) — including coverage validation and agent troubleshooting escalations. Approve and document annual penetration testing scope and remediation. Required Qualifications 10+ years in information security, with 3+ years in a leadership role (CISO, Deputy CISO, Director of Security, or equivalent). Demonstrated experience taking a SaaS product through FedRAMP Moderate (authorization or ConMon). Deep working knowledge of
NIST 800-53
Rev. 5, Fed
RAMP, SOC 2
Type II, ISO 27001, and CJIS (preferred for public safety). Hands-on competence with AWS GovCloud + Commercial, Microsoft 365 GCC, and modern security tooling (EDR, SIEM, VM, GRC). Proven ability to operate as a player-coach — comfortable writing an SSP narrative one hour and presenting to the board the next. Excellent executive communication; able to translate technical risk into business language. Preferred Qualifications CISSP, CISM, or CCISO; additional certs (CCSP, CISA, CRISC) a plus. Prior experience as an ISSO, ISSM, or FedRAMP program lead. Experience with MongoDB Atlas for Government, CrowdStrike NGSIEM, Tenable, Action1, and Vanta. Background in 9-1-1, public safety, telecom, or critical infrastructure SaaS. Experience scaling a security team from 1 → 5+ FTEs. Success in the First 12 Months 90 days: Full ownership of SSP, ConMon cadence, and POA&M; clean audit evidence pipeline. 6 months: SOC 2 Type II and
ISO 27001
cycles delivered without material findings; cyber insurance renewed. 12 months: Security roadmap approved by exec team; ISSO backfill hired; measurable reduction in critical POA&M aging.
