Chief Information Security Officer - Southern NH- Hybrid

This is a hybrid position, with 3 days per week in our Nashua, NH headquarters. 

Overview:

As a critical member of our leadership team, you will be responsible for protecting our digital assets, data confidentiality, ensuring compliance with cybersecurity regulations, and building a robust security infrastructure to prevent potential threats. The ideal candidate is an experienced cybersecurity leader with a strong background in information security, risk management, and a proven ability to lead cybersecurity teams.

We are targeting a strategic cybersecurity professional and a visionary seeking a challenging role where s/he can become a key player in protecting our organization's future. 

Objectives 

• Leading the development and implementation of the our information security strategy.
• Overseeing the protection of company data, intellectual property, and technology assets from cyber threats.
• Developing and enforcing security policies, procedures, and protocols that align with business goals and regulatory requirements.
• Identifying and mitigating security risks, ensuring the organisation remains resilient against emerging threats.
• Ensuring the company’s compliance with industry standards and regulations.
• Managing security audits, compliance assessments, incident response processes, and investigating security breaches.
• Collaborating with cross-functional teams to integrate security measures into the company’s IT and business operations.

Responsibilities:

• Enterprise Security Leadership: Own the overall security strategy for internal systems, networks, and data assets across the enterprise.

• MSP & Hosting Security: Design and enforce robust security controls for Managed IT and hosting services, ensuring compliance with industry and national standards and requirements.

• SaaS & Product Security: Support application and public cloud stack security for internal solutions, embedding “security by design,” and supporting DevSecOps cultural transformation.

• Cloud Security Architecture: Ensure secure architecture around integration between public cloud, private cloud, and IT systems.

• Champion and govern identity and access management (IAM), encryption standards, zero-trust frameworks, and secure DevOps practices.

• Lead efforts to harden APIs, integrations, and third-party connectors through audit and testing internal technology systems.

• Customer & Industry Engagement: Act as the company’s external security authority, engaging with customers, partners, and industry groups to represent as a thought leader in cybersecurity for accounting professionals.

• Partner with Sales and Customer Success to reassure large enterprises and key customers about data protection and continuity of service. Be a strong voice at the table on our behalf with our customers. Lead and listen, bringing industry perspective and expertise to the table.

• Partner with product engineering, infrastructure, and operations teams to integrate security practices into development pipelines. Identify areas of opportunity for our organization to improve.

• Governance, Risk & Compliance (GRC): Establish and lead the company’s GRC programs, policies, and risk management frameworks. Ensure adherence to applicable regulations and certifications.

• Security Incident Response & Resilience: Build and maintain robust security incident detection, response, and recovery plans; lead post-mortem analyses and continuous improvement initiatives.

• Security Operations & Monitoring: Oversee 24/7 security operations, including threat intelligence, vulnerability management, and monitoring of cloud and MSP environments.

• Lead Operations of Security Products and Systems: Oversee implementation of customer facing security solutions, including endpoint management and office management.

• Team Leadership: Build and mentor a high-performing security team, developing leadership capacity and instilling a culture of proactive risk management. Engage as a senior leader in our organization, mentoring engineering and infrastructure leaders, and contributing to enterprise architecture strategy.
  Develop, implement, and maintain a comprehensive security program that includes cyber defence, data protection, and security operations.

• Conduct risk assessments, identify vulnerabilities, and prioritise remediation efforts to reduce risk exposure.
• Oversee security incident detection, response, and recovery, ensuring swift mitigation of potential breaches.
• Manage the security architecture, tools, and technologies deployed across the organisation’s IT infrastructure.
• Coordinate with legal, compliance, and regulatory teams to ensure compliance with data protection laws, such as GDPR and HIPAA.
• Monitor security metrics and report on the organisation’s security posture to executive leadership.
• Lead security awareness training programs for employees to promote a culture of cybersecurity across the organisation.
• Stay updated on cybersecurity trends, technologies, and best practices to enhance security measures proactively.

Required skills and qualifications

• Bachelor’s degree in Information Security, Computer Science, or a related field.
• 10+ years of demonstrable experience as a Chief Information Security Officer or in a similar senior-level cybersecurity role.
• Extensive knowledge of information security principles, cybersecurity frameworks (e.g., NIST, ISO 27001), and risk management practices.
• Working knowledge of security auditing, vulnerability assessments, and risk mitigation.
• Experience with security technologies such as firewalls, intrusion detection systems, SIEMs, and encryption protocols.
• Solid knowledge of data privacy regulations and compliance requirements.
• Ability to develop and implement complex security strategies.
• Strong leadership and communication skills, with the ability to influence decision-making at the executive level.
• Strong analytical and problem-solving skills with a keen eye for identifying potential risks and vulnerabilities.
• Ability to manage a team of security professionals and work cross-functionally with IT, legal, and compliance teams.

Preferred skills and qualifications

• Master’s degree in Cybersecurity, IT, or related fields.
• Relevant certifications in cybersecurity, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA).
• Experience with cloud security and securing cloud infrastructure.
• Familiarity with incident management and disaster recovery planning.
• Knowledge of ethical hacking and penetration testing techniques.
• Background in regulatory compliance and data privacy laws in the industry.
• Hands-on experience with SIEM tools, firewalls, and intrusion detection systems.
• Expertise in secure software development and DevSecOps practices.
• Understanding of artificial intelligence and machine learning applications in security.