Chief Information Security Officer (CISO) (includes ISSO responsibilities)

June 19, 2026

Job Description

Company: 911inform, LLC

Chief Information Security Officer (CISO) (includes ISSO responsibilities)

Location: Wall Township, NJ (Hybrid) | Reports to: CEO (dotted line to CFO for risk) | Clearance: U.S. Person required; Public Trust eligible

About the Role

911inform is hiring a Chief Information Security Officer (CISO) to lead our security, compliance, and risk program across our FedRAMP Moderate, SOC 2, and ISO 27001 environments. This is a player-coach role: the CISO sets strategy and personally owns ISSO-level execution until the program scales. You will be the executive accountable for the security of a SaaS platform protecting public-safety customers, with direct ownership of FedRAMP ConMon, board-level risk reporting, and the security roadmap.

Strategic / Executive Responsibilities

Security Strategy & Roadmap — Define and execute the multi-year security strategy aligned to 911inform’s FedRAMP Moderate authorization, customer commitments, and growth plans.

Executive & Board Reporting — Present security posture, risk register, and incident metrics to the CEO, CFO, and board; own cyber insurance renewal (currently trending to $10M+).

Risk Management — Own the enterprise risk register; ensure critical and accepted risks route to the CFO per internal policy.

Regulatory & Customer Assurance — Serve as the executive face of security for federal, state, and enterprise customers; lead responses to RFP security questionnaires and customer audits.

Program Leadership — Build and mentor the security function (starting with the ISSO role embedded in this position); set hiring plan as the program matures.

Incident Command — Serve as Incident Commander for Sev-1/Sev-2 security incidents; own external notifications, legal coordination, and post-incident reporting.

Vendor & M&A Diligence — Lead security diligence on strategic vendors, partners, and any acquisition/integration activity.

Budget Ownership — Own the security budget, tooling rationalization, and ROI justification.

ISSO / Hands-On Responsibilities (performed directly until backfilled)

Maintain the FedRAMP Moderate SSP, appendices, and supporting artifacts.

Run monthly ConMon: Tenable scans, POA&M updates, inventory, and significant change requests.

Drive POA&M remediation within FedRAMP timelines and document deviations.

Lead SOC 2 Type II and ISO 27001 audit cycles end-to-end, including evidence packaging.

Conduct or oversee quarterly access reviews across AWS GovCloud/Commercial, M365 GCC, MongoDB Atlas for Government, CrowdStrike, Tenable, Action1, Jira, and other in-boundary systems.

Maintain and exercise the Incident Response Plan; run annual tabletop exercises and document evidence.

Own third-party risk management: vendor onboarding, DPA/SLA review, risk register, and CFO routing for critical risks.

Author and maintain core security policies: Access Control, Privileged Access, Data Management, IR, Secure SDLC, Third-Party Management.

Oversee endpoint and vulnerability platforms (CrowdStrike, Tenable, Action1) — including coverage validation and agent troubleshooting escalations.

Approve and document annual penetration testing scope and remediation.

Required Qualifications

10+ years in information security, with 3+ years in a leadership role (CISO, Deputy CISO, Director of Security, or equivalent).

Demonstrated experience taking a SaaS product through FedRAMP Moderate (authorization or ConMon).

Deep working knowledge of NIST 800-53 Rev. 5, FedRAMP, SOC 2 Type II, ISO 27001, and CJIS (preferred for public safety).

Hands-on competence with AWS GovCloud + Commercial, Microsoft 365 GCC, and modern security tooling (EDR, SIEM, VM, GRC).

Proven ability to operate as a player-coach — comfortable writing an SSP narrative one hour and presenting to the board the next.

Excellent executive communication; able to translate technical risk into business language.

Preferred Qualifications

CISSP, CISM, or CCISO; additional certs (CCSP, CISA, CRISC) a plus.

Prior experience as an ISSO, ISSM, or FedRAMP program lead.

Experience with MongoDB Atlas for Government, CrowdStrike NGSIEM, Tenable, Action1, and Vanta.

Background in 9-1-1, public safety, telecom, or critical infrastructure SaaS.

Experience scaling a security team from 1 → 5+ FTEs.

Success in the First 12 Months

90 days: Full ownership of SSP, ConMon cadence, and POA&M; clean audit evidence pipeline.

6 months: SOC 2 Type II and ISO 27001 cycles delivered without material findings; cyber insurance renewed.

12 months: Security roadmap approved by exec team; ISSO backfill hired; measurable reduction in critical POA&M aging.

Benefits:

• Health insurance

• Paid time off

Work Location: In person

Source: Indeed