Job Description
Company: 911inform, LLC
Chief Information Security Officer (CISO) (includes ISSO responsibilities)
Location: Wall Township, NJ (Hybrid) | Reports to: CEO (dotted line to CFO for risk) | Clearance: U.S. Person required; Public Trust eligible
About the Role
911inform is hiring a Chief Information Security Officer (CISO) to lead our security, compliance, and risk program across our FedRAMP Moderate, SOC 2, and ISO 27001 environments. This is a player-coach role: the CISO sets strategy and personally owns ISSO-level execution until the program scales. You will be the executive accountable for the security of a SaaS platform protecting public-safety customers, with direct ownership of FedRAMP ConMon, board-level risk reporting, and the security roadmap.
Strategic / Executive Responsibilities
Security Strategy & Roadmap — Define and execute the multi-year security strategy aligned to 911inform’s FedRAMP Moderate authorization, customer commitments, and growth plans.
Executive & Board Reporting — Present security posture, risk register, and incident metrics to the CEO, CFO, and board; own cyber insurance renewal (currently trending to $10M+).
Risk Management — Own the enterprise risk register; ensure critical and accepted risks route to the CFO per internal policy.
Regulatory & Customer Assurance — Serve as the executive face of security for federal, state, and enterprise customers; lead responses to RFP security questionnaires and customer audits.
Program Leadership — Build and mentor the security function (starting with the ISSO role embedded in this position); set hiring plan as the program matures.
Incident Command — Serve as Incident Commander for Sev-1/Sev-2 security incidents; own external notifications, legal coordination, and post-incident reporting.
Vendor & M&A Diligence — Lead security diligence on strategic vendors, partners, and any acquisition/integration activity.
Budget Ownership — Own the security budget, tooling rationalization, and ROI justification.
ISSO / Hands-On Responsibilities (performed directly until backfilled)
Maintain the FedRAMP Moderate SSP, appendices, and supporting artifacts.
Run monthly ConMon: Tenable scans, POA&M updates, inventory, and significant change requests.
Drive POA&M remediation within FedRAMP timelines and document deviations.
Lead SOC 2 Type II and ISO 27001 audit cycles end-to-end, including evidence packaging.
Conduct or oversee quarterly access reviews across AWS GovCloud/Commercial, M365 GCC, MongoDB Atlas for Government, CrowdStrike, Tenable, Action1, Jira, and other in-boundary systems.
Maintain and exercise the Incident Response Plan; run annual tabletop exercises and document evidence.
Own third-party risk management: vendor onboarding, DPA/SLA review, risk register, and CFO routing for critical risks.
Author and maintain core security policies: Access Control, Privileged Access, Data Management, IR, Secure SDLC, Third-Party Management.
Oversee endpoint and vulnerability platforms (CrowdStrike, Tenable, Action1) — including coverage validation and agent troubleshooting escalations.
Approve and document annual penetration testing scope and remediation.
Required Qualifications
10+ years in information security, with 3+ years in a leadership role (CISO, Deputy CISO, Director of Security, or equivalent).
Demonstrated experience taking a SaaS product through FedRAMP Moderate (authorization or ConMon).
Deep working knowledge of NIST 800-53 Rev. 5, FedRAMP, SOC 2 Type II, ISO 27001, and CJIS (preferred for public safety).
Hands-on competence with AWS GovCloud + Commercial, Microsoft 365 GCC, and modern security tooling (EDR, SIEM, VM, GRC).
Proven ability to operate as a player-coach — comfortable writing an SSP narrative one hour and presenting to the board the next.
Excellent executive communication; able to translate technical risk into business language.
Preferred Qualifications
CISSP, CISM, or CCISO; additional certs (CCSP, CISA, CRISC) a plus.
Prior experience as an ISSO, ISSM, or FedRAMP program lead.
Experience with MongoDB Atlas for Government, CrowdStrike NGSIEM, Tenable, Action1, and Vanta.
Background in 9-1-1, public safety, telecom, or critical infrastructure SaaS.
Experience scaling a security team from 1 → 5+ FTEs.
Success in the First 12 Months
90 days: Full ownership of SSP, ConMon cadence, and POA&M; clean audit evidence pipeline.
6 months: SOC 2 Type II and ISO 27001 cycles delivered without material findings; cyber insurance renewed.
12 months: Security roadmap approved by exec team; ISSO backfill hired; measurable reduction in critical POA&M aging.
Benefits:
• Health insurance
• Paid time off
Work Location: In person
Source: Indeed