Chief Information Security Officer (CISO)

The Role Optery is seeking a hands-on, entrepreneurial CISO to lead and extend our security program end-to-end. This is a hands-on builder role for someone who not only sets the strategy, but also executes the plan, manages controls, reviews data, and interacts directly with employees, customers and auditors. You will partner closely with company leadership to advance our security, privacy, compliance, and controls programs. Optery's security program is already well-established, having successfully completed its SOC 2 security audits every year since 2022 through to today. You will be responsible for policies, risk, security operations, third-party/vendor security, application/product security, incident response, and supporting customer/security questionnaires. You will also be the internal champion for securing the organization and its people, customers, systems, and processes. Key Responsibilities • Own Optery's information security strategy, roadmap, and policies, aligned to our industry-leading security and privacy products • Lead and extend Optery's security program mapped to common frameworks (SOC 2, ISO 27001, CIS, NIST), appropriate for a high-growth, remote-first company • Partner with engineering to embed secure SDLC practices: threat modeling, code scanning, secrets management, access controls, and secure cloud configuration • Design and run an incident response program, including playbooks for data handling, data broker interactions, ransomware/social engineering scenarios, and customer notifications • Oversee identity and access management across core systems (SaaS, cloud, data, admin apps) following least-privilege principles • Lead vendor and third-party security reviews, especially for data- or privacy-impacting services • Partner with GTM, finance, ops, and sales to complete security questionnaires, DPAs, and customer diligence to unblock deals • Work with product/legal to ensure our data flows and retention/erasure practices align with CCPA, GDPR, and other consumer privacy laws we help our customers exercise • Define, track, and report security KPIs/KRIs to leadership and the board • Train and evangelize security practices across a distributed team so security is part of onboarding and day-to-day work Qualifications • 8+ years in information security, with increasing ownership across GRC, security engineering, and/or product/app security • Experience building or maturing a security program at a SaaS, data, cybersecurity, or privacy-focused company • Practical experience with SOC 2 and/or ISO 27001 (authoring policies, gathering evidence, working with auditors, driving remediation) • Strong understanding of cloud security (preferably AWS): networking, IAM, secret management, logging/monitoring • Comfortable meeting with customers, prospects, and partners to explain Optery's security posture and win trust • Excellent written and verbal communication skills; able to write policies people can actually follow • Startup-friendly mindset: willing to prioritize, right-size controls, and make progress quickly Nice to have • Experience at a company that handles PII • Experience securing distributed/remote teams and mixed contractor/employee environments • Background in data protection technologies (DLP, EDR, MDM, SSO, CASB) and how to roll them out in stages • Experience supporting enterprise sales cycles by answering security questionnaires • Recognized thought leader in security, fluent public speaker, and active participant in public-facing security communities and conferences Location Optery is a fully remote global team. This role is based in the United States and requires working U.S. business hours (Eastern, Central, Mountain, or Pacific). Compensation and Benefits • Base Salary: $200,000 - $220,000 • Equity Grant • Health, dental, and vision insurance • 401(k) with employer match • Paid time off • Home office stipend Equal Opportunity Optery values diversity and is an equal opportunity employer. We do not discriminate on the basis of race, color, religion, sex (including pregnancy and gender identity), national origin, sexual orientation, marital status, disability, genetic information, age, parental status, military service, or any other non-merit factor.