Chief Information Security Officer (CISO)
Role details
Job location
Tech stack
Job description
The CISO is a senior technology leader responsible for Illumia's enterprise-wide information security strategy, program, and culture. Reporting to the CTO, this role serves as the company's top security leader - translating cyber risk into business language, protecting customer and institutional data, enabling compliant product growth, and building a world-class security organization.
This is both a transformation and leadership role. The CISO will unify two legacy security programs (Transact and CBORD) into a single, cohesive operating model while maintaining continuous compliance and operational readiness. The ideal candidate thrives in complex, multi-product SaaS environments, understands how security is evolving in an AI-first world, and can operate confidently in the boardroom while remaining deeply trusted by engineering and product teams.
Security Program
Illumia follows NIST's cybersecurity framework and maintains a public Security and Trust Center (trustcenter.illumiatech.com). Current certifications and compliance posture include:
- SOC 2 Type I and Type II (including SOC 2+ HITRUST Type II for healthcare products)
- PCI DSS v4.0.1 across multiple product lines; listed on Visa's Global Registry of Service Providers
- TX-RAMP and GovRAMP authorizations
- HIPAA Security Compliance for healthcare products
The CISO will inherit this foundation and be expected to evaluate, evolve, and unify it into a single enterprise-class security operation., * Define and evolve a multi-year enterprise security roadmap across all three business units, aligned to business objectives and risk appetite
- Serve as primary security advisor to the executive leadership team and primary security liaison to Roper Technologies
- Lead the unification of security programs, toolsets, and policies inherited from Transact and CBORD
- Lead Security Operations, GRC, Application Security, and Cloud Security functions
- Own SOC 2, PCI DSS, HITRUST, TX-RAMP, GovRAMP, FERPA, and HIPAA compliance programs
- Secure SaaS platforms and cloud environments through secure SDLC, vulnerability management, and penetration testing programs
- Partner with Engineering and Product to embed security by design without impeding delivery velocity
- Establish AI security governance to manage AI tool adoption and AI-specific risks across the organization
- Lead or manage security operations (SIEM, EDR, XDR, threat intelligence) through in-house, MSSP, or hybrid models
- Own the incident response program and business continuity / disaster recovery testing
- Oversee corporate IT security including endpoint protection, patch management, and identity hygiene
- Establish cross-business unit security governance to drive consistency while accommodating domain-specific requirements
- Recruit, develop, and retain a high-performing security team; manage external vendors, MSSPs, and auditors
- Maintain and evolve the public Security and Trust Center, Remote-friendly with regular travel expectations. Illumia's teams are distributed across Atlanta, GA; Phoenix, AZ; Ithaca, NY; and international offices in Australia, Ireland, and India. Quarterly on-site engagement, incident response availability, and participation in Roper Technologies events (including the annual Cyber Summit) are expected.
Requirements
- 12+ years in information security, with 4+ years as CISO, Deputy CISO, or VP of Security
- Proven leadership at a B2B SaaS or cloud-native company; experience scaling security through mergers, acquisitions, or platform consolidation
- Deep expertise in cloud security architecture (AWS, Azure, and/or GCP), secure SDLC, and modern threat detection and response
- Hands-on leadership of SOC 2 Type II and PCI DSS audits; PCI Level 1 experience strongly valued. HITRUST, GovRAMP, or TX-RAMP experience is a plus
- Experience with FERPA, HIPAA, or other education and healthcare regulatory frameworks
- Demonstrated ability to communicate security risk to non-technical executives, boards, and parent company leadership
- Track record building and scaling security teams, including organizational design and vendor management
- Experience in a portfolio company or PE-backed environment is a plus
Education and Certifications
- Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or related field required; Master's or MBA preferred
- CISSP, CISM, CCSP, CISA, CRISC, or CCISO strongly preferred
Security Technology Experience
Experience with modern security platforms across cloud security (Wiz, Prisma Cloud, or equivalent), endpoint/XDR (CrowdStrike, SentinelOne, or equivalent), SIEM/SOAR, identity/IAM, application security (SAST/DAST), GRC automation, and patch management. Familiarity with AI security governance tools and Zero Trust architecture frameworks preferred., We hire and develop people who are humble, hungry, and smart - and we hold our leaders to the highest standard across all three.
- Humble: They lack excessive ego or concerns about status
- Hungry: They are always looking for more - more things to do, more to learn, more responsibility to take on
- Smart: They have common sense about people, dealing with others in the most effective way, and picking up on the needs and feelings of others
Core Competencies
- Executive presence with the ability to build trust at the C-suite level, with parent company leadership, and across business units
- Strong business acumen - understands how security decisions impact revenue, customer trust, and institutional relationships
- Exceptional communication: able to explain complex security concepts in plain language to diverse audiences
- Collaborative leader who can influence without authority and build bridges across security, engineering, product, legal, and sales
- Resilient under pressure with sound judgment in high-stakes incident scenarios
- Comfortable operating in a post-merger environment where ambiguity is high and organizational norms are still being established
Benefits & conditions
Illumia offers a competitive executive compensation package including base salary, performance-based incentive, and comprehensive benefits. Compensation will be discussed in detail during the recruitment process and will reflect the scope of the role, individual qualifications, and market data.
