Ciso

Summary

Join Alpine Software Group as their Chief Information Security Officer (CISO)! In this key leadership role, you will develop and lead cybersecurity strategies across a diverse portfolio of companies. You will mentor OpCo leaders, drive security best practices, and ensure compliance with relevant regulations. Responsibilities include risk management, security assessments, incident response, and vendor management. Success requires extensive experience in information security, strong leadership skills, and expertise in various compliance frameworks. You will be a strategic thinker, balancing long-term goals with short-term needs, and possess exceptional communication skills to interact with both technical and non-technical stakeholders.

Requirements

• Proven Leadership & Influence: You have 10+ years of experience in information security, with a strong background in influencing and leading security initiatives across multiple teams, organizations, or business units. You excel at working through influence rather than direct authority
• Strategic and Tactical Security Expertise: You bring deep expertise in cybersecurity strategy, risk management, compliance, and incident response. You can balance long-term strategic goals with short-term operational needs
• Experience with a Diverse Portfolio: You have experience managing or advising across a portfolio of companies, preferably within a private equity or multi-entity organization structure, and understand the complexities and nuances of driving security across a wide range of industries and cultures
• Strong Knowledge of Compliance & Regulatory Frameworks: You are well-versed in major cybersecurity standards and regulations (SOC 2, PCI DSS, HIPAA, GDPR, CCPA, etc.), and have experience guiding organizations through compliance initiatives and audits
• Technical and Practical Security Skills: You have a solid understanding of application security, secure coding practices, penetration testing, and vulnerability management and can lead vendors and OpCos in driving vulnerabilities to resolution
• Cloud Security Expertise: You understand cloud vulnerabilities and have experience in leading resources working on cloud security and governance for a range of cloud platforms
• Exceptional Communication Skills: You have excellent written and verbal communication skills, and you can effectively communicate complex security concepts to both technical and non-technical stakeholders, including executive leadership, investors, and boards of directors. You are able to make a team of executives across our portfolio and feel like your Team One, yet are also able to shift gears and work with technical resources
• Security Certifications: You hold relevant certifications, such as CISSP, CISM, CISA, OSCP, or equivalent, and you are committed to continuous learning and professional development
• Problem Solver: You thrive in a fast-paced, dynamic environment, and are known for your ability to analyze complex security challenges and implement practical, effective solutions

Responsibilities

• Develop and Lead Cybersecurity Strategy: Work with executive leadership and portfolio companies to create a cybersecurity vision, strategy, and roadmap that protects OpCo value effectively
• Security Program Oversight and Mentorship: Serve as a trusted advisor to OpCo leaders, helping to develop and refine their security strategies. Provide recommendations for enhancing security posture through process, technology, and policy improvements
• Drive Security Best Practices: Promote shift-left security practices across all OpCos, including secure coding, on-prem and cloud infrastructure security, and incident response protocols through awareness training, partnerships, and direct support
• Compliance Initiatives : Lead the coordination and implementation of compliance initiatives (e.g., SOC 2, PCI-DSS, HIPAA, GDPR) across the portfolio. Assist OpCos with preparing for audits and ensuring ongoing compliance with relevant regulations and standards.  Support OpCos in third-party assessment engagements and follow-up remediation
• Risk Management & Security Assessments: Lead security risk assessments across the OpCos. Help identify vulnerabilities, prioritize risks, and design action plans for mitigating security gaps. Encourage OpCos to adopt a consistent risk management framework
• Application Security & Penetration Testing: Coordinate regular application security testing (AppSec) and penetration testing across all OpCos, ensuring secure coding practices and continuous improvement in the security of web, mobile, and API applications. Provide or contract qualified assistance in remediating critical application security vulnerabilities
• Incident Response & Crisis Management: Provide leadership and support during security incidents across the OpCos, ensuring effective coordination, root cause analysis, and remediation. Support and improve upon our portfolio-wide incident response process
• Security Awareness & Training: Champion security awareness across the portfolio by facilitating regular training programs and resources on security best practices, regulatory requirements, and emerging threats
• Security Vendor Management: Oversee relationships with security vendors, ensuring that each OpCo receives the appropriate tools and services to maintain a secure environment. Assist with the evaluation and selection of security solutions across the portfolio
• Cloud Security Governance: Provide strategic guidance on cloud security best practices, governance, and risk management to OpCo teams managing cloud environments (AWS, Azure, GCP)
• Executive Reporting & Communication: Regularly report to HoldCo leadership on the security posture across the portfolio. Provide clear, actionable insights for executives and boards, including status on compliance initiatives, risk assessments, and security upgrades
• Drive Growth Through Security: Be passionate and creating about helping the OpCos leverage security to support business growth. Ensure security processes do not hinder innovation and are supportive of transformational technology