Chief Information Security Officer (CISO)

Bitsight is a cyber risk management leader transforming how companies manage exposure, performance, and risk for themselves and their third parties. Companies rely on Bitsight to prioritize their cybersecurity investments, build greater trust within their ecosystem, and reduce their chances of financial loss.
Built on over a decade of technological innovation, its integrated solutions deliver value across enterprise security performance, digital supply chains, cyber insurance, and data analysis.

• We invented the cyber ratings industry in 2011
• Over 3000 customers trust Bitsight
• Over 750 teammates are dispersed throughout Boston, Raleigh, New York, Lisbon, Singapore, and remote

Reports to: CFO, and serves as a key advisor to the CEO with regular engagement with Audit & Risk Committee, and Board of Directors on enterprise risk and cybersecurity posture.

Direct Partners: CTO, CPO, Head of Marketing, Head of People

We are seeking a strategic, operationally rigorous, and commercially engaged CISO who views security not as a cost center, but as a product differentiator and a catalyst for global trust. You will protect our enterprise value by securing our global infrastructure, while simultaneously building enterprise value by acting as a peer-level advisor to our customers, influencing our product roadmap, and defining how AI transforms cyber risk management.

Bitsight is seeking a Chief Information Security Officer to lead and evolve our global security program. This role is both inward-facing and outward-facing, requiring a leader who can balance internal enterprise defense with external market influence.

• Internal Defense & Cross-Functional Partnership: You will be responsible for protecting Bitsight's internal systems, infrastructure, employees, products, and data. You will partner closely with executive leadership, Product, Engineering, Legal, IT, GRC, People, and customer-facing teams to continuously strengthen our security posture.

• Market Voice & Customer Trust: You will serve as a trusted security voice with customers, partners, analysts, media, and the broader cybersecurity community.

• AI-Powered Risk Strategy: Combining deep technical and operational security expertise with strong business acumen and executive presence, you will play a critical role in shaping Bitsight's perspective on how organizations can understand, measure, and reduce cyber risk in an environment increasingly influenced by AI-driven threats.

• Modern Defense: Oversee security across endpoints, IAM, cloud infrastructure (AWS/Azure), SaaS applications, and data protection programs. Lead incident response, threat detection, and vulnerability management.

• AI-Native Security: Ensure our program keeps pace with a rapidly changing threat landscape, including AI-assisted phishing, GenAI attacks, and automated reconnaissance. Enable secure and responsible adoption of AI across the enterprise, balancing innovation velocity with appropriate governance, risk management, and protection of proprietary data assets. Define governance for secure enterprise AI adoption, including protecting proprietary datasets and responsible internal AI usage.

• Secure-by-Design: Drive security architecture practices in close partnership with Engineering, Product, and Product Security teams.

• Operational Resilience: Lead enterprise risk assessments, mitigation planning, third-party risk, and business continuity initiatives.

• Cross-Functional Execution: Partner closely with Engineering, Product, IT, Legal, GRC, People, Finance, and Go-To-Market teams to operationalize security initiatives across the business.

• Strategic Customer Engagement: Serve as an executive security sponsor in high-value customer, prospect, partner, and renewal conversations. Support customer trust initiatives, security reviews, audits, and executive briefings.

• Product & Research Alignment: Partner with Product and Research teams to inform Bitsight's strategy around AI-powered cyber risk, emerging threat behaviors, and how customers can better understand and manage exposure in a changing threat environment.

• Executive Advisory: Translate complex technical telemetry and AI-driven threats into clear business risk, options, and actionable guidance for the CEO, CFO, and Board.

• Program Maturity: Establish security KPIs, metrics, and reporting frameworks to measure program effectiveness, operational maturity, and business impact.

• Compliance & Governance: Partner closely with Legal, Privacy, and GRC to ensure rigorous adherence to SOC 2, ISO 27001, NIST, privacy obligations, and emerging global AI regulations.

• Market Voice & Ambassadorship: Serve as one of the public faces of Bitsight's security and AI strategy, representing the company with customers, analysts, industry groups, regulators, and media.

• Industry Dialogue: Influence market understanding of how organizations can defend against AI-powered risks through better measurement, governance, prioritization, and continuous risk visibility.

• Ecosystem Relationships & Thought Leadership: Build strategic relationships with fellow security leaders, analysts, regulators, and partners across the cybersecurity ecosystem.

• Extensive Security Leadership: 10+ years of experience in cybersecurity, information security, or risk management, including 5+ years leading enterprise, corporate, or product-adjacent security organizations in high-growth SaaS, cloud, technology, or cybersecurity companies.

• Program Scaling & Maturation: Proven experience building, scaling, and maturing modern security programs across cloud-native, data-rich, and globally distributed environments.

• Technical & Threat Leadership: A deep, hands-on background in modern cloud-native security including: IAM, incident response, DLP, and vulnerability management. This combined with an expert-level understanding of the evolving threat landscape, specifically AI-enabled risks such as GenAI attacks and automated reconnaissance. You bring this technical rigor together with the strategic pragmatism required to balance strict security priorities against operational realities, customer needs, and business growth.

• Compliance & Governance: Strong, practical experience with compliance and governance frameworks, including SOC 2, ISO 27001, NIST, and related standards.

• Boston Presence: Ability to be in our Boston headquarters regularly to collaborate with the executive team and lead the local security culture.

• Leadership, Culture & Presence: An exceptional communicator with sound judgment and the ability to serve as a steady hand during crises, combined with a deep commitment to mentorship, cross-functional collaboration, and driving a robust security culture at scale.

• Risk Translation & Strategic Focus: The ability to translate complex technical risks-including AI-driven threats-into clear business impact, options, tradeoffs, and actionable guidance. Contributes credibly to product, market, and thought leadership discussions without losing focus on day-to-day operational security execution.

• Market Instincts & Intellectual Curiosity: A student of how LLMs and automation are changing the adversary's playbook. Leverages this curiosity alongside strong customer-facing instincts to build trust with sophisticated security, risk, and executive buyers.

At Bitsight, you'll have the opportunity to shape the future of cybersecurity and cyber risk management while working alongside industry-leading experts. This role offers the chance to lead and mature Bitsight's internal security program while also influencing customers, partners, and the broader market. As CISO, you will help protect Bitsight, strengthen customer trust, and advance the industry's understanding of cyber risk in a world increasingly shaped by AI-enabled threats.

Belonging & Inclusion. Bitsight is proud to be an equal opportunity employer. This means we do not tolerate discrimination of any kind and are committed to providing equal employment opportunities regardless of your gender identity, race, nationality, religion, sexual orientation, status as a protected veteran, or status as an individual with a disability.

Culture. We put our people first. Bitsight offers best in class benefits. We devote the same energy to nurturing our company's inclusive culture as we apply to serving our customers' needs. Working at Bitsight will give you the opportunity to fulfill your professional goals and expand your skills.

Open-minded. If you got to this point, we hope you're feeling excited about the job description you just read. Even if you don't feel that you meet every single requirement, we still encourage you to apply. We're eager to meet people that believe in Bitsight's mission and can contribute to our team in a variety of ways.

Bitsight also provides reasonable accommodations to qualified individuals with disabilities or based on a sincerely held religious belief in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email recruiting@bitsight.com. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.

Additional Information for United States of America Applicants:

Bitsight is committed to compliance with all fair employment practices regarding citizenship and immigration status.

Bitsight will not discharge, discipline or in any other manner discriminate against any employee or applicant for employment because such employee or applicant has inquired about, discussed, or disclosed the compensation of the employee or applicant or another employee or applicant.

Massachusetts Applicants: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

Qualified applicants with criminal histories will be considered for employment consistent with applicable law.

This position may be considered a promotional opportunity pursuant to the Colorado Equal Pay for Equal Work Act.

The anticipated hiring base salary range for this position is US $280,000 to $375,000 annually for US-based employees. This range reflects the minimum and maximum target for new hire salaries for the position across all US locations, is based on a full-time work schedule, and is Bitsight's good faith estimate as of the date of this posting. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.In addition to base salary, this role is eligible for participation in a bonus or commission plan and an equity grant. Bitsight also offers a competitive benefits package, including but not but limited to medical, dental, and vision insurance; paid parental leave; flexible time off; a 401(k) plan with employee and company contribution opportunities; life and disability insurance; and tuition reimbursement.