Chief Information Security Officer

The Company

Description: They're a B2B SaaS product that makes onboarding new customers and managing project delivery easier, through automations and agentic workflows.

Stage & proof points:

• 40+ employees
• PE-backed

‍

The Work Needed

Problem: Their product's surface area is expanding, including into AI/agentic territory, and so the security risk profile is expanding as well, beyond what the current team can credibly handle.

Specifically, you'll:

• Advise on data and security decisions as we build new product features (e.g. an MCP server)
• Manage policy updates, evidence gathering, and controls for our annual SOC 2 Type 2 audit
• Handle customer and prospect security questionnaires
• Conduct vendor security reviews
• Help build agentic workflows to handle security questionnaires, approvals, and reviews
• Run our quarterly security team meetings and annual tabletop exercise
• Act as a thought partner to our VP Engineering, COO, and others on the leadership team

We expect the engagement to start out closer to 15 hrs per week, but then likely taper down closer to 5 hrs per week over time.

‍

About You

You MUST have:

• Been a CISO or security leader for other B2B SaaS companies
• A deep understanding of how large regulated enterprises evaluate vendor security, so you can anticipate pushback
• Experience advising on security and data practices for AI products and features (agentic workflows, MCP servers, LLM sub-processing)
• Personally owned SOC 2 Type 2 audits end to end
• Experience at early or growth stage tech companies, not just large corporations
• Based in the USA or Canada only

Nice-to-haves:

• Any Salesforce experience
• You've automated security workflows using AI
• GDPR experience