Chief Information Security Officer

About Keyfactor  Our mission is to securely connect the world: humans, machines, and AI. Keyfactor is the leader in trust infrastructure for AI and machines, helping the world's largest enterprises and government agencies take control of the cryptographic identities that safeguard every digital interaction. Behind the platform is a global team of people who care deeply about the work and each other. We move fast, think big, and show up for one another every day. If you're looking for work that matters and a team that brings out your best, we hope you'll trust your future with Keyfactor! Title: Chief Information Security Officer Location: United States; Remote, EST Experience:   Executive Job Function: Executive Employment Type: Full-time Industry: Computer and Network Security About the position The Chief Information Security Officer (CISO) is responsible for defining and executing Keyfactor’s enterprise-wide security strategy to safeguard customer data, product integrity, and corporate assets,. This role provides strategic leadership in building and maintaining a robust internal security posture, encompassing governance, risk management, compliance, and secure operations, while also serving as the external face of security to customers, partners, and regulators. The CISO ensures that Keyfactor’s security practices inspire confidence, support business growth, and maintain industry-leading standards in digital trust and identity management. Applicants must be legally authorized to work in the United States. Responsibilities Strategic Leadership Develop and implement a comprehensive enterprise security strategy that protects internal systems, operations, and corporate assets while reinforcing customer trust externally. Serve as the executive authority on information security, risk management, and security compliance, ensuring alignment with corporate objectives and regulatory requirements. Collaborate with product, engineering, and business teams to embed security design principles and practices across all Keyfactor offerings. Represent Keyfactor externally to customers, partners, industry forums, and regulators to strengthen trust, demonstrate compliance, and communicate security commitments. Security Operations and Governance Lead enterprise security operations, including threat detection, incident response, vulnerability management, and proactive risk mitigation. Maintain and continuously improve the Information Security Management System (ISMS), driving adherence to ISO 27001, SOC 2, FedRAMP, and emerging standards such as ISO 42001 for AI. Define and enforce security policies, procedures, and standards that ensure both internal resilience and external assurance for clients and partners. Risk Management and Compliance Conduct enterprise-wide risk assessments, audits, and reviews to identify, quantify, and mitigate security threats internally and across customer-facing services. Partner with Compliance and Legal teams to maintain adherence to global data protection, privacy, and regulatory standards (e.g., GDPR, CCPA, FedRAMP, AI). Act as the executive sponsor for security certifications, audits, and customer assurance initiatives that validate Keyfactor’s external trust posture. Provide Keyfactor senior leadership periodic assessments on current and emerging threats and the organizations posture to remediate those threats. Ensure that Keyfactor’s corporate security training and awareness program is optimized to engage employees and improve security culture. Product Security and Customer Assurance Collaborate with product and engineering teams to integrate security into the full product lifecycle, including design, development, deployment, and maintenance. Champion secure software development practices, cryptographic innovation, and identity management solutions that protect customer data and enhance trust. Serve as the point of contact for customers and partners regarding security concerns, audits, and assurance programs, strengthening Keyfactor’s reputation as a trusted provider. Leadership and Team Development Build, lead, and mentor a high-performing global security organization focused on both internal protection and external assurance. Establish clear objectives, performance metrics, and professional development pathways for security, risk, and compliance teams. Foster a culture of proactive risk management, operational excellence, and cross-functional collaboration. Minimum Qualifications, Education, and Skills Extensive experience (approximately 15+ years) in information security, including senior leadership or CISO-level roles. Deep expertise in cryptography, PKI, identity management, cloud security, and enterprise security architecture. Demonstrated experience leading enterprise security strategy in SaaS or cloud-native organizations. Strong knowledge of regulatory and compliance frameworks, including ISO 27001, SOC 2, FedRAMP, GDPR, and emerging AI governance standards. Proven ability to communicate complex security concepts to executives, boards, customers, and regulators. Exceptional leadership, collaboration, and strategic planning skills. Travel Requirements Up to 40% travel required. Compensation Salary will be commensurate with experience.   Culture, Career Opportunities and Benefits  We build teams that continually strive to get better than the day before. You will be challenged daily and given opportunities to grow personally and professionally. We balance autonomy and structure to create an entrepreneurial environment to spur creativity and new ideas.   Here are just some of the initiatives that make our culture special:    Second Fridays (a company-wide day off on the second Friday of every month minus November and December due to the Holiday schedule). Please note that this benefit is subject to change. Comprehensive benefit coverage globally. Generous