4,036 Security Chief jobs in the United States

Chief Information Security Officer

City of Dubuque

1 Positions

ID: 70038

Posted On 06/04/2025

Refreshed On 07/05/2025

Job Overview

Position Summary

GENERAL SUMMARY: The Chief Information Security Officer (CISO) is responsible for developing and implementing a strategic technology security program for the City of Dubuque and managing the security of our technology-related physical and digital assets; and for ensuring that the city and its subcontractors implement industry best practice policies, procedures and practices that address physical security, cyber security, data privacy and protection, as well as compliance with relevant laws and regulations. The CISO will plan, implement, upgrade and monitor security measures for the protection of computer networks and information; assess system vulnerabilities for security risks and propose and implement risk mitigation strategies; ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure; respond to computer security breaches and viruses; and perform other duties as assigned.

The CISO provides thought leadership in conjunction with engagement in industry and government forums; collaborates with state and federal cyber security experts and practitioners; and reviews contracts with third parties for appropriate security language, including data privacy and protection language required by state and federal laws.

The successful candidate should be able to foster a culture of physical and cyber security awareness that drives behavioral changes within the organization. The CISO should have excellent analytical skills and the ability to minimize risk to ensure the physical safety and integrity of personnel and organization information.

DISTINGUISGHING FEATURES OF THE CLASS: Work in this class involves application of knowledge providing vision, leadership, oversight and management of technology-related physical and cyber security policies, procedures, and practices. Duties include overseeing the security of systems, networks, data and end user devices; being in charge of application of standards, policies and security risk assessments, and supervising incident investigations.

Job Duties

JOB DUTIES:

• Build a comprehensive security program including physical safety and cybersecurity policies with consideration of business and legal requirements, risk (likelihood and impact) and criticality; and build consensus among stakeholders.

• Develop, maintain and enforce physical and cyber security policies and practices designed to protect sensitive data assets, ensure data privacy and comply with laws and regulations including the Federal Information Security Management Act (FISMA), Payment Card Industry (PCI), the Criminal Justice Information System (CJIS) and other applicable privacy laws.

• Review existing security measures incident response plans and update protocols.

• Oversight of contractors, outsourcers, consultants, sub-contractors and “as a service” vendors including managed security services, infrastructure engineering, operations, desktop support and software development ensuring compliance with laws and regulations.

• Serve as the compliance officer ensuring technology solutions adhere to best practices and meet security requirements, including Software-as-a Service (SaaS) contracts, Infrastructure-as-a-Service (IaaS) contracts, Platform-as-a-Service (PaaS) contracts and customized software development solutions. Review requests for proposals, requests for information and contracts for technology data and physical security requirements with approval/modification responsibilities.

• Develop, maintain and manage a third-party security assessment program for key vendor relationship and third-party providers.

• Oversee the daily operations of the city to identify potential technology security risks and room for improvements.

• Foster a culture of physical and digital security awareness

• Conduct training sessions and communicate with personnel.

• Manage, evaluate and resolve technology-related physical or digital security incidents or breaches.

• Lead implementation of an incident response plan if an incident occurs including work with cyber-insurance and forensic partners.

• Ensure technology-related security policies comply with federal laws and legislations.

• Present risk assessments and improved technology-related security policies to management team members.

• Work with management to develop and implement a budget for security programs.

• Update knowledge about emerging industry or technology trends.

• Coordinate project activities with other personnel or departments.

• Takes part in after-hours scheduled on-call

• Takes part in monthly maintenance responsibilities for the city’s technology

KNOWLEDGE, SKILLS, AND ABILITIES

• Computers and Electronics Security - Knowledge of current physical and logical security issues and best practices in datacenter infrastructure, networks, end user computing and applications. Knowledge of the cloud computing industry, including Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS), including the security and privacy issues associated with using cloud infrastructure. Knowledge of processors, chips, electronic equipment, and computer hardware and software, including applications and programming. Knowledge and experience in the policy and regulatory environment of information security in government. Ability to translate security and privacy standards to policy, administration, and compliance/incident response activities.

• Business Administration - Project management, written and oral communication skills. Knowledge of business principles involved in strategic planning, resource allocation, leadership technique and coordination of resources. Ability to gather information and complete Service Auditor Reports. Planning and task management skills. Ability to manage and assure successful delivery from outsourced third-party security and infrastructure providers.

• Telecommunications - Knowledge of transmission, broadcasting, switching, control, and operation of telecommunications systems.

• Engineering and Technology - Knowledge of the practical application of engineering science and technology including applying principles, techniques, procedures, and equipment to the design and production of various services.

• Customer Service - Knowledge of principles and processes for providing customer service including customer needs assessment, meeting quality standards for services, and evaluation of customer satisfaction. Ability to work in collaboration with a variety of stakeholders to identify and discuss issues.

Qualifications

Minimum Qualifications

• Bachelor’s degree in information security, privacy, or compliance.

• Industry Security Certification such as a valid and current CISSP, CISA or CISM certification.

• Minimum of 7 years of experience in managing information security programs, information technology or related field in accordance with standards from the National Institute of Standards and Technology (NIST) and the Federal Information Processing Standards (FIPS).

• Or an equivalent combination of education and experience,

Preferred Qualifications

• Advanced degree in information security, privacy, or compliance.

• Additional certifications in CAP (FISMA), PCI QSA, CSA CCSK (Cloud) or ISO 27001

• Experience in a similar role of Chief Security Officer (CSO)

• Experience in an organization with a significant “footprint” in the government sector.

Supplemental Information

Supervisory Status : Functional

RESIDENCY REQUIREMENT: Employee shall establish their principal place of residence within fifty (50) miles of the corporate limits of the city of Dubuque as soon as practicable after appointment, but within two years of appointment.

FLSA STATUS: Exempt

Primary Contact

214881

City of Dubuque Human Resources Department

Human Resources Department, Human Resources Department

Phone

Phone

Phone

Fax

Email

True

False

True

Job Details

Categories

Information Technology/Telecommunications

Location

Dubuque, IA

Job Type

Employee

Full/Part

Full Time

Pay/Salary

$91,313.04 - $119,377.44 Annually

Benefits

Health Insurance

Dental Insurance

Life Insurance

Retirement Plan

Paid Vacation

Paid Sick Leave

PTO (Paid Time Off)

Paid Holidays

Tuition Reimbursement

Qualifications

Education

Bachelors

Experience

5-10 Years

Company ID

931

Job REQ #

# Positions

1

Start Date

20250604

End Date

20250801

Featured Job

0

TH Ad

0

TH Comments

Similar Jobs

Full-time Faculty in Computer Studies and Informat

University of Dubuque

Director of IT Security

Colony Brands, Inc.

Chief Technology Officer

Cottingham & Butler/ SISCO

Share this Job

City of Dubuque

About the Company

Whether at City Hall or out on city streets, our employees serve our residents, businesses, and visitors every day. Join the City of Dubuque team to be part of a high-performance organization dedicated to the community and to delivering excellent municipal services. We are input-oriented, see problems as opportunities, search for creative solutions, and work as a team to accomplish goals and build partnerships. At the City of Dubuque, your work is meaningful and supports the community.

The City of Dubuque values its employees and offers competitive salaries and benefits such as:

• Health and Dental Insurance

• 12 weeks of Paid Parental Leave

• Paid Time Off and 11 Paid Holidays

• Flexible Spending Accounts

• Retirement Savings (IPERS)

• Deferred Compensation Plan

• Life and AD&D Insurance Coverage

• Short-Term Disability

• Employee Assistance Program

• Tuition Reimbursement Program

• Longevity Pay Starting After 6 Years of Service

• Flexible Work Arrangements

• Paid Time Volunteering

With positions in over 30 departments and divisions, your perfect career fit is waiting for you at the City of Dubuque. Ready to join our team? Visit .

• Act as the primary local security contact / adviser for the IT leadership and the IT Business Partners, IT infrastructure, IT Architecture and other local personnel
• Proactively identify non-compliance and areas of potential improvement, and facilitate development and deployment of standard solutions
• Engage with clients and customers as needed to assist the business to achieve its objectives by representing our security program, supporting internal and external audits, assisting in customer communication of security incident, etc.
• Provide regular and timely reporting on the status of cyber security across the region/business unit
• Work with the Compliance and Information Risk Management team to drive policy and regulatory compliance.
• Assist on the implementation and translation of information security policies.
• Oversee technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing risk.
• Understand and interact with related disciplines to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management

• Bachelor's degree required, preferably in computer science or information systems
• Minimum of 8 to 10 years of experience in a combination of risk management, information security and compliance
• Ability to communicate clearly and effectively with both technology/development and business partners
• Ability to translate technical/security issues to business users
• Security certifications: CISSP, CISA, CISM, ISO is preferred.

• Medical, Dental, and Vision benefits
• Employer-paid Life and LTD
• 401k w/ matching - once eligibility is met
• Work/life balance
• Paid Volunteer Program
• Flexible working hours
• Unlimited PTO
• Remote work options
• Employee Discounts
• Parental Leave

• Working with talented, collaborative, and friendly people who love what they do
• Professional growth within
• Innovation environment
• On site in HQ Free daily lunches

About Stem Stem (NYSE: STEM) is a global leader in AI-enabled software and services that enable its customers to plan, deploy, and operate clean energy assets. The company offers a complete set of solutions that transform how solar and energy storage projects are developed, built, and operated, including an integrated suite of software and edge products, and full lifecycle services from a team of leading experts. More than 16,000 global customers rely on Stem to maximize the value of their clean energy projects and portfolios. Learn more at Stem's culture embodies diversity & inclusion beyond the traditional facets of gender, ethnicity, age, disabilities, and sexual orientation to include experience, personality, communication, workstyles, and more. At our core, Stem is at the momentous intersection of clean energy and software technology where diverse ideas, experiences, and professional skills converge to make the inclusive culture we have today. Together, we are turning old school thoughts about software and energy into progressive, collaborative, and innovative solutions. By joining our team, you will be collaborating with data scientists, energy experts, skilled salespeople, thought-leading executives and more from a range of backgrounds. This intersection of ideas, beliefs, and skills is what makes us unique enough to lead the world's largest network of digitally connected energy storage systems. What we are looking for: As a Chief Information Security Officer, you will be responsible for establishing and maintaining Stem's enterprise-wide cybersecurity vision, strategy, and program to ensure all information assets and technologies are adequately protected. You will lead the development and implementation of comprehensive security policies, procedures, and controls while ensuring regulatory compliance across multiple frameworks. This role requires both strategic leadership and hands-on expertise in cybersecurity, with a focus on building a security-first culture that aligns with our business objectives and supports our growth in the clean energy sector. Responsibilities: Strategic Security Leadership - Develop and implement a comprehensive cybersecurity strategy that aligns with Stem's business objectives and risk tolerance, ensuring protection of our clean energy technology platform and customer data. Develop and implement cybersecurity and data privacy policies that enable business objectives and satisfy external requirements. Risk Management & Governance - Establish and oversee enterprise-wide cybersecurity risk management program, conducting regular risk assessments and implementing appropriate controls to mitigate identified vulnerabilities. Compliance & Audit Management - Lead SOC 2 Type II audits, ISO 27001 certification processes, and other regulatory compliance requirements. Ensure adherence to industry standards including NIST, Zero Trust, PCI DSS, and relevant data privacy regulations (GDPR, CCPA). Incident Response & Crisis Management - Develop and maintain comprehensive incident response plans, lead crisis communications during security events, and oversee post-incident analysis and remediation efforts. Security Architecture & Technology - Guide the selection, implementation, and management of security technologies including SIEM, endpoint detection and response (EDR), identity and access management (IAM), and cloud security solutions. Team Leadership & Development - Build and lead a high-performing cybersecurity team. Manage relationships with external security providers and consultants. Business Enablement - Collaborate with executive leadership to ensure security initiatives support business growth while maintaining appropriate risk levels. Translate complex security concepts into business-friendly language for stakeholders. Security Awareness & Training - Develop and implement comprehensive cybersecurity awareness programs for all employees, ensuring a security-first culture throughout the organization. Regulatory & Legal Coordination - Work closely with legal, compliance, and privacy teams to ensure cybersecurity practices meet all regulatory requirements and contractual obligations. Budget Management - Develop and manage cybersecurity budget, ensuring efficient allocation of resources while maintaining effective security posture. Third-Party Risk Management - Establish and oversee vendor security assessment programs, ensuring all third-party relationships maintain appropriate security standards. Business Continuity & Disaster Recovery - Develop and maintain comprehensive business continuity and disaster recovery plans, ensuring rapid recovery from security incidents. Requirements: Education: Bachelor's degree in Computer Science, Information Security, or related technical field required. Master's degree in Cybersecurity, Information Systems, or relevant discipline preferred. Experience: 12+ years of progressive experience in information security roles with at least 5 years in senior leadership positions 10+ years of hands-on experience with cybersecurity technologies and frameworks Proven track record of leading SOC 2, ISO 27001, and other compliance audit processes Experience in technology companies, preferably in clean energy, SaaS, or IoT environments Technical Expertise: Deep knowledge of cybersecurity frameworks (NIST, ISO 27001, COBIT, SANS) Extensive experience with security technologies (SIEM, EDR, IAM, firewalls, intrusion detection/prevention) Strong understanding of cloud security (AWS, Azure, GCP) and DevSecOps practices Experience with vulnerability management, penetration testing, and security assessments Knowledge of data privacy regulations (GDPR, CCPA, HIPAA) and their implementation Certifications (Required): CISSP (Certified Information Systems Security Professional) CISM (Certified Information Security Manager) or CISA (Certified Information Systems Auditor) Additional preferred certifications: CCISO, CISSP, CGEIT, CRISC Leadership & Business Skills: Proven ability to build and lead high-performing security teams Strong business acumen with ability to align security strategy with business objectives Excellent communication skills with ability to present to executive audiences and board members Experience working with customers on security and compliance requirements Track record of successfully managing security budgets and vendor relationships Industry Knowledge: Understanding of critical infrastructure security requirements Knowledge of energy sector regulations and compliance requirements Experience with IoT security and industrial control systems preferred Familiarity with financial services and energy trading security requirements Salary Range $220,400.00 - $330,600.00 What We Offer: At Stem, you will work in a growing, innovative, mission-driven company with talented colleagues that have a passion for building renewable energy systems.Stem offers competitive compensation as well as a comprehensive set of benefits to support the health and wellness of our employee including: A competitive compensation package, including eligibility for a bonus or commission based on the role, and equity F ull health benefits on the first day of employment (several medical plan options-HDHP and PPO, dental plans, FSA/HSA-with employer contribution, employer paid vision/LTD/STD/Life, variety of voluntary coverage) 401k (pre- or post-tax) on first day of employment 12 paid calendar holidays per year Flexible time-off Learn More To learn more about Stem, visit our stem.com where you'll find information about our solutions, technology, partners, case studies, resources, latest news and more. Here are some relevant links: Company Overview Newsroom Case Studies LinkedIn Stem, Inc . is an equal opportunity employer committed to diversity in the workplace and does not discriminate against any employee or applicant for employment because of race, color, sex, pregnancy, religion, national origin, ethnicity, citizenship, sexual orientation, gender identity, age, marital status, disability, genetic information, military status, protected veteran status or any other factor protected by applicable federal, state or local laws. #J-18808-Ljbffr

Voleon is a technology-driven firm at the forefront of applying advanced AI and machine learning to solve real-world challenges in finance. For over a decade, we have been industry leaders, pioneering the use of AI/ML in investment management. Our continued innovation has established us as a multibillion-dollar asset manager with ambitious plans for the future.

Voleon is growing. As we open offices in more locations, support expanded work-from-home, and expand our capabilities in the cloud, we need security leaders like you to lead the way. We have invested heavily into creating a strong security organization and are looking for someone experienced and passionate in getting us to the next level. We are building a world-class organization, and are searching for a security leader to own this domain.

The Voleon Chief Information Security Officer will serve as the owner of all activities related to the confidentiality, integrity, and availability of Voleon's intellectual property, trade secrets, business, investor, and employee data assets. To be successful in the CISO role, one must have proven success working with executive management to determine acceptable levels of risk for the organization in a time-critical, action-oriented manner, leveraging a highly technical background focused on integrating security risk management and business strategy. This position is responsible for maturing our existing information security management program to ensure that information assets are protected from internal and external threats, working cross-functionally with various teams including research, engineering, finance, legal, and compliance. This role will lead the work of technical information security staff, serving as a liaison between business and technology, planning project stages, assessing business implications, and monitoring progress to ensure deadlines, standards and cost targets are met. The CISO will prioritize projects, solutions, and allocate resources with the assistance of a team of security architects, engineers, and analysts.

The Voleon CISO will work alongside our VP of Engineering, leads of our Research teams, and Chief Operating Officer to meet the needs of the entire organization. Our existing security team and Corporate IT team will report to them, and the CISO will be charged with determining a hiring plan to grow and expand the team as needed.

• Lead the development, execution, and enforcement of security processes, policies, and procedures to protect our valuable trade secrets
• Lead our incident response, threat modeling and threat hunting processes
• Mature defense-in-depth security for the organization to protect proprietary knowledge, critical IT assets, and sensitive data from external and internal threats
• Coach, support and lead the professional development of direct and indirect reports to foster and ensure a positive, open, innovative, and high performing environment for the team
• Drive and own development and strategic execution of the metrics and accountability programs, including SLAs, threat defense, and both operational and project-level KPIs
• Engage directly with our investors and other external parties as they perform due diligence on the organization
• Serve as information security subject matter expert and driver of security culture
• Deliver a secure IT platform built on powerful, capable, modern tools

• 10+ years of information security technology experience
• 5+ years of management experience
• Proven leadership experience across a broad range of software intensive technical environments protecting trade secrets or other critical intellectual property
• Demonstrated track record of delivery of high-quality projects, on-time and on-budget
• Leadership presence and a history of active partnership with senior software development leaders regarding protecting the software development lifecycle
• Multiple years of experience specifically leading the development and management of risk-based security programs leveraging a wide variety of cyber security technologies
• Track record of rapid response, analysis and mitigation of IT security threats
• Self-motivated, results oriented, strategically adept, and passionate about program development and management
• High integrity, excellent judgement - you'll have access to sensitive information and must treat it appropriately
• A degree in computer science, information technology, or a related field

The base salary range for this position is $250,000 to $25,000 in the location(s) of this posting. Individual salaries are determined through a variety of factors, including, but not limited to, education, experience, knowledge, skills, and geography. Base salary does not include other forms of total compensation such as bonus compensation and other benefits. Our benefits package includes medical, dental and vision coverage, life and AD&D insurance, 20 days of paid time off, 9 sick days, and a 401(k) plan with a company match.

"Friends of Voleon" Candidate Referral Program

If you have a great candidate in mind for this role and would like to have the potential to earn 15,000 if your referred candidate is successfully hired and employed by The Voleon Group, please use this form to submit your referral. For more details regarding eligibility, terms and conditions please make sure to review the Voleon Referral Bonus Program.

Equal Opportunity Employer

The Voleon Group is an Equal Opportunity employer. Applicants are considered without regard to race, color, religion, creed, national origin, age, sex, gender, marital status, sexual orientation and identity, genetic information, veteran status, citizenship, or any other factors prohibited by local, state, or federal law.

Vaccination Requirement

The Voleon Group has implemented a policy requiring all employees who will be entering our worksite, including new hires, to be fully vaccinated with the COVID-19 vaccine. This policy also applies to remote employees, as such employees will be asked to visit our offices from time to time. To the extent permitted by applicable law, proof of vaccination will be required as a condition of employment. This policy is part of Voleon's ongoing efforts to ensure the safety and well-being of our employees and community, and to support public health efforts.

Nightfall AI ( is the unified platform that prevents data leaks and enables secure collaboration by protecting sensitive data and controlling how it's shared. For decades, legacy data leak prevention (DLP) solutions have failed to adequately protect sensitive information. Traditional DLP is outdated, intrusive, and complex - it wasn't designed for today's modern enterprise where users continuously share data across interconnected SaaS applications, endpoints, and now generative AI. Nightfall AI is the first AI-native DLP solution. We leverage AI to achieve twice the accuracy with a fraction of the false positives that overwhelm security teams. Nightfall does this without disrupting modern work patterns. Our AI-native platform spans sensitive data protection across SaaS, email, data exfiltration prevention on SaaS, endpoints, and data encryption. Nightfall's Developer Platform provides an open, flexible environment for developers to integrate our data classification and protection capabilities anywhere, including establishing trust boundaries for AI model building and consumption.

About the Position

As our CISO, you'll be responsible for both safeguarding Nightfall's internal systems and guiding our customers through their own security and compliance journeys. This role uniquely blends strategic security leadership with a field-facing, customer engagement focus .
Responsibilities

Security & Risk Leadership

• Own and evolve Nightfall's overall security strategy, ensuring we stay ahead of emerging threats and industry standards.
• Lead enterprise risk management, compliance, audit readiness, and security operations.
• Oversee our information security architecture, secure SDLC, and incident response processes.
• Partner with Engineering and Product teams to embed security into every layer of our platform.
• Lead efforts for certifications and audits (SOC 2, ISO 27001, etc.).

• Serve as a strategic partner to Sales, Marketing, and Customer Success teams.
• Join customer and prospect conversations as a trusted advisor to address security concerns, explain our controls, and reinforce trust in our platform.
• Represent Nightfall at industry events, webinars, and executive briefings.
• Partner with GTM leadership to align our security posture with customer needs and market demands.

• Proven experience as a CISO or senior security leader in a high-growth B2B SaaS environment.
• Strong understanding of cloud security, DevSecOps, zero trust architectures, and modern compliance frameworks.
• Exceptional communicator with executive presence-comfortable interfacing with CISOs, CIOs, and security decision-makers.
• Experience supporting GTM motions, including joining sales calls, handling due diligence, and presenting to security-conscious enterprise buyers.
• Demonstrated ability to build and scale security teams, processes, and systems in dynamic environments.
• Thrives on multitasking & comfort with ambiguity
• Intellectually curious about data security and AI

• Fluent public speaker or participates actively in a public facing security community
• Thought leadership
• Professional experience at a security startup

A company is looking for a Chief Information Security Officer. Key Responsibilities Lead the development and execution of the enterprise security vision and governance framework Oversee enterprise risk management and compliance with legal and regulatory requirements Manage Security Operations Center functions and ensure business continuity and disaster recovery plans are in place Required Qualifications Bachelor's degree in Computer Science, Information Security, Engineering, or a related field Minimum of 15 years of experience in information security and risk management, with at least 7 years in a senior leadership role Proven track record in developing and executing a comprehensive information security program aligned with business goals Expertise in risk management methodologies and global compliance frameworks Hands-on experience with security operations and crisis incident responseCreate a job alert for this searchChief Information Security Officer • Santa Ana, California, United States #J-18808-Ljbffr

• Strategic Security Leadership - Develop and implement a comprehensive cybersecurity strategy that aligns with Stem's business objectives and risk tolerance, ensuring protection of our clean energy technology platform and customer data.
• Develop and implement cybersecurity and data privacy policies that enable business objectives and satisfy external requirements.
• Risk Management & Governance - Establish and oversee enterprise-wide cybersecurity risk management program, conducting regular risk assessments and implementing appropriate controls to mitigate identified vulnerabilities.
• Compliance & Audit Management - Lead SOC 2 Type II audits, ISO 27001 certification processes, and other regulatory compliance requirements. Ensure adherence to industry standards including NIST, Zero Trust, PCI DSS, and relevant data privacy regulations (GDPR, CCPA).
• Incident Response & Crisis Management - Develop and maintain comprehensive incident response plans, lead crisis communications during security events, and oversee post-incident analysis and remediation efforts.
• Security Architecture & Technology - Guide the selection, implementation, and management of security technologies including SIEM, endpoint detection and response (EDR), identity and access management (IAM), and cloud security solutions.
• Team Leadership & Development - Build and lead a high-performing cybersecurity team. Manage relationships with external security providers and consultants.
• Business Enablement - Collaborate with executive leadership to ensure security initiatives support business growth while maintaining appropriate risk levels. Translate complex security concepts into business-friendly language for stakeholders.
• Security Awareness & Training - Develop and implement comprehensive cybersecurity awareness programs for all employees, ensuring a security-first culture throughout the organization.
• Regulatory & Legal Coordination - Work closely with legal, compliance, and privacy teams to ensure cybersecurity practices meet all regulatory requirements and contractual obligations.
• Budget Management - Develop and manage cybersecurity budget, ensuring efficient allocation of resources while maintaining effective security posture.
• Third-Party Risk Management - Establish and oversee vendor security assessment programs, ensuring all third-party relationships maintain appropriate security standards.
• Business Continuity & Disaster Recovery - Develop and maintain comprehensive business continuity and disaster recovery plans, ensuring rapid recovery from security incidents.

• Bachelor's degree in Computer Science, Information Security, or related technical field required. Master's degree in Cybersecurity, Information Systems, or relevant discipline preferred.

• 12+ years of progressive experience in information security roles with at least 5 years in senior leadership positions
• 10+ years of hands-on experience with cybersecurity technologies and frameworks
• Proven track record of leading SOC 2, ISO 27001, and other compliance audit processes
• Experience in technology companies, preferably in clean energy, SaaS, or IoT environments

• Deep knowledge of cybersecurity frameworks (NIST, ISO 27001, COBIT, SANS)
• Extensive experience with security technologies (SIEM, EDR, IAM, firewalls, intrusion detection/prevention)
• Strong understanding of cloud security (AWS, Azure, GCP) and DevSecOps practices
• Experience with vulnerability management, penetration testing, and security assessments
• Knowledge of data privacy regulations (GDPR, CCPA, HIPAA) and their implementation

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager) or CISA (Certified Information Systems Auditor)
• Additional preferred certifications: CCISO, CISSP, CGEIT, CRISC

• Proven ability to build and lead high-performing security teams
• Strong business acumen with ability to align security strategy with business objectives
• Excellent communication skills with ability to present to executive audiences and board members
• Experience working with customers on security and compliance requirements
• Track record of successfully managing security budgets and vendor relationships

• Understanding of critical infrastructure security requirements
• Knowledge of energy sector regulations and compliance requirements
• Experience with IoT security and industrial control systems preferred
• Familiarity with financial services and energy trading security requirements

• A competitive compensation package, including eligibility for a bonus or commission based on the role, and equity
• Full health benefits on the first day of employment (several medical plan options-HDHP and PPO, dental plans, FSA/HSA-with employer contribution, employer paid vision/LTD/STD/Life, variety of voluntary coverage)
• 401k (pre- or post-tax) on first day of employment
• 12 paid calendar holidays per year
• Flexible time-off

• Company Overview
• Newsroom
• Case Studies
• LinkedIn

A company is looking for a Chief Information Security Officer. Key Responsibilities Develop and implement a comprehensive cybersecurity strategy aligned with business objectives Establish and oversee an enterprise-wide cybersecurity risk management program, conducting regular risk assessments Lead incident response planning and manage crisis communications during security events Required Qualifications Bachelor's degree in Computer Science, Information Security, or related field; Master's preferred 12+ years of experience in information security, with at least 5 years in senior leadership roles Deep knowledge of cybersecurity frameworks and extensive experience with security technologies Certifications required : CISSP, CISM or CISA Strong business acumen with the ability to align security strategy with business objectives Create a job alert for this search Chief Information Security Officer • Fullerton, California, United States #J-18808-Ljbffr

About Stem
Stem (NYSE: STEM) is a global leader in AI-enabled software and services that enable its customers to plan, deploy, and operate clean energy assets. The company offers a complete set of solutions that transform how solar and energy storage projects are developed, built, and operated, including an integrated suite of software and edge products, and full lifecycle services from a team of leading experts. More than 16,000 global customers rely on Stem to maximize the value of their clean energy projects and portfolios. Learn more at

Stem's culture embodies diversity & inclusion beyond the traditional facets of gender, ethnicity, age, disabilities, and sexual orientation to include experience, personality, communication, workstyles, and more. At our core, Stem is at the momentous intersection of clean energy and software technology where diverse ideas, experiences, and professional skills converge to make the inclusive culture we have today. Together, we are turning old school thoughts about software and energy into progressive, collaborative, and innovative solutions. By joining our team, you will be collaborating with data scientists, energy experts, skilled salespeople, thought-leading executives and more from a range of backgrounds. This intersection of ideas, beliefs, and skills is what makes us unique enough to lead the world's largest network of digitally connected energy storage systems.

What we are looking for:

As a Chief Information Security Officer, you will be responsible for establishing and maintaining Stem's enterprise-wide cybersecurity vision, strategy, and program to ensure all information assets and technologies are adequately protected. You will lead the development and implementation of comprehensive security policies, procedures, and controls while ensuring regulatory compliance across multiple frameworks. This role requires both strategic leadership and hands-on expertise in cybersecurity, with a focus on building a security-first culture that aligns with our business objectives and supports our growth in the clean energy sector.

Responsibilities:

• Strategic Security Leadership - Develop and implement a comprehensive cybersecurity strategy that aligns with Stem's business objectives and risk tolerance, ensuring protection of our clean energy technology platform and customer data.
• Develop and implement cybersecurity and data privacy policies that enable business objectives and satisfy external requirements.
• Risk Management & Governance - Establish and oversee enterprise-wide cybersecurity risk management program, conducting regular risk assessments and implementing appropriate controls to mitigate identified vulnerabilities.
• Compliance & Audit Management - Lead SOC 2 Type II audits, ISO 27001 certification processes, and other regulatory compliance requirements. Ensure adherence to industry standards including NIST, Zero Trust, PCI DSS, and relevant data privacy regulations (GDPR, CCPA).
• Incident Response & Crisis Management - Develop and maintain comprehensive incident response plans, lead crisis communications during security events, and oversee post-incident analysis and remediation efforts.
• Security Architecture & Technology - Guide the selection, implementation, and management of security technologies including SIEM, endpoint detection and response (EDR), identity and access management (IAM), and cloud security solutions.
• Team Leadership & Development - Build and lead a high-performing cybersecurity team. Manage relationships with external security providers and consultants.
• Business Enablement - Collaborate with executive leadership to ensure security initiatives support business growth while maintaining appropriate risk levels. Translate complex security concepts into business-friendly language for stakeholders.
• Security Awareness & Training - Develop and implement comprehensive cybersecurity awareness programs for all employees, ensuring a security-first culture throughout the organization.
• Regulatory & Legal Coordination - Work closely with legal, compliance, and privacy teams to ensure cybersecurity practices meet all regulatory requirements and contractual obligations.
• Budget Management - Develop and manage cybersecurity budget, ensuring efficient allocation of resources while maintaining effective security posture.
• Third-Party Risk Management - Establish and oversee vendor security assessment programs, ensuring all third-party relationships maintain appropriate security standards.
• Business Continuity & Disaster Recovery - Develop and maintain comprehensive business continuity and disaster recovery plans, ensuring rapid recovery from security incidents.

Requirements:

Education:

• Bachelor's degree in Computer Science, Information Security, or related technical field required. Master's degree in Cybersecurity, Information Systems, or relevant discipline preferred.

Experience:

• 12+ years of progressive experience in information security roles with at least 5 years in senior leadership positions
• 10+ years of hands-on experience with cybersecurity technologies and frameworks
• Proven track record of leading SOC 2, ISO 27001, and other compliance audit processes
• Experience in technology companies, preferably in clean energy, SaaS, or IoT environments

Technical Expertise:

• Deep knowledge of cybersecurity frameworks (NIST, ISO 27001, COBIT, SANS)
• Extensive experience with security technologies (SIEM, EDR, IAM, firewalls, intrusion detection/prevention)
• Strong understanding of cloud security (AWS, Azure, GCP) and DevSecOps practices
• Experience with vulnerability management, penetration testing, and security assessments
• Knowledge of data privacy regulations (GDPR, CCPA, HIPAA) and their implementation

Certifications (Required):

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager) or CISA (Certified Information Systems Auditor)
• Additional preferred certifications: CCISO, CISSP, CGEIT, CRISC

Leadership & Business Skills:

• Proven ability to build and lead high-performing security teams
• Strong business acumen with ability to align security strategy with business objectives
• Excellent communication skills with ability to present to executive audiences and board members
• Experience working with customers on security and compliance requirements
• Track record of successfully managing security budgets and vendor relationships

Industry Knowledge:

• Understanding of critical infrastructure security requirements
• Knowledge of energy sector regulations and compliance requirements
• Experience with IoT security and industrial control systems preferred
• Familiarity with financial services and energy trading security requirements

What We Offer:

At Stem, you will work in a growing, innovative, mission-driven company with talented colleagues that have a passion for building renewable energy systems.Stem offers competitive compensation as well as a comprehensive set of benefits to support the health and wellness of our employee including:

• A competitive compensation package, including eligibility for a bonus or commission based on the role, and equity
• Full health benefits on the first day of employment (several medical plan options-HDHP and PPO, dental plans, FSA/HSA-with employer contribution, employer paid vision/LTD/STD/Life, variety of voluntary coverage)
• 401k (pre- or post-tax) on first day of employment
• 12 paid calendar holidays per year
• Flexible time-off

Learn More

To learn more about Stem, visit our stem.com where you'll find information about our solutions, technology, partners, case studies, resources, latest news and more. Here are some relevant links:

• Company Overview
• Newsroom
• Case Studies
• LinkedIn

Stem, Inc . is an equal opportunity employer committed to diversity in the workplace and does not discriminate against any employee or applicant for employment because of race, color, sex, pregnancy, religion, national origin, ethnicity, citizenship, sexual orientation, gender identity, age, marital status, disability, genetic information, military status, protected veteran status or any other factor protected by applicable federal, state or local laws.