Chief Information Security Officer

### Who you are
- 10+ years of progressive experience in information security, with at least 3 years in a senior leadership role (CISO, VP of Security, or equivalent)
- Demonstrated success building or significantly maturing a security program at a high-growth technology company
- Deep expertise in cloud security, particularly AWS, including IAM, network security, data encryption, and cloud-native security tooling
- Strong working knowledge of compliance frameworks: SOC 2, ISO 27001, CMMC, FEDRAMP, and ITAR/EAR
- Track record of leading incident response for significant security events
- Excellent communicator — able to translate complex security risk into clear business terms for the leadership team, customers, and cross-functional partners
- Experience managing security in enterprise sales cycles, including responding to customer security questionnaires and participating in procurement reviews
- Background in industrial technology, hardware/IoT security, or manufacturing sectors
- Experience with medical device, aerospace, or defense industry compliance requirements
- Prior experience as a first or early CISO, comfortable operating with both strategic vision and hands-on execution
- Relevant certifications: CISSP, CISM, CCSP, or equivalent
- Do you feel like your skills don’t meet every single requirement listed? We encourage you to apply anyway – If you’re excited about our technology, the opportunity, and are eager to learn more we’d love to hear from you!

### What the job involves
- As CISO, you will own Lumafield's security function end-to-end—from cloud infrastructure and product security to customer data protection and regulatory compliance
- This is a rare opportunity to define security culture and architecture at a high-growth company whose customers share some of the most sensitive intellectual property in the world: proprietary product designs, internal manufacturing processes, and competitive R&D data
- You will report directly to the CEO, and partner closely with Engineering, Product, Operations, and Sales to make sure security enables the business rather than slows it down
- Define and execute Lumafield's multi-year information security strategy, aligning it with business objectives and customer trust requirements
- Own security architecture for Voyager, our cloud-based CT analysis platform, including data storage, access controls, API security, and multi-tenant isolation
- Embed security into the SDLC by partnering with Engineering and DevOps on threat modeling, secure code review, vulnerability management, and penetration testing
- Extend security best practices to Lumafield's hardware products and firmware, including the Neptune and Triton scanner families
- Lead and maintain compliance certifications (SOC 2 Type II, ISO 27001) and oversee ongoing adherence to ITAR/EAR requirements across our export-controlled facility and customer engagements
- Be an integral part of our enterprise sales process — handle security questionnaires, support complex sales cycles, and build trust with InfoSec teams at major manufacturers
- Build and continuously test Lumafield's incident response plan; own the enterprise risk register and manage third-party vendor risk
- Champion a security-first culture through training, clear policies, and acting as a pragmatic advisor to business stakeholders

### Benefits
- Health, vision, & dental coverage
- Paid parental leave
- Equity package for all full-time employees
- Flexible vacation policy
- Mental health & wellness perks
- Catered lunches & full kitchen
- Retirement savings
- Financial wellness education
- Company & team events