Key skills
AzureCloudJamfEntra IDSSOSaaSLeadershipCommunicationSales
About this role
Role Overview
- Serve as the named Information Security Officer (ISO), with delegated authority for control implementation, evidence collection, and ongoing attestation
- Partner with the executive team on overall security strategy, risk posture, and executive reporting to the leadership team
- Own the compliance program for Kaseware’s active certifications and pursuits, including but not limited to: FedRAMP, SOC 2 Type II, ISO/IEC 27001, State and federal CJIS, StateRAMP and TxRAMP
- Manage 3PAO and external auditor engagements end to end; planning, evidence collection, walkthroughs, findings, and remediation tracking
- Maintain the System Security Plan (SSP), Plan of Action & Milestones (POA&M), and continuous monitoring artifacts
- Author and maintain company security policies, standards, and procedures; perform technical writing as needed
- Review customer contracts, RFP responses, and partner agreements for compliance and security obligations
- Lead enterprise IT operations across endpoint management (Mac and Windows, MDM, patching, lifecycle), identity and access management (Entra ID, SSO, SCIM, joiner/mover/leaver), Microsoft 365, and the corporate network
- Own employee onboarding and offboarding, IT support, and SaaS administration for the corporate environment
- Drive secure-by-default IT engineering – configuration baselines, vulnerability management, asset and license management, and access governance – in alignment with FedRAMP, CJIS, and ISO 27001 control requirements
- Own the security incident response program – playbooks, tabletop exercises, communications, and post-incident review – for both security events and compliance violations
- Coordinate cross-functional response during security incidents, breaches, and compliance escalations; document outcomes and report to leadership and regulatory bodies as required
- Use lessons learned from incidents to evolve policies, controls, and tooling; integrate findings into continuous monitoring and the POA&M
- Partner with Engineering on application security findings (penetration tests, SAST/DAST, container scans) where corporate or compliance reporting is required; AppSec ownership remains with Engineering
- Lead, mentor, and develop a four-person team
- Recruit and onboard new team members as the program grows; conduct performance reviews and career development planning
- Lead company-wide security awareness, new-hire training, and role-specific training programs
- Present compliance posture, audit results, and risk findings to executive leadership and, where appropriate, customers and regulators
- Support the Sales team on customer-facing security and compliance requirements in RFPs, security questionnaires, and customer audits
Requirements
- 10+ years of progressive experience in information security, IT, or compliance roles, with at least 4+ years in a leadership role managing people
- Demonstrated experience as a named ISO, security lead, or equivalent on a FedRAMP package
- CISSP required (CISM or CISA accepted as equivalent); CCEP, CRISC, or comparable compliance/risk certifications are a plus
- Hands-on experience implementing and operating control frameworks: NIST SP 800-53 R5, FedRAMP, DoD IL5, SOC 2, ISO 27001:2022, ISO 27701, and CJIS
- Working knowledge of StateRAMP, TxRAMP, CMMC, GDPR, and U.S. state privacy laws (CCPA/CPRA), with the ability to build a program that addresses applicable obligations across multiple frameworks
- Enterprise IT leadership experience – endpoint management (Windows and Mac, MDM tooling such as Intune or Jamf), identity (Microsoft Entra ID, SSO/SCIM/MFA), Microsoft 365 administration, and corporate networking
- Vulnerability management experience – running scan programs, triaging findings, maintaining a POA&M, and partnering with engineering teams on remediation
- Strong vendor and customer-facing skills , supporting RFPs, security questionnaires, customer audits, and external auditor engagements
- Excellent written and verbal communication; strong technical writing skills with a track record of authoring policies, procedures, and audit documentation
- Working knowledge of software development practices and the security implications of cloud-native architectures (Azure preferred)
- Self-starter who can operate without close supervision; strong attention to detail and judgment under pressure
- Other duties as needed.
Tech Stack
- Azure
- Cloud
- Jamf
Benefits
- Excellent health, dental, and vision insurance with generous company contribution
- Flex Spending Accounts
- Unlimited paid vacation
- 12 paid company holidays
- Paid Sick Time
- Paid Parental Leave
- 401k with company matching
- EcoPass provided for Colorado-based employees