Org Blueprint
R-036HumanTrust & SafetyP0 · CriticalUnfilled

CISO

Owns information security posture across product, infrastructure, and operations.

Live Ops

Due-diligence relevance

Strategic acquirers require a CISO or equivalent as a condition of close in any market with regulated data. Without one, the deal team builds the gap into the purchase price as a transitional cost. SOC 2 Type II certification (typically the CISO's first major deliverable) is increasingly table stakes for enterprise channel partnerships.

Responsibilities

  • Information security strategy and roadmap
  • Security control framework (ISO 27001 / SOC 2)
  • Incident response leadership
  • Vendor security review programme
  • Security training and culture

Inputs

  • · Threat model
  • · Pentest findings
  • · Vendor inventory

Outputs

  • · Security roadmap
  • · Statement of Applicability
  • · Board security update

Qualifications

  • CISSP / CISM
  • Has led a SOC 2 Type II or ISO 27001 certification
  • Strong cross-functional partner — security ≠ blocking

KPIs

Critical findings closed within SLAMean time to detectAudit findings count

Interfaces

R-014VP EngineeringR-023Penetration Test LeadR-031DevOps EngineerR-090SOC LeadR-097PSIRT Lead