Chief Information Security Officer (CISO)

About 1Kosmos

1Kosmos is a growing startup revolutionizing identity and authentication solutions. We’re seeking a hands‑on security leader who thrives in a technical, fast‑paced environment and is ready to build and scale our security operations from the ground up.

About the Role

We’re looking for a hands‑on security leader to serve as CISO. The candidate must be a highly technical, operationally focused security leader who can roll up their sleeves and directly implement security solutions while building our security posture. This role is ideal for a senior security operations professional ready to transition into strategic leadership while maintaining a deep technical involvement.

Key Responsibilities

Security Operations Leadership (Primary Focus)

• Design, implement, and manage a comprehensive security operations infrastructure
• Personally configure and deploy security tools, including endpoint protection, SIEM, and cloud security solutions
• Build and optimize security monitoring, incident response, and threat detection capabilities
• Drive automation initiatives to eliminate manual inefficiencies in security processes

Compliance and Risk Management

• Lead compliance initiatives including FedRAMP, SOC 2, and other regulatory frameworks
• Partner with business analysts to navigate regulatory requirements and audits
• Develop and maintain security policies, procedures, and documentation
• Manage security risk assessments and remediation programs

Technical Security Architecture

• Secure cloud infrastructure across AWS, Google Cloud, and other platforms
• Integrate security into CI/CD pipelines, working closely with DevOps teams
• Implement and manage security tools (CrowdStrike, etc.) across the organization
• Conduct hands‑on security reviews of architecture and code

Cross‑functional Collaboration

• Partner directly with development and engineering teams on secure software development
• Oversee internal IT security (smaller component of role)
• Communicate security initiatives and status to leadership and stakeholders
• Coordinate with global teams to ensure consistent security practices

Required Qualifications

Technical Expertise

• Minimum 7+ years in security operations with demonstrated hands‑on experience
• Deep expertise in cloud security (AWS, Google Cloud, Azure)
• Proven ability to personally deploy and configure enterprise security tools
• Strong understanding of modern DevOps practices and CI/CD security integration
• Experience with security automation and orchestration

Compliance and Governance

• Hands‑on experience with FedRAMP certification processes
• Track record of achieving and maintaining SOC 2, ISO 27001, or similar certifications
• Understanding of regulatory compliance requirements and audit processes

Leadership and Communication

• Experience leading security initiatives in fast‑growing organizations
• Strong communication skills for collaborating with global, distributed teams
• Ability to translate technical security concepts for various stakeholders
• Comfortable working in a startup environment with evolving requirements

Preferred Qualifications

• Currently in a similar-sized company CISO role, or a Deputy CISO, Director of Security Operations, or similar "CISO minus one" role at a larger organization
• Experience in identity management or authentication technologies
• Background in both security operations and security engineering
• Previous startup or scale-up experience
• Located in or willing to work EST hours (strong preference for NY/NJ area)
• Public-facing CISO experience (client communications) is a plus but not required

What We Offer

• Opportunity to build and shape security at a growing startup
• Direct impact on product and company security posture
• Collaborative environment with talented engineering teams
• Competitive compensation and equity package
• Flexible work arrangements with preference for hybrid in NY/NJ area

What We’re NOT Looking For

• Pure policy/governance executives without hands‑on technical skills
• Traditional "big company" CISOs focused only on strategy and presentations
• Candidates who expect to delegate all technical work from day one
• Security leaders who haven’t maintained current technical skills