Fractional Chief Security Officer (CSO)

---

Overview GovPilot is seeking a Fractional Chief Security Officer (CSO) to establish, oversee, and enhance the security framework for its cloud-based SaaS platform serving local governments. This role will provide strategic security leadership, ensuring the company's infrastructure, applications, and operations adhere to industry best practices, regulatory requirements, and customer expectations. The Fractional CSO will work closely with the CTO, Head of Engineering, Engineering Manager, Infrastructure Architect, and DevOps team to implement security controls, develop policies, and mitigate risks. This is a part-time, contract-based role suited for an experienced security professional who can provide high-level oversight while also guiding tactical security initiatives. Responsibilities Security Strategy & Governance Develop and implement a comprehensive security strategy aligned with GovPilot’s business objectives. Define and enforce security policies, standards, and best practices to ensure compliance with frameworks such as SOC 2, CJIS, and GDPR where applicable. Conduct regular security risk assessments, identify vulnerabilities, and provide recommendations for mitigation. Advise engineering, IT, and DevOps teams on security best practices and emerging threats. Infrastructure & Application Security Oversee the security architecture of GovPilot’s Azure-hosted SaaS platform, ensuring adherence to secure multi-tenant architecture and zero-trust principles. Implement and monitor security controls across cloud environments, databases, APIs, and third-party integrations. Work with the Head of Engineering and Infrastructure Architect to integrate DevSecOps practices into CI/CD pipelines. Ensure secure development lifecycle (SDLC) practices are followed and conduct regular code security reviews. Incident Response & Threat Management Establish an incident response plan, oversee security monitoring, and lead investigations into security breaches. Ensure GovPilot’s monitoring tools (Datadog, New Relic, Sentry) are configured for threat detection and alerting. Conduct penetration testing, vulnerability assessments, and remediation planning using tools such as SonarCloud. Define security requirements and policies for endpoint security and identity access management (IAM). Compliance & Risk Management Lead security audits and assessments, ensuring GovPilot meets compliance requirements for government contracts. Provide security documentation and guidance for customer security reviews and RFPs. Stay updated on evolving cybersecurity regulations and ensure compliance with CJIS, SOC 2, NIST, and other relevant standards. Third-Party & Supply Chain Security Evaluate the security posture of third-party vendors, contractors, and off-the-shelf solutions. Define and enforce security requirements for integrations, partnerships, and cloud services. Oversee the security review and approval process for new technology adoption. Qualifications 10+ years of experience in cybersecurity, with at least 3-5 years in a leadership role. Expertise in cloud security (Azure preferred), network security, and application security. Experience implementing and maintaining compliance with SOC 2, CJIS, and other security frameworks. Hands-on experience with SIEM, IDS/IPS, EDR, and security automation tools. Strong understanding of DevSecOps, encryption, IAM, and security architecture for multi-tenant SaaS platforms. Certifications such as CISSP, CISM, CCSP, OSCP are preferred. Engagement Details Fractional (Part-Time, Contract-Based) engagement with flexible hours. Expected commitment of X hours per week/month, depending on security needs. Remote position with occasional onsite meetings as required. Why Join GovPilot? Influence and shape security strategy for a high-growth SaaS company serving local governments. Work alongside a talented engineering, infrastructure, and DevOps team to implement cutting-edge security practices. Ensure compliance, risk mitigation, and trust across GovPilot’s government customer base. If you are an experienced security leader looking for a flexible yet impactful role, we’d love to hear from you!

Keyword: cloud