Chief Information Security Officer

An active security clearance or the eligibility to obtain one Hands-on experience with identity and access management (IAM), role-based access control (RBAC), and related concepts in AWS, Azure, and GCP Demonstrated success leading security audits or compliance assessments Excellent communication and documentation skills, with the ability to explain technical and regulatory concepts in plain language Experience enumerating and mitigating organizational vulnerabilities Experience mitigating security risks in the software development life cycle at the organizational level Ability to interpret and translate non-technical material, such as regulations, into business and technical requirements Deep understanding of and achieving compliance with NIST 800-171 Proven ability to foster trust and collaboration across technical and non-technical teams Ability to work successfully within a professional services environment A passion for creating better public outcomes through great government services A mindset and work approach that aligns with our core values Ability to travel for work from time to time Expertise in other relevant regulatory frameworks like CMMC, HIPAA, or FISMA (Nice-to-have) Hands-on experience administering Google Workspace (Nice-to-have) Professional development experience in at least one programming language (Nice-to-have) Professional experience working with infrastructure-as-code (Nice-to-have) Prior experience working in the civic tech space (Nice-to-have) Experience working in a remote-team environment (Nice-to-have)

Lead the design, implementation, and day-to-day operation of Skylight’s information security and compliance efforts Maintain and continuously improve compliance with Skylight’s regulatory requirements, including NIST 800-171, CMMC Level 2, and HIPAA Represent Skylight externally for security audits, risk assessments, and communication with external assessors Collaborate with the Chief Operating Officer (COO) and CIO to achieve and maintain Skylight’s facility security clearance (FCL) Administer and enforce identity and access management across Skylight’s IT infrastructure, including AWS, Azure, Google Cloud Platform (GCP), Google Workspace, and Slack Partner with project and delivery teams to integrate security and compliance into project planning, delivery, and client communications Lead periodic risk assessments and report findings to the CIO and leadership team to inform decision-making Develop and maintain internal security and IT policies, ensuring they’re accessible, practical, and actionable Deliver annual security awareness training across the organization Collaborate with the CIO to align security priorities with company strategy and resource planning Stay current on evolving security practices, technologies, and emerging threats