Chief Information Security Officer (CISO)

About Skylight

Skylight is a digital consultancy using design and technology to help government agencies deliver better public services. We’re at the forefront of a civic movement to reinvent how all levels of government serve families, patients, and many others in today's digital world.

If you want to play a part in driving this critical movement forward, we’d love for you to join our growing team of public interest technologists. The work we do matters.

About the job

As Skylight’s Chief Information Security Officer (CISO), you’ll lead Skylight’s security, compliance, and policy efforts, ensuring they align with Skylight’s business, technical, and regulatory requirements. As a trusted advisor and partner across the organization, you’ll balance deep technical understanding with clear communication and strong relationship-building skills.

Because Skylight supports multiple federal clients, our work must comply with CMMC Level 2, NIST 800-171, and, potentially, HIPAA. You’ll play a pivotal role in maintaining compliance with these regulations by developing organizational readiness, guiding engineering teams, and ensuring secure, compliant operations across all systems.

In this role, you’ll report directly to the Chief Information Officer (CIO). This is a hands-on, collaborative leadership role where you’ll partner closely with the CIO on priorities, decisions, and direction. You’ll also collaborate with the CIO on key aspects of Skylight’s IT infrastructure, including onboarding/offboarding, account management, and role-based access controls. While you don’t need to be an expert administrator for every tool we use, your partnership in this area is essential to maintaining both operational integrity and regulatory compliance.

What you’ll do

• Lead the design, implementation, and day-to-day operation of Skylight’s information security and compliance efforts
• Maintain and continuously improve compliance with Skylight’s regulatory requirements, including NIST 800-171, CMMC Level 2, and HIPAA
• Represent Skylight externally for security audits, risk assessments, and communication with external assessors
• Collaborate with the Chief Operating Officer (COO) and CIO to achieve and maintain Skylight’s facility security clearance (FCL) 
• Administer and enforce identity and access management across Skylight’s IT infrastructure, including AWS, Azure, Google Cloud Platform (GCP), Google Workspace, and Slack
• Partner with project and delivery teams to integrate security and compliance into project planning, delivery, and client communications
• Lead periodic risk assessments and report findings to the CIO and leadership team to inform decision-making
• Develop and maintain internal security and IT policies, ensuring they’re accessible, practical, and actionable
• Deliver annual security awareness training across the organization
• Collaborate with the CIO to align security priorities with company strategy and resource planning
• Stay current on evolving security practices, technologies, and emerging threats

What we're looking for

Minimum qualifications

• An active security clearance or the eligibility to obtain one
• Hands-on experience with identity and access management (IAM), role-based access control (RBAC), and related concepts in AWS, Azure, and GCP
• Demonstrated success leading security audits or compliance assessments
• Excellent communication and documentation skills, with the ability to explain technical and regulatory concepts in plain language
• Experience enumerating and mitigating organizational vulnerabilities
• Experience mitigating security risks in the software development life cycle at the organizational level
• Ability to interpret and translate non-technical material, such as regulations, into business and technical requirements
• Deep understanding of and achieving compliance with NIST 800-171
• Proven ability to foster trust and collaboration across technical and non-technical teams
• Ability to work successfully within a professional services environment (e.g., can communicate effectively with clients)
• A passion for creating better public outcomes through great government services
• A mindset and work approach that aligns with our core values
• Ability to travel for work from time to time

Nice-to-have qualifications

• Expertise in other relevant regulatory frameworks like CMMC, HIPAA, or FISMA
• Hands-on experience administering Google Workspace
• Professional development experience in at least one programming language
• Professional experience working with infrastructure-as-code
• Prior experience working in the civic tech space
• Experience working in a remote-team environment

Don’t meet 100% of the criteria but think you can do the job? We’d love to chat anyway! We’re on a mission to build diverse teams, and studies have shown that women and marginalized folks are less likely to apply to jobs if they don’t check every box.

Other requirements

• All work must be conducted within the U.S., excluding U.S. territories. Some federal contracts require U.S. citizenship to be eligible for employment.
• You must be legally authorized to work in the U.S. now and in the future without sponsorship.
• As a government contractor, you may be required to obtain a public trust or security clearance.
• You will be required to complete a company background check successfully.

Position type

This is a full-time, exempt position.

Location

This is a fully remote position.

Care package

Salary

The salary range for this position is between $170,000 and $240,000.

Benefits

Your well-being is important to us, so we focus on supporting you in a variety of ways:

• Medical insurance, dental insurance, vision insurance
• Short-term and long-term disability insurance
• Life and AD&D insurance
• Dependent care FSA, healthcare FSA, health savings account
• Dollar-for-dollar 401(k) match up to 10% of your salary with no vesting period
• Flexible paid-time-off policy (generally around 25 days per year), plus 11 paid federal holidays
• Up to 12 weeks paid-time-off for all eligible new birth, adoption, or foster parents
• Performance rewards, including annual salary increase, annual performance bonus, spot bonuses, and stock options
• Business development / sales bonuses
• Referral bonuses
• Annual $2,000 allowance for professional development
• Annual $750 allowance for tech-related purchases
• Annual swag budget of $100 to display your Skylight pride with some merchandise (hoodies, hats, and more)
• Dollar-for-dollar charity donation matching, up to $500 per year
• Flexible, remote-friendly work environment
• An environment that empowers you to unleash your superpowers for public good

Interview tips

• Visit our join page to learn more about how our interview process works.
• Check out our Career Pathways framework to learn more about the different roles within Skylight and the skills needed to do them.
• If you’d like to request reasonable accommodations during the application or interviewing process, please contact our recruiting team at recruiting@skylight.digital.

We participate in E-Verify and upon hire, will provide the federal government with your Form I-9 information to confirm that you’re authorized to work in the U.S.

We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, sex, religion, age, disability, veteran status, or any other category protected by applicable law.