VP of Security, Compliance and IT (CISO)

ABOUT THE ROLE

The VP of Information Security and Compliance will oversee the strategy, design, implementation, and maintenance of the company’s security and compliance programs across all entities. This role is pivotal in mitigating risk for systems containing protected and private data while driving the vision and programs needed to safeguard the company’s information, assets, people, and technologies.

Key responsibilities include establishing a robust operational governance and risk management framework, ensuring security aligns with the company’s mission, and leading enterprise-wide security management programs. The role will provide independent assessments of operational risk and compliance, challenge business risk management activities, and identify emerging risk themes. Additionally, the VP will lead the evolution of security and compliance departments, enhancing the company’s overall risk management capabilities and ensuring security is a critical enabler of business success.

SPECIFIC RESPONSIBILITIES 

Operational Risk Management

• Enhance the company’s operational risk management framework, including standards and procedures for identifying, measuring, monitoring, and managing risks.
• Evaluate operational risk activities, oversee risk acceptance decisions, and perform scenario analyses.
• Develop and deliver operational risk reports for senior leadership.

Information Security Leadership

• Serve as a leader in fostering information security awareness across the organization.
• Assess and address evolving security risks, threats, and vulnerabilities.
• Oversee the development, communication, and implementation of security strategies, metrics, and maturity models.
• Ensure compliance with security standards, including HIPAA, PCI, NIST CSF, GDPR, and other applicable laws.

Technology & Infrastructure

• Maximize the effectiveness of existing security systems and cloud-based infrastructure.
• Evaluate, implement, and lead enterprise security technologies and processes.
• Lead cross-functional response teams to investigate and remediate security incidents.
• Define and drive the strategic vision for endpoint protection and cybersecurity, ensuring alignment with organizational goals and regulatory requirements.
• Provide leadership and guidance to teams managing device encryption, patching, and endpoint security tools, fostering collaboration across IT and Security teams.
• Oversee organizational response to endpoint-related security incidents, ensuring swift detection, remediation, and minimal business disruption.
• Advocate for security investments and resources, aligning endpoint security strategies with broader business objectives.

 Risk Management & Compliance

• Oversee risk management programs for internal and third-party activities.
• Ensure alignment with regulatory compliance and risk management expectations.
• Coordinate and track all IT and security-related audits, ensuring positive outcomes and addressing audit responses.

 Collaboration & Communication

• Work closely with stakeholders to ensure business continuity during security incidents.
• Collaborate with senior leadership to share insights, influence priorities, and drive stronger risk management practices.

Team Leadership

• Provide leadership, training, and development to the security and compliance teams.
• Define team deliverables, monitor execution, and ensure alignment with organizational goals.
• Represent and communicate the mission and values of the company, fostering a team-oriented environment.

REQUIRED QUALIFICATIONS

Education & Certifications:

• Bachelor's in IT, Cybersecurity, or related field (Master’s preferred).

Experience:

• 10+ years in IT security, compliance, and risk management.
• Expertise in security frameworks (e.g., NIST 800-53 rev5, ISO 27001) and regulatory standards (HIPAA, CCPA GDPR).
• Proven leadership in managing large-scale IT and security systems.

Skills & Knowledge:

• Strong understanding of IT infrastructure, cloud platforms, and emerging cybersecurity trends.
• Experience with risk assessment, audits, and compliance reporting.
• Strategic planning and project management capabilities.

Leadership & Communication:

• Ability to lead and mentor teams, manage budgets, and foster security awareness.
• Exceptional communication skills for engaging stakeholders.

Other Attributes:

• Ethical, decisive, and problem-solving oriented.
• Experience with vendor risk management and scaling IT/security during growth phases.

DESIRED QUALIFICATIONS

• Industry Experience: Knowledge of industry-specific compliance frameworks (e.g., HIPAA, PCI DSS) and regulatory requirements (e.g., GDPR, CCPA).
• Industry Experience: Knowledge of industry-specific compliance frameworks (e.g., stateRAMP, HIPAA, PCI DSS) and regulatory requirements (e.g., GDPR, CCPA).
• Technical Expertise: Proficiency in security tools, zero-trust architecture, hybrid cloud environments, and DevSecOps practices.
• Global Perspective: Experience managing global teams and navigating cross-border compliance challenges.
• Emerging Trends: Awareness of AI-driven threats, quantum computing risks, and predictive threat analytics.
• Certifications: CISSP, CISM, CISA, ITIL.

ABOUT ACCELA

For nearly 20 years, Accela has been an industry leader in designing and delivering government software to improve efficiency, increase citizen engagement and enable the development of thriving communities. Today, citizens are savvy to how services should be delivered, and expect a consistently convenient, openly transparent view into their local government. While government agencies struggle to do more with less, our mission has never been more critical. Accela provides a robust, cloud-based platform of government software solutions that accelerate growth, efficiency, and transparency in communities of all sizes. From planning, to building, to service request management and more, Accela’s SaaS offerings level the playing field for small and medium governments and enable smaller agencies to leverage larger city technologies. Our open and flexible technology helps agencies address specific needs today, while ensuring they are well prepared for the emerging challenges of the future.

OUR COMMITMENT TO DIVERSITY, EQUITY, AND INCLUSION
Accela believes in developing and nurturing a workplace community where our differences are celebrated, and everyone feels a sense of psychological safety and belonging. Accela is committed to putting resources and attention towards evolving our practices, policies, and philosophies to enable diversity to thrive and to support equity in opportunity for everyone.

COMPENSATION AND WELL-BEING
The annual base salary range for this full-time position is $270,000-$300,000 (less applicable taxes). The actual annual base salary offered may be adjusted based on a variety of factors, including but not limited to, location, education, skills, training, and experience. In addition to an annual base salary, this position is eligible for an annual bonus target. This is a discretionary bonus awarded based on company and individual goal achievement.
 
Accela’s U.S. team members will receive a generous benefits package consisting of options including flexible time off, comprehensive medical, dental, and vision plans, family planning benefits, 401(k) retirement savings plan with company match, health savings account with company contributions, flexible spending account, life, accident, and disability coverage, business travel insurance, employee assistance programs, and other well-being benefits.

Accela is an Equal Opportunity Employer/Affirmative Action Employer and will respond to requests for job accommodations.

All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, national origin, protected veteran status, or based on disability, gender identity, and sexual orientation.

#LI-Remote