CISO

Chief Information Security Officer (CISO) – Alpine Software Group

We are seeking an experienced, strategic CISO to drive and elevate security initiatives across our diverse portfolio of companies. As a key leader within Alpine Software Group (HoldCo), you will work across a range of operating companies (OpCos) to set the vision for security, recommend best practices, and drive compliance and security upgrades in line with the strategic goals of the organization. While you will not directly lead security at any individual OpCo, you will leverage your influence and collaborate with OpCo leaders to foster a culture of security, provide guidance, ensure OpCos are operating securely in accordance with industry standards, and utilize security to drive growth.

Company Description

ASG is an unconventional group of market-leading SaaS software companies, serving industries ranging from behavioral health to transportation to childcare. ASG believes deeply in the power of people and data to grow great organizations, and that sharing knowledge, expertise, and resources across its community of businesses drives exponential growth. ASG has acquired over 50 businesses since its inception in August of 2016. We are backed by Alpine Investors and operated by world-class PeopleFirstTM leaders. Founders of leading SaaS companies continue to trust ASG to grow their businesses and build even stronger legacies for the future. To learn more, visit www.alpinesg.com.

Key Responsibilities

• Develop and Lead Cybersecurity Strategy: Work with executive leadership and portfolio companies to create a cybersecurity vision, strategy, and roadmap that protects OpCo value effectively.
• Security Program Oversight and Mentorship: Serve as a trusted advisor to OpCo leaders, helping to develop and refine their security strategies. Provide recommendations for enhancing security posture through process, technology, and policy improvements.
• Drive Security Best Practices: Promote shift-left security practices across all OpCos, including secure coding, on-prem and cloud infrastructure security, and incident response protocols through awareness training, partnerships, and direct support.
• Compliance Initiatives: Lead the coordination and implementation of compliance initiatives (e.g., SOC 2, PCI-DSS, HIPAA, GDPR) across the portfolio. Assist OpCos with preparing for audits and ensuring ongoing compliance with relevant regulations and standards. Support OpCos in third-party assessment engagements and follow-up remediation.
• Risk Management & Security Assessments: Lead security risk assessments across the OpCos. Help identify vulnerabilities, prioritize risks, and design action plans for mitigating security gaps. Encourage OpCos to adopt a consistent risk management framework.
• Application Security & Penetration Testing: Coordinate regular application security testing (AppSec) and penetration testing across all OpCos, ensuring secure coding practices and continuous improvement in the security of web, mobile, and API applications. Provide or contract qualified assistance in remediating critical application security vulnerabilities.
• Incident Response & Crisis Management: Provide leadership and support during security incidents across the OpCos, ensuring effective coordination, root cause analysis, and remediation. Support and improve upon our portfolio-wide incident response process.
• Security Awareness & Training: Champion security awareness across the portfolio by facilitating regular training programs and resources on security best practices, regulatory requirements, and emerging threats.
• Security Vendor Management: Oversee relationships with security vendors, ensuring that each OpCo receives the appropriate tools and services to maintain a secure environment. Assist with the evaluation and selection of security solutions across the portfolio.
• Cloud Security Governance: Provide strategic guidance on cloud security best practices, governance, and risk management to OpCo teams managing cloud environments (AWS, Azure, GCP).
• Executive Reporting & Communication: Regularly report to HoldCo leadership on the security posture across the portfolio. Provide clear, actionable insights for executives and boards, including status on compliance initiatives, risk assessments, and security upgrades.
• Drive Growth Through Security: Be passionate and creating about helping the OpCos leverage security to support business growth. Ensure security processes do not hinder innovation and are supportive of transformational technology.
  
  

We're Excited About You Because:

• Proven Leadership & Influence: You have 10 years of experience in information security, with a strong background in influencing and leading security initiatives across multiple teams, organizations, or business units. You excel at working through influence rather than direct authority.
• Strategic and Tactical Security Expertise: You bring deep expertise in cybersecurity strategy, risk management, compliance, and incident response. You can balance long-term strategic goals with short-term operational needs.
• Experience with a Diverse Portfolio: You have experience managing or advising across a portfolio of companies, preferably within a private equity or multi-entity organization structure, and understand the complexities and nuances of driving security across a wide range of industries and cultures.
• Strong Knowledge of Compliance & Regulatory Frameworks: You are well-versed in major cybersecurity standards and regulations (SOC 2, PCI DSS, HIPAA, GDPR, CCPA, etc.), and have experience guiding organizations through compliance initiatives and audits.
• Technical and Practical Security Skills: You have a solid understanding of application security, secure coding practices, penetration testing, and vulnerability management and can lead vendors and OpCos in driving vulnerabilities to resolution.
• Cloud Security Expertise: You understand cloud vulnerabilities and have experience in leading resources working on cloud security and governance for a range of cloud platforms.
• Exceptional Communication Skills: You have excellent written and verbal communication skills, and you can effectively communicate complex security concepts to both technical and non-technical stakeholders, including executive leadership, investors, and boards of directors. You are able to make a team of executives across our portfolio and feel like your Team One, yet are also able to shift gears and work with technical resources.
• Security Certifications: You hold relevant certifications, such as CISSP, CISM, CISA, OSCP, or equivalent, and you are committed to continuous learning and professional development.
• Problem Solver: You thrive in a fast-paced, dynamic environment, and are known for your ability to analyze complex security challenges and implement practical, effective solutions.