Chief Information Security Officer

Job Description

Job Description

Rightworks offers the only intelligent cloud purpose-built for accounting firms and professionals. Backed by award-winning support, our fully managed IT and applications ensure customers have secure, reliable, on-demand access to their technology. We provide a curated software ecosystem that simplifies the complexity of running an accounting firm or small business, supported by a community of thought leaders, peer networks, and educational resources. Our success is made possible by leveraging decades of specialized experience in leading accounting firms, SMBs and technology companies. Thousands of Firms and SMBs count on us to run their business every day.

We have a great team, we’re growing fast, and have a winning culture based on innovation, teamwork, and mutual respect.

Job Overview:

The Chief Information Security Officer (CISO) will be responsible for defining and executing the company’s enterprise-wide security strategy across internal systems, customer-facing MSP offerings, and SaaS products. The CISO will ensure the confidentiality, integrity, and availability of all systems and data while positioning Rightworks as a trusted leader in secure cloud services for the accounting industry.

As a direct report to the CTO, the CISO will play a strategic role in overall technology leadership. This position participates as a strong voice in the technical leadership team, with specific responsibilities for leading and executing Rightworks Security strategy and operations.

This is a hybrid position, with 3 days per week in our Nashua, NH headquarters.

Responsibilities:

• Enterprise Security Leadership: Own the overall security strategy for internal systems, networks, and data assets across Rightworks.

• MSP & Hosting Security: Design and enforce robust security controls for Rightworks’ Managed IT and hosting services, ensuring compliance with industry and national standards and requirements.

• SaaS & Product Security: Support application and public cloud stack security for Rightworks solutions, embedding “security by design,” and supporting DevSecOps cultural transformation.

• Cloud Security Architecture: Ensure secure architecture around integration between public cloud, private cloud, and IT systems.

• Champion and govern identity and access management (IAM), encryption standards, zero-trust frameworks, and secure DevOps practices.

• Lead efforts to harden APIs, integrations, and third-party connectors through audit and testing Rightworks technology systems.

• Customer & Industry Engagement: Act as the company’s external security authority, engaging with customers, partners, and industry groups to represent Rightworks as a thought leader in cybersecurity for accounting professionals.

• Partner with Sales and Customer Success to reassure large enterprises and key customers about data protection and continuity of service. Be a strong voice at the table on behalf of Rightworks with our customers. Lead and listen, bringing industry perspective and expertise to the table.

• Partner with product engineering, infrastructure, and operations teams to integrate security practices into development pipelines. Identify areas of opportunity for our organization to improve.

• Governance, Risk & Compliance (GRC): Establish and lead the company’s GRC programs, policies, and risk management frameworks. Ensure adherence to applicable regulations and certifications.

• Security Incident Response & Resilience: Build and maintain robust security incident detection, response, and recovery plans; lead post-mortem analyses and continuous improvement initiatives.

• Security Operations & Monitoring: Oversee 24/7 security operations, including threat intelligence, vulnerability management, and monitoring of cloud and MSP environments.

• Lead Operations of Security Products and Systems: Oversee implementation of customer facing security solutions, including endpoint management and office management.

• Team Leadership: Build and mentor a high-performing security team, developing leadership capacity and instilling a culture of proactive risk management. Engage as a senior leader in our organization, mentoring engineering and infrastructure leaders, and contributing to enterprise architecture strategy.

Requirements:

• Proven leadership experience as a CISO, VP Security, or senior security executive within a SaaS, MSP, or cloud-hosting environment at scale. Added plus if provided solutions to accounting organizations, departments, and functions.

• Demonstrated expertise in:

• Cloud Security (Azure, AWS, multi-tenant environments).

• MSP security models (endpoints, networks, client environments).

• SaaS product security, including secure Software Development Life Cycle and DevSecOps practices.

• Experience engaging directly with customers and serving as a trusted external voice on cybersecurity topics.

• Track record of developing and implementing incident response and risk management programs.

• Ability to balance strategic security leadership with hands-on operational oversight.

• Experience in private equity-backed companies or demonstrated ability to operate in such an environment preferred. This includes being entrepreneurial, metric-driven, and skilled at managing budgets, top-line revenue, and bottom-line profitability.

• Strong leadership, mentoring, and executive succession potential.

• Executive presence with excellent communication, presentation, and board-level reporting skills. Excellent communication and presentation skills, both written and verbal. Possesses a command for communicating complex ideas into simple and understandable concepts.

• Strong leadership and interpersonal skills to help build relationships and effective teams. Ability to work across organizational lines, command respect, and influence. Demonstrated success partnering and collaborating internally and externally with executive level management and with all functions of an organization.

• Proven success in creating and leading geographically dispersed teams. Successful track record of recruiting and fielding an "A" team through hiring and internal development programs.

• Preferred education, yet relevant experience is most crucial: Bachelor's degree in computer science, Information Systems, or related field preferred.

• Security certifications are highly desirable: (e.g. Certified Information Systems Security Professional, Certified Information Security Manager, Certified Information Systems Auditor, and Certified Cloud Security Professional).

Personal Characteristics:

• Entrepreneurial and growth-oriented mindset.

• Metrics driven with financial acumen and budget discipline.

• Strong executive presence with the ability to engage customers and industry peers.

• Results-driven, with a passion for measurable security outcomes.

• Collaborative leader, able to build trust across engineering, operations, and executive teams.

• High integrity and commitment to customer trust.

• Innovative and intellectually curious, staying ahead of emerging threats and technologies.

Eligibility Requirements:

• This role is open to US Citizens or permanent residents authorized to work in the United States. Rightworks LLC is unable to offer visa sponsorship.

• Due to specific state regulations, we are unable to accept applications from residents of California, Hawaii, or Alaska.

• Relocation will not be offered for this position.

Benefits:

To provide best-in-class solutions, we need a best-in-class team. We offer competitive salaries to recruit the best talent. We provide company-paid short and long-term disability insurance, life insurance and a generous 401K match. We offer highly affordable medical, dental, vision coverage, and many other valuable benefits. We offer flexible PTO, and numerous paid holidays, affording you the time to be there for what is important in your life. We encourage giving back to our communities by providing paid volunteer time off. We are proud to be an Equal Opportunity Employer!

This job description may not be inclusive of all assigned duties, responsibilities, or aspects of the job described, and may be amended at any time at the sole discretion of the employer.

Powered by JazzHR

At3Q7y6Pr5