CISO & Head of IT

Bringg is seeking a senior, hands-on CISO & Head of IT to act as the company’s in-house authority for IT operations and information security. This role owns IT and Information Security e2e for Bringg as core business functions:
setting direction, making structural and vendor decisions, and defining what "good" looks like, while also answering questions in real time, exercising sound judgment, and taking ownership when issues arise.
This is a highly visible leadership role focused on judgment, ownership, and practical execution.

Key Responsibilities

Information Security & Risk

• Build and maintain a pragmatic information security and IT risk management program aligned with business priorities.
• Lead security risk assessments and drive remediation in partnership with engineering, IT, and business teams.
• Define and maintain security policies, standards, and secure-by-design practices in collaboration with our Product House organization.
• Promote security awareness and accountability across the company, including ownership of employee security training programs. 

IT Ownership

• Own Bringg’s internal IT environment, including identity and access management (e.g., Okta), Google Workspace, endpoints, and core SaaS tools.
• Ensure smooth employee onboarding and offboarding.
• Act as a point of escalation for IT issues and access problems.
• Manage external IT service providers and helpdesk vendors, including SLAs and escalation.

Security Operations

• Own the overall effectiveness of security monitoring, detection, and response.
• Design and maintain preventive controls, processes, and readiness measures to reduce the likelihood and impact of data security incidents.
• Ensure vulnerabilities, findings, and incidents are identified, prioritized, and addressed.
• Lead preparation for security incidents, including incident response planning, tabletop exercises, and coordination with Legal, Product House, and external partners.
• Stay current on emerging threats and translate them into practical, risk-based improvements for the business.

Audits, Customers & Vendors

• Lead security audits and certifications (e.g., SOC 2, ISO 27001) and serve as the primary contact for auditors.
• Personally own customer security questionnaires and security discussions.
• Partner closely with Legal on privacy, regulatory, and contractual security matters.
• Oversee the IT and security budget and manage relevant vendors and advisors.

Experience & Qualifications

• 8+ years of experience across IT operations and information security, preferably in a SaaS or cloud environment.
• Hands-on experience with enterprise IT systems (e.g., Google Workspace, Okta) and security governance frameworks (SOC 2, ISO 27001).
• Experience supporting audits, certifications, and customer security requirements.
• Ability to manage vendors and drive outcomes through others.
• Strong communication skills and sound judgment in balancing risk, speed, and practicality.
• Security certifications (e.g., CISSP, CISM) are a plus, not a requirement.
• Full professional proficiency in English is required.

How This Role Works

• You are a visible and trusted partner to the business on IT and security matters, bringing context, judgment, and practical perspective.
• You are responsible for designing and running an IT and security operating model that is resilient, accountable, and provides excellent service to the business.
• You decide how work is structured, where external support makes sense, and how vendors and tools are combined to form a robust, reliable IT and security function.
• While you are deeply knowledgeable and hands-on when needed, success is measured by clarity, responsiveness, and resilient systems, not heroics.

Why This Role Matters

This role sits at the intersection of employee experience, operational resilience, and customer trust. You will be trusted to make decisions, protect the company and its customers, and build systems that scale, while remaining a visible and approachable partner to the business.