Chief Information Security Officer

Chief Information Security Officer

Ready to join a team that's all in? At Imprivata, we deliver unified access and security management programs that eliminate friction, empowering healthcare and mission-critical organizations to work smarter, faster, and more securely.

We believe work can be more than a job or task—it's a collective spirit; the type that emboldens creativity, embraces challenge, and fosters excitement. We are constantly raising the bar on what's possible, owning the outcome of our triumphs and trials, staying nimble amidst change, and cultivating an environment where we win together. Here, your ideas matter, your differences are celebrated, and your work drives real results—for your career, your teammates, and our customers.

When you join Imprivata, you embark on a shared journey of ambition and growth. We're committed to building an inclusive workplace where everyone feels valued and supported. If you're looking for a place to match your passion with purpose—and where every day you can make an impact—you'll find it here.

We are seeking a Chief Information Security Officer to join our team. This is a hybrid opportunity based out of our Waltham, MA office.

Imprivata is seeking a strategic and experienced Chief Information Security Officer (CISO) to lead the company's global information security and risk management program. Reporting directly to the Chief Technology Officer, the CISO will be responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.

The CISO will partner with executive leadership, product, engineering, IT, legal, and compliance teams to embed security into all aspects of the business. This leader will balance risk management with business enablement, ensuring the organization meets regulatory requirements while supporting innovation and growth. The ideal candidate brings deep expertise in cybersecurity, risk management, and enterprise SaaS environments, along with strong leadership and communication skills.

Duties and Responsibilities

• Collaborate with executive leadership to define and execute a comprehensive information security strategy aligned with business objectives.
• Establish and maintain an enterprise-wide information security program, including governance, risk management, compliance, and incident response.
• Lead the development and enforcement of security policies, standards, and procedures across the organization.
• Assess and continuously improve the organization's security posture, including application security, cloud security, infrastructure security, and endpoint protection.
• Define and monitor key risk indicators (KRIs) and key performance indicators (KPIs) to measure security effectiveness and maturity.
• Collaborate with product and IT leadership to ensure that secure design principles are embedded in product development and IT systems.
• Lead threat detection, incident response, and recovery efforts, including coordination with internal teams and external partners.
• Drive a culture of security awareness through training and education programs across the organization.
• Partner with legal, compliance, and audit teams to ensure adherence to regulatory requirements (e.g., SOC 2, HIPAA, GDPR, ISO 27001).
• Manage third-party risk programs, including vendor security assessments and ongoing monitoring.
• Work with product and non-product functions to ensure their use of AI aligns with proper security threat and risk protocols.
• Provide regular updates to executive leadership and the Board on security risks, incidents, and program maturity.
• Build, lead, and develop a high-performing information security team.
• Manage the information security budget and prioritize investments based on risk and business impact.
• Stay current with emerging threats, technologies, and industry best practices to continuously evolve the security program.
• Collaborate with product and engineering teams to ensure secure software development lifecycle (SDLC) practices.
• Other duties as assigned and required.

Required Qualifications

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field; Master's degree preferred.
• 12+ years of experience in information security, with at least 5+ years in a senior leadership role.
• Proven experience building and leading enterprise security programs in a SaaS or enterprise software environment.
• Deep knowledge of security frameworks and standards (e.g., NIST, ISO 27001, SOC 2, CIS).
• Strong understanding of cloud security (AWS, Azure, or GCP), application security, and modern security architectures.
• Experience with risk management, compliance, and regulatory requirements relevant to enterprise software companies.
• Experience with AI in corporate environments, including individual usage, the securitization of agents, and AI as a security threat from the outside.
• Demonstrated ability to communicate complex security topics to executive leadership and non-technical stakeholders.
• Strong leadership, team-building, and organizational skills.
• Proven track record of incident response leadership and crisis management.
• Relevant certifications such as CISSP, CISM, CISA, or equivalent strongly preferred.
• Strong business acumen, particularly in aligning security investments with financial and operational priorities.

At Imprivata, we have a top-notch work environment, developmental opportunities, a competitive total rewards package, and the desire to have fun. If you have the skills and qualifications as we have described above, we want to hear from you!

Imprivata provides equal employment opportunities, regardless of race, religion, age, sex, national origin, disability status, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.