Chief Information Security Officer (CISO)

Job Description

Job Description

About Lumafield: 

Lumafield was founded in 2019 to upgrade manufacturing.

We are engineers with deep experience across the product development cycle, from initial ideas to shipping hardware, across industries and specializations, who became frustrated by the cost and complexity of modern manufacturing. So we decided to upgrade it.

Engineers make million-dollar decisions every day, and they need tools that give them the greatest possible insight into their products. By offering unprecedented visibility into products, as well as AI-driven tools that highlight problems and generate quantitative data, Lumafield promises to revolutionize the way complex products are created, manufactured, and used across industries. We started with industrial CT scanning, which for us was the most valuable but underutilized tool in the manufacturing toolbox, enabling us to rapidly inspect essential components non-destructively.

We rebuilt the whole system, from X-ray capture, to computer vision analysis, to web-based collaboration, to the entire business model, making the most advanced manufacturing tech more accessible to every industry. Our company, like our platform, is designed for upgrades. We’re building for greater intelligence, autonomy, and speed. For deeper vision, operational excellence, and powerful insights. And then we'll upgrade it all again.

Lumafield is headquartered in Cambridge, MA, and has an office in San Francisco, CA.

About the role: 

As CISO, you will own Lumafield's security function end-to-end—from cloud infrastructure and product security to customer data protection and regulatory compliance. This is a rare opportunity to define security culture and architecture at a high-growth company whose customers share some of the most sensitive intellectual property in the world: proprietary product designs, internal manufacturing processes, and competitive R&D data.

You will report directly to the CEO, and partner closely with Engineering, Product, Operations, and Sales to make sure security enables the business rather than slows it down.

• Define and execute Lumafield's multi-year information security strategy, aligning it with business objectives and customer trust requirements
• Own security architecture for Voyager, our cloud-based CT analysis platform, including data storage, access controls, API security, and multi-tenant isolation
• Embed security into the SDLC by partnering with Engineering and DevOps on threat modeling, secure code review, vulnerability management, and penetration testing
• Extend security best practices to Lumafield's hardware products and firmware, including the Neptune and Triton scanner families
• Lead and maintain compliance certifications (SOC 2 Type II, ISO 27001) and oversee ongoing adherence to ITAR/EAR requirements across our export-controlled facility and customer engagements
• Be an integral part of our enterprise sales process — handle security questionnaires, support complex sales cycles, and build trust with InfoSec teams at major manufacturers
• Build and continuously test Lumafield's incident response plan; own the enterprise risk register and manage third-party vendor risk
• Champion a security-first culture through training, clear policies, and acting as a pragmatic advisor to business stakeholders

• 10+ years of progressive experience in information security, with at least 3 years in a senior leadership role (CISO, VP of Security, or equivalent)
• Demonstrated success building or significantly maturing a security program at a high-growth technology company
• Deep expertise in cloud security, particularly AWS, including IAM, network security, data encryption, and cloud-native security tooling
• Strong working knowledge of compliance frameworks: SOC 2, ISO 27001, CMMC, FEDRAMP, and ITAR/EAR
• Track record of leading incident response for significant security events
• Excellent communicator — able to translate complex security risk into clear business terms for the leadership team, customers, and cross-functional partners
• Experience managing security in enterprise sales cycles, including responding to customer security questionnaires and participating in procurement reviews

• Background in industrial technology, hardware/IoT security, or manufacturing sectors
• Experience with medical device, aerospace, or defense industry compliance requirements
• Prior experience as a first or early CISO, comfortable operating with both strategic vision and hands-on execution
• Relevant certifications: CISSP, CISM, CCSP, or equivalent

Lumafield offers both competitive cash and equity compensation, as well as a health & wellness stipend, 401k, parental leave, flexible PTO, commuter benefits, company wide events and more! 

Lumafield is committed to building a team that represents a variety of backgrounds, perspectives, and skills, because the more inclusive we are, the better our work will be. Do you feel like your skills don’t meet every single requirement listed? We encourage you to apply anyway – If you’re excited about our technology, the opportunity, and are eager to learn more we’d love to hear from you!  

In keeping with our beliefs and goals, no employee or applicant will face discrimination or harassment based on: race, color, ancestry, national origin, religion, age, gender, marital domestic partner status, sexual orientation, gender identity, disability, genetic information or veteran status. 

Reach out if you want to be a part of what we are building.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses and identifying potential inconsistencies or verification signals in application materials based on available information. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.