Chief Information Security Officer (CISO)

Chief Information Security Officer (CISO)Illumia | A Roper Technologies Portfolio CompanyRemote-FriendlyAbout IllumiaIllumia empowers education, healthcare, and corporate enterprises with secure, intelligent technology that streamlines operations and enriches experiences for everyone they serve. Formed by the merger of Transact and CBORD, Illumia is a portfolio company of Roper Technologies (NYSE: ROP) serving more than 1,750 client institutions across higher education, healthcare, corporate, and senior living markets.Illumia serves over 12 million students, facilitates over $58 billion in transactions annually, and connects more than 1,100 colleges and universities through over 300 technology and integration partners. We operate across three business units - Campus ID and Commerce, Integrated Payments, and Healthcare - with a portfolio spanning campus identity and access, commerce and payments, food and nutrition management, and data analytics. As a registered partner and ISO of Elavon (U.S. Bancorp), Illumia operates at the intersection of institutional technology and regulated financial services.Our values are Authenticity, Responsibility, Passion, and Excellence. At Illumia, we believe diverse perspectives make us stronger as a team and as a technology partner. We are committed to building an inclusive workplace where people of all backgrounds feel valued, respected, and empowered to do their best work.Position SummaryThe CISO is a senior technology leader responsible for Illumia's enterprise-wide information security strategy, program, and culture. Reporting to the CTO, this role serves as the company's top security leader - translating cyber risk into business language, protecting customer and institutional data, enabling compliant product growth, and building a world-class security organization.This is both a transformation and leadership role. The CISO will unify two legacy security programs (Transact and CBORD) into a single, cohesive operating model while maintaining continuous compliance and operational readiness. The ideal candidate thrives in complex, multi-product SaaS environments, understands how security is evolving in an AI-first world, and can operate confidently in the boardroom while remaining deeply trusted by engineering and product teams.Security ProgramIllumia follows NIST's cybersecurity framework and maintains a public Security and Trust Center (trustcenter.illumiatech.com). Current certifications and compliance posture include:SOC 2 Type I and Type II (including SOC 2+ HITRUST Type II for healthcare products)PCI DSS v4.0.1 across multiple product lines; listed on Visa's Global Registry of Service ProvidersTX-RAMP and GovRAMP authorizationsHIPAA Security Compliance for healthcare productsThe CISO will inherit this foundation and be expected to evaluate, evolve, and unify it into a single enterprise-class security operation.Key Responsibilities Define and evolve a multi-year enterprise security roadmap across all three business units, aligned to business objectives and risk appetiteServe as primary security advisor to the executive leadership team and primary security liaison to Roper TechnologiesLead the unification of security programs, toolsets, and policies inherited from Transact and CBORDLead Security Operations, GRC, Application Security, and Cloud Security functionsOwn SOC 2, PCI DSS, HITRUST, TX-RAMP, GovRAMP, FERPA, and HIPAA compliance programsSecure SaaS platforms and cloud environments through secure SDLC, vulnerability management, and penetration testing programsPartner with Engineering and Product to embed security by design without impeding delivery velocityEstablish AI security governance to manage AI tool adoption and AI-specific risks across the organizationLead or manage security operations (SIEM, EDR, XDR, threat intelligence) through in-house, MSSP, or hybrid modelsOwn the incident response program and business continuity / disaster recovery testingOversee corporate IT security including endpoint protection, patch management, and identity hygieneEstablish cross-business unit security governance to drive consistency while accommodating domain-specific requirementsRecruit, develop, and retain a high-performing security team; manage external vendors, MSSPs, and auditorsMaintain and evolve the public Security and Trust CenterRequired Experience 12+ years in information security, with 4+ years as CISO, Deputy CISO, or VP of SecurityProven leadership at a B2B SaaS or cloud-native company; experience scaling security through mergers, acquisitions, or platform consolidationDeep expertise in cloud security architecture (AWS, Azure, and/or GCP), secure SDLC, and modern threat detection and responseHands-on leadership of SOC 2 Type II and PCI DSS audits; PCI Level 1 experience strongly valued. HITRUST, GovRAMP, or TX-RAMP experience is a plusExperience with FERPA, HIPAA, or other education and healthcare regulatory frameworksDemonstrated ability to communicate security risk to non-technical executives, boards, and parent company leadershipTrack record building and scaling security teams, including organizational design and vendor managementExperience in a portfolio company or PE-backed environment is a plusEducation and Certifications Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or related field required; Master's or MBA preferredCISSP, CISM, CCSP, CISA, CRISC, or CCISO strongly preferredSecurity Technology ExperienceExperience with modern security platforms across cloud security (Wiz, Prisma Cloud, or equivalent), endpoint/XDR (CrowdStrike, SentinelOne, or equivalent), SIEM/SOAR, identity/IAM, application security (SAST/DAST), GRC automation, and patch management. Familiarity with AI security governance tools and Zero Trust architecture frameworks preferred.Leadership QualitiesWe hire and develop people who are humble, hungry, and smart - and we hold our leaders to the highest standard across all three. Humble: They lack excessive ego or concerns about statusHungry: They are always looking for more - more things to do, more to learn, more responsibility to take onSmart: They have common sense about people, dealing with others in the most effective way, and picking up on the needs and feelings of othersCore Competencies Executive presence with the ability to build trust at the C-suite level, with parent company leadership, and across business unitsStrong business acumen - understands how security decisions impact revenue, customer trust, and institutional relationshipsExceptional communication: able to explain complex security concepts in plain language to diverse audiencesCollaborative leader who can influence without authority and build bridges across security, engineering, product, legal, and salesResilient under pressure with sound judgment in high-stakes incident scenariosComfortable operating in a post-merger environment where ambiguity is high and organizational norms are still being establishedLocationRemote-friendly with regular travel expectations. Illumia's teams are distributed across Atlanta, GA; Phoenix, AZ; Ithaca, NY; and international offices in Australia, Ireland, and India. Quarterly on-site engagement, incident response availability, and participation in Roper Technologies events (including the annual Cyber Summit) are expected.CompensationIllumia offers a competitive executive compensation package including base salary, performance-based incentive, and comprehensive benefits. Compensation will be discussed in detail during the recruitment process and will reflect the scope of the role, individual qualifications, and market data.Equal Opportunity and AccommodationsIllumia is an Equal Opportunity Employer. We do not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, veteran status, genetic information, marital status, or any other characteristic protected by applicable law. We are committed to providing reasonable accommodations to qualified individuals with disabilities throughout the hiring process.