Logo for GovOS

VP, Deputy Chief Information Security Officer (Remote)

Role overview

Qualifications

  • 10+ years in information security
  • At least 4 years managing security teams or functional leads directly
  • Direct experience operating through at least one SOC 2 or SOC 1 audit cycle
  • Experience with FedRAMP or GovRAMP authorization work preferred

Responsibilities

  • Directly manage four functional leads — GRC, AppSec, Cloud/Vulnerability, and SecOps
  • Own the operational roadmap behind SOC 1 and SOC 2
  • Serve as the day-to-day owner of external audit and assessment relationships
  • Act as the escalation point when legacy entities disagree on approach

Key facts

Other skills

  • Team Leadership
  • Communication
  • Problem Solving
  • Decision Making

About the company

GovOS logo

GovOS

GovOS is a leading provider of transaction and compliance software for state and local governments to streamline property, licensing, and tax interactions with businesses and citizens. Headquartered in Austin, Texas, GovOS serves more than 800 government agencies across the United States. With the company’s secure suite of cloud-based solutions, governments can maximize revenue, increase compliance, reduce costs, and meet constituent demand for modern, self-service transaction and payment services.

Company details

Company typeSME
Company size201 - 500

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description


Job Summary:

Neumo is building a unified Information Security program across five lines of business and three legacy environments — Avenu, ITI, and GovOS. The CISO sets strategy and owns the board and executive relationship; the VP, Deputy CISO owns execution. This is a distinct, operational mandate: you run the program day to day, lead the four functional teams, make the working-level calls on tooling and process, and are personally accountable for the roadmap that gets us to SOC 1, SOC 2, PCI DSS, FedRAMP High, and GovRAMP.
 
This role exists because compliance commitments at this scale don't run on strategy alone — they run on someone who manages the leads, resolves the conflicts, and keeps evidence collection, scans, and assessments on schedule across three environments that don't yet operate the same way.


Duties and Responsibilities:

Team Leadership

  • Directly manage the four functional leads — GRC, AppSec, Cloud/Vulnerability, and SecOps — setting priorities, removing blockers, and holding them accountable to delivery.
  • Run the operating cadence for the team: weekly leads sync, sprint/quarter planning, and performance management for direct reports.
  • Build a consistent operating model across the four functions so GRC, AppSec, Cloud/Vuln, and SecOps work from shared priorities rather than in silos.

Cross-Entity Execution

  • Resolve tooling and process decisions at the working level across Avenu, ITI, and GovOS 
  • Own the standardization roadmap that brings three legacy environments onto common tooling, control sets, and operating procedures.
  • Act as the escalation point when legacy entities disagree on approach; make the call and move the work forward.

Compliance Program Operations

  • Own the operational roadmap behind SOC 1 and SOC 2: continuous evidence collection, control owners, and audit readiness ahead of annual audits.
  • Own PCI DSS operations: the annual assessment cycle plus quarterly scan cadence, remediation tracking, and scope management.
  • Drive the FedRAMP High authorization effort and the parallel GovRAMP pursuit — both multi-year, high-cost programs (FedRAMP High alone typically runs 12–24 months and $500K–$1M+) — translating authorization requirements into workstreams, milestones, and owners.
  • Maintain a single rolling roadmap across all frameworks so audit cycles, scan windows, and authorization milestones are sequenced, resourced, and visible — and don't collide.
  • Report program status, risks, and resourcing needs to the CISO with enough detail to support executive and board reporting.

Vendor & Audit Management

  • Serve as the day-to-day owner of external audit and assessment relationships (e.g., compliance advisory firms, QSAs, 3PAOs), keeping evidence requests, timelines, and findings moving.
  • Manage tooling vendors supporting GRC, vulnerability management, and security operations, including renewal and consolidation decisions across the three legacy stacks.


Education and Experience:
 

  • 10+ years in information security, with at least 4 years managing security teams or functional leads directly.
  • Direct experience operating through at least one SOC 2 or SOC 1 audit cycle and one PCI DSS assessment cycle as a control owner or program lead.
  • Experience with FedRAMP or GovRAMP authorization work — control implementation, SSP development, or 3PAO assessment support — strongly preferred.
  • Experience with vulnerability management platforms (e.g., Tenable) and WAF/cloud security tooling a plus


Knowledge, Skills and Abilities: 

  • Track record of standardizing security tooling or process across multiple business units, products, or post-merger environments.
  • Comfortable making and owning tooling/process decisions without escalating every call upward — this role is judged on throughput, not just judgment.
  • Working knowledge of NIST CSF 2.0 and how it maps to GRC, AppSec, Cloud/Vuln, and SecOps functions.


Work Environment:

  • Office setting with a moderate noise level.
  • The employee will work at an individual workstation, using a telephone and computer.


 Physical Demands
:

  • Must be able to remain seated for extended periods.
  • Regular use of a computer and other office machinery, such as printers and copy machines.
  • Occasional movement around the office.
  • Frequent communication via telephone.


Neumo Summary:

With the backing of four decades of public sector expertise and corporate capability, Neumo has successfully supported government services. Neumo was honored and recognized for four (4) consecutive years as a GovTech 100 Company representing the top 100 companies focused on making a difference in and selling to state and local government agencies across the United States.

Neumo is committed to helping communities thrive and brings a wealth of experience combined with innovation. Today, Neumo offers more administrative and financial support to government officials than any other organization. And with a responsive, client-focused approach, we foster partnerships that give our customers the certainty they need to accomplish more.

Neumo offers a competitive benefits and compensation package and are looking for team members who will thrive in our dynamic environment.

Neumo is an Equal Opportunity Employer. Selection for a position will be made without regard to race, religion, national origin, sex, political affiliation, marital status, non-disqualifying physical handicap, and age.

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Chief Information Officer (CIO) Related jobs

Other jobs at GovOS

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.