Remote (Global)

Trella Health is hiring a Fractional Chief Information Security Officer (CISO)

About the Role

Linus Health is seeking an experienced Fractional Chief Information Security Officer (CISO) to provide hands-on security leadership as we evolve our security function to support continued growth and European expansion. This is a permanent fractional engagement reporting directly to the CTO.

What You'll Do

Develop and own the Information Security strategy aligned with business objectives and European expansion plans.
Maintain and continuously improve the Information Security Management System (ISMS).
Create, review, and maintain core security policies, standards, and procedures.
Establish and chair a cross-functional Security Working Group.
Build and present a multi-year security roadmap with clear milestones, resource requirements, and priorities.
Serve as the central authority on risk assessment, risk treatment, and risk acceptance decisions.
Assess and provide guidance on secure AI adoption across the organisation.
Maintain ISO 27001 certification and prepare for the 2027 recertification audit.
Lead SOC 2 Type II readiness programme (target: 2026-2027), including gap analysis and control mapping.
Ensure compliance with GDPR and data protection requirements across multiple global jurisdictions.
Collaborate with external DPO support provider on privacy-related matters and customer security questionnaires.
Provide security oversight across Azure, AWS, and Google Workspace environments.
Conduct access reviews and advise on identity and access management best practices.
Evaluate and guide implementation of security tooling (SIEM, vulnerability management, endpoint protection).
Oversee VMware Workspace ONE MDM deployment and device security policies.
Advise engineering teams on secure SDLC practices, DevSecOps integration, and application security principles.
Develop and maintain incident response plans and procedures.
Lead incident response tabletop exercises and post-incident reviews.
Provide guidance on business continuity and disaster recovery planning.
Advise on vendor security assessments and third-party risk management.
Design and deliver company-wide security awareness training programmes.
Mentor and upskill internal staff on security best practices.
Foster a security-first culture across all departments.
Act as a trusted advisor to leadership on emerging threats and security trends.
Report regularly to the CTO on security posture, risks, and programme progress.
Prepare board-level security presentations as required.
Support commercial teams by contributing to customer security discussions when escalated.

What We're Looking For

8+ years of progressive experience in information security.
At least 3 years in a CISO, Head of Security, or senior security leadership role.
Demonstrated experience in B2B SaaS environments, ideally in fintech, finance software, or similarly regulated industries.
Proven track record of achieving and maintaining ISO 27001 certification.
Experience preparing organisations for SOC 2 Type II certification.
Hands-on experience securing cloud environments (Azure and/or AWS required).
Experience with Google Workspace security configuration and administration.
Background working with distributed, remote-first engineering teams.
Strong understanding of cloud security architecture, identity management, and zero-trust principles.
Familiarity with secure software development lifecycle (SDLC) and DevSecOps practices.
Knowledge of MDM solutions.
Understanding of API security and integration risk management.
Practical experience with security tooling: SIEM, vulnerability scanners, endpoint protection, etc.
Deep knowledge of ISO 27001:2022 requirements and audit processes.
Familiarity with SOC 2 Trust Service Criteria (Security, Availability, Confidentiality, Privacy).
Understanding of GDPR, UK Data Protection Act, and international data transfer mechanisms.
Awareness of regional requirements across EU, UK, US, Australia, New Zealand, Canada, and South Africa.

Nice to Have

GCP experience a plus.
VMware Workspace ONE experience preferred.
Awareness of AI/ML security risks, including secure AI adoption practices and emerging AI governance frameworks.

Technical Stack

Cloud: Azure, AWS, Google Workspace
MDM: VMware Workspace ONE
Security Tooling: SIEM, Vulnerability Management, Endpoint Protection

Team & Environment

This role reports directly to the CTO.

Benefits & Compensation

26 days paid time off
1 additional day off for your Birthday
Remote office assistance
Service years recognition financial reward

Work Mode

This is a global role.

Required Skills

Cybersecurity StrategyRisk ManagementComplianceIncident ResponseSecurity ArchitectureAzureAWSSIEMVulnerability ManagementEndpoint ProtectionGoogle WorkspaceVMware Workspace ONESecurity FrameworksTeam LeadershipVendor Management

Invoicing holding you back?

Focus on work, not paperwork

Stop worrying about invoicing, taxes, and compliance. Glopay handles the business setup, you handle the client work. Get paid faster and look professional.

Auto-generated compliant invoices

Built-in expense management

Income reports for tax season

95% of earnings stay with you

Try Glopay free

No credit card needed

About company

Trella Health provides unmatched, actionable market intelligence to post-acute care and value-based care providers of all sizes. Our industry leading analytics paired with CRM and EHR integration workflows positions us as the most advanced sales enablement platform for the post-acute care market.

Visit website

Job Details

Category security

Posted 3 months ago