Chief Information Security Officer (CISO)

About Lumafield: Lumafield was founded in 2019 to upgrade manufacturing. We are engineers with deep experience across the product development cycle, from initial ideas to shipping hardware, across industries and specializations, who became frustrated by the cost and complexity of modern manufacturing. So we decided to upgrade it. Engineers make million-dollar decisions every day, and they need tools that give them the greatest possible insight into their products. By offering unprecedented visibility into products, as well as AI-driven tools that highlight problems and generate quantitative data, Lumafield promises to revolutionize the way complex products are created, manufactured, and used across industries. We started with industrial CT scanning, which for us was the most valuable but underutilized tool in the manufacturing toolbox, enabling us to rapidly inspect essential components non-destructively. We rebuilt the whole system, from X-ray capture, to computer vision analysis, to web-based collaboration, to the entire business model, making the most advanced manufacturing tech more accessible to every industry. Our company, like our platform, is designed for upgrades. We’re building for greater intelligence, autonomy, and speed. For deeper vision, operational excellence, and powerful insights. And then we'll upgrade it all again. Lumafield is headquartered in Cambridge, MA, and has an office in San Francisco, CA. About the role: As CISO, you will own Lumafield's security function end-to-end—from cloud infrastructure and product security to customer data protection and regulatory compliance. This is a rare opportunity to define security culture and architecture at a high-growth company whose customers share some of the most sensitive intellectual property in the world: proprietary product designs, internal manufacturing processes, and competitive R&D data. You will report directly to the CEO, and partner closely with Engineering, Product, Operations, and Sales to make sure security enables the business rather than slows it down. Lumafield offers both competitive cash and equity compensation, as well as a health & wellness stipend, 401k, parental leave, flexible PTO, commuter benefits, company wide events and more! Lumafield is committed to building a team that represents a variety of backgrounds, perspectives, and skills, because the more inclusive we are, the better our work will be. Do you feel like your skills don’t meet every single requirement listed? We encourage you to apply anyway – If you’re excited about our technology, the opportunity, and are eager to learn more we’d love to hear from you! In keeping with our beliefs and goals, no employee or applicant will face discrimination or harassment based on: race, color, ancestry, national origin, religion, age, gender, marital domestic partner status, sexual orientation, gender identity, disability, genetic information or veteran status. Reach out if you want to be a part of what we are building. What you'll do: Define and execute Lumafield's multi-year information security strategy, aligning it with business objectives and customer trust requirements Own security architecture for Voyager, our cloud-based CT analysis platform, including data storage, access controls, API security, and multi-tenant isolation Embed security into the SDLC by partnering with Engineering and DevOps on threat modeling, secure code review, vulnerability management, and penetration testing Extend security best practices to Lumafield's hardware products and firmware, including the Neptune and Triton scanner families Lead and maintain compliance certifications (SOC 2 Type II, ISO 27001) and oversee ongoing adherence to ITAR/EAR requirements across our export-controlled facility and customer engagements Be an integral part of our enterprise sales process — handle security questionnaires, support complex sales cycles, and build trust with InfoSec teams at major manufacturers Build and continuously test Lumafield's incident response plan; own the enterprise risk register and manage third-party vendor risk Champion a security-first culture through training, clear policies, and acting as a pragmatic advisor to business stakeholders About you: 10+ years of progressive experience in information security, with at least 3 years in a senior leadership role (CISO, VP of Security, or equivalent) Demonstrated success building or significantly maturing a security program at a high-growth technology company Deep expertise in cloud security, particularly AWS, including IAM, network security, data encryption, and cloud-native security tooling Strong working knowledge of compliance frameworks: SOC 2, ISO 27001, CMMC, FEDRAMP, and ITAR/EAR Track record of leading incident response for significant security events Excellent communicator — able to translate complex security risk into clear business terms for the leadership team, customers, and cross-functional partners Experience managing security in enterprise sales cycles, including responding to customer security questionnaires and participating in procurement reviews Bonus points: Background in industrial technology, hardware/IoT security, or manufacturing sectors Experience with medical device, aerospace, or defense industry compliance requirements Prior experience as a first or early CISO, comfortable operating with both strategic vision and hands-on execution Relevant certifications: CISSP, CISM, CCSP, or equivalent

{
  "content_hash": "7b57f19fd830570a915eb42ff5293ad107bb13a7e55c910f6dc284ab0d89487f",
  "source_hash": "bf984adcddca0f13fce3a01d41e0d032c06fae3c4bb233f2b72009fe2aeb6c9e",
  "last_changed_at": "2026-05-29T07:08:19.095Z",
  "active_status": "active"
}

{
  "language": "en",
  "location": {
    "raw": "San Francisco, CA",
    "city": "San Francisco",
    "region": "CA",
    "country": "United States",
    "is_remote": false,
    "confidence": 0.9
  },
  "salary_max": 220000,
  "salary_min": 180000,
  "inferred_at": "2026-06-06T19:44:26.464Z",
  "launch_scope": {
    "reason": "english_us_canada",
    "included": true,
    "language": "en",
    "location": {
      "raw": "San Francisco, CA",
      "city": "San Francisco",
      "region": "CA",
      "country": "United States",
      "is_remote": false,
      "confidence": 0.9
    },
    "countries": [
      "United States"
    ]
  },
  "remote_policy": null,
  "salary_period": "year",
  "workplace_type": "on_site",
  "salary_currency": "USD"
}

{}

{
  "lists": [
    {
      "text": "What you'll do: ",
      "content": "\n<li>Define and execute Lumafield's multi-year information security strategy, aligning it with business objectives and customer trust requirements</li>\n<li>Own security architecture for Voyager, our cloud-based CT analysis platform, including data storage, access controls, API security, and multi-tenant isolation</li>\n<li>Embed security into the SDLC by partnering with Engineering and DevOps on threat modeling, secure code review, vulnerability management, and penetration testing</li>\n<li>Extend security best practices to Lumafield's hardware products and firmware, including the Neptune and Triton scanner families</li>\n<li>Lead and maintain compliance certifications (SOC 2 Type II, ISO 27001) and oversee ongoing adherence to ITAR/EAR requirements across our export-controlled facility and customer engagements</li>\n<li>Be an integral part of our enterprise sales process — handle security questionnaires, support complex sales cycles, and build trust with InfoSec teams at major manufacturers</li>\n<li>&nbsp;Build and continuously test Lumafield's incident response plan; own the enterprise risk register and manage third-party vendor risk</li>\n<li>Champion a security-first culture through training, clear policies, and acting as a pragmatic advisor to business stakeholders</li>\n"
    },
    {
      "text": "About you: ",
      "content": "\n<li>10+ years of progressive experience in information security, with at least 3 years in a senior leadership role (CISO, VP of Security, or equivalent)</li>\n<li>Demonstrated success building or significantly maturing a security program at a high-growth technology company</li>\n<li>Deep expertise in cloud security, particularly AWS, including IAM, network security, data encryption, and cloud-native security tooling</li>\n<li>Strong working knowledge of compliance frameworks: SOC 2, ISO 27001, CMMC, FEDRAMP, and ITAR/EAR</li>\n<li>Track record of leading incident response for significant security events</li>\n<li>Excellent communicator — able to translate complex security risk into clear business terms for the leadership team, customers, and cross-functional partners</li>\n<li>Experience managing security in enterprise sales cycles, including responding to customer security questionnaires and participating in procurement reviews</li>\n"
    },
    {
      "text": "Bonus points: ",
      "content": "\n<li>Background in industrial technology, hardware/IoT security, or manufacturing sectors</li>\n<li>Experience with medical device, aerospace, or defense industry compliance requirements</li>\n<li>Prior experience as a first or early CISO, comfortable operating with both strategic vision and hands-on execution</li>\n<li>Relevant certifications: CISSP, CISM, CCSP, or equivalent</li>\n"
    }
  ],
  "country": "US",
  "createdAt": 1775225541253,
  "updatedAt": null,
  "categories": {
    "team": "Engineering",
    "location": "San Francisco, CA",
    "commitment": "Full Time",
    "department": "Engineering",
    "allLocations": [
      "San Francisco, CA"
    ]
  },
  "salaryRange": {
    "max": 220000,
    "min": 180000,
    "currency": "USD",
    "interval": "per-year-salary"
  },
  "workplaceType": "onsite"
}