Chief Information Security Officer (CISO)

Baker Tilly is a leading advisory, tax and assurance firm, providing clients with a genuine coast-to-coast and global advantage in major regions of the U.S. and in many of the world’s leading financial centers – New York, London, San Francisco, Los Angeles, Chicago and Boston. Baker Tilly Advisory Group, LP and Baker Tilly US, LLP (Baker Tilly) provide professional services through an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable laws, regulations and professional standards. Baker Tilly US, LLP is a licensed independent CPA firm that provides attest services to its clients. Baker Tilly Advisory Group, LP and its subsidiary entities provide tax and business advisory services to their clients. Baker Tilly Advisory Group, LP and its subsidiary entities are not licensed CPA firms.

Baker Tilly Advisory Group, LP and Baker Tilly US, LLP, trading as Baker Tilly, are independent members of Baker Tilly International, a worldwide network of independent accounting and business advisory firms in 141 territories, with 43,000 professionals and a combined worldwide revenue of $5.2 billion. Visit bakertilly.com or join the conversation on LinkedIn, Facebook and Instagram.  

Please discuss the work location status with your Baker Tilly talent acquisition professional to understand the requirements for an opportunity you are exploring.

Baker Tilly is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability or protected veteran status, gender identity, sexual orientation, or any other legally protected basis, in accordance with applicable federal, state or local law.

Any unsolicited resumes submitted through our website or to Baker Tilly Advisory Group, LP, employee e-mail accounts are considered property of Baker Tilly Advisory Group, LP, and are not subject to payment of agency fees. In order to be an authorized recruitment agency ("search firm") for Baker Tilly Advisory Group, LP, there must be a formal written agreement in place and the agency must be invited, by Baker Tilly's Talent Attraction team, to submit candidates for review via our applicant tracking system.

Are you a driven individual passionate about developing and implementing an enterprise-wide cybersecurity strategy?

Do you enjoy leading an information security function and working with entrepreneurial team? If yes, consider joining Baker Tilly as our Chief Information Security Officer (CISO). Baker Tilly is growing, and this newly created role will be part of our "C" level team and have a seat at the table working with many key stakeholders. Our Chief Information Security Officer (CISO) will develop and implement an enterprise-wide cybersecurity strategy, protecting the organization’s digital assets, intellectual property, and sensitive information. The CISO leads the information security function, assesses and manages cybersecurity risks, and ensures compliance with regulatory and industry standards. This role requires a forward-thinking leader who can balance the technical, strategic, and operational aspects of information security while aligning security initiatives with business goals.

Key Competencies this individual will possess include:

• Leadership and strategic thinking.

• Crisis management leadership skills.

• Strong risk assessment and mitigation skills.

• Ability to align security initiatives with business goals.

• Problem-solving and decision-making under pressure.

• Exceptional interpersonal, communication and collaboration skills.

Key Responsibilities include:

• Strategic Leadership:

  • Develop, implement, and maintain a comprehensive cybersecurity strategy that supports business objectives and reduces risk across the organization.

  • Serve as the executive leader responsible for information security, guiding senior leadership on cybersecurity issues, governance, and risk management.

  • Lead the security incident response program, including planning, detection, response, and recovery to cyber threats.

• Risk Management & Compliance:

  • Identify, assess, and mitigate security risks to the organization’s information systems and data.

  • Lead the cybersecurity operations committee, providing the Chief Risk Officer and Chief Executive Officer with input into the enterprise risk management process.

  • Inform the risk committee and board of directors, as appropriate, on cybersecurity risks, initiatives and material incidents.

  • Measure and maintain compliance with relevant regulations, standards, and legal requirements (e.g., GDPR, HIPAA, SOX, PCI-DSS).

  • Collaborate with legal, privacy, audit, information technology, compliance and other teams to ensure alignment between security practices, regulatory expectations and risk tolerance.

• Security Operations:

  • Oversee the day-to-day operations of the information security team, including monitoring, threat intelligence, incident response, and vulnerability management.

  • Ensure the continuous improvement of security tools, technologies, and processes.

  • Manage and oversee risk assessments, penetration testing, red teaming and audits to validate the organization’s security posture.

• Security Architecture & Design:                                         

  • Collaborate with IT and engineering teams to integrate security into all system designs, architectures, and software development lifecycles.

  • Ensure that security solutions align with the organization’s technical architecture, and emerging threats are proactively addressed.

• Team Leadership & Development:

  • Build and lead a high-performing information security team, fostering a culture of accountability, transparency, and innovation.

  • Provide mentorship and guidance to the security team, helping them develop technical expertise and leadership skills.

• Stakeholder Communication:

  • Act as the spokesperson for cybersecurity within the organization, ensuring clear communication with executive leadership, the board of directors, and employees.

  • Educate and raise awareness about security risks, policies, and practices across the organization.

  • Engage with external partners, vendors, and regulators on security matters.

• Vendor & Technology Management:

  • Select and manage security technology vendors and third-party service providers.

  • Evaluate emerging technologies and their relevance to the organization’s security needs.

Skills & Qualifications:

• Bachelor’s degree with a preferred emphasis in information technology, computer science, cybersecurity, privacy or related field.

• 10+ years of experience in cybersecurity, including at least 3 years as a chief information security officer.

• Strong understanding of risk management, cybersecurity governance, and regulatory compliance.

• Proven experience with incident response, disaster recovery, and business continuity planning. Prior experience leading an organization through a significant security incident and associated recovery.

• Expertise in security technologies, including cloud, data security, monitoring, and identity/access management.

• Excellent communication and presentation skills, with the ability to convey complex security issues to non-technical stakeholders. Significant experience working with business leaders and board directors on cybersecurity matters.

• Must be willing to travel up to 25 - 50% percent as needed to our offices and meet with key stakeholders, and work outside of core-business hours as needed