Chief Information Security Officer (CISO)

San FranciscoFull Timeexecutive

SecurityOtherInformation Security Officer

0 views0 saves0 applied

Apply Now

Quick Summary

Overview

About Lumafield: Lumafield was founded in 2019 to upgrade manufacturing. We are engineers with deep experience across the product development cycle, from initial ideas to shipping hardware,

Technical Tools

SecurityOtherInformation Security Officer

About Lumafield:

Lumafield was founded in 2019 to upgrade manufacturing.

We are engineers with deep experience across the product development cycle, from initial ideas to shipping hardware, across industries and specializations, who became frustrated by the cost and complexity of modern manufacturing. So we decided to upgrade it.

Engineers make million-dollar decisions every day, and they need tools that give them the greatest possible insight into their products. By offering unprecedented visibility into products, as well as AI-driven tools that highlight problems and generate quantitative data, Lumafield promises to revolutionize the way complex products are created, manufactured, and used across industries. We started with industrial CT scanning, which for us was the most valuable but underutilized tool in the manufacturing toolbox, enabling us to rapidly inspect essential components non-destructively.

We rebuilt the whole system, from X-ray capture, to computer vision analysis, to web-based collaboration, to the entire business model, making the most advanced manufacturing tech more accessible to every industry. Our company, like our platform, is designed for upgrades. We’re building for greater intelligence, autonomy, and speed. For deeper vision, operational excellence, and powerful insights. And then we'll upgrade it all again.

Lumafield is headquartered in Cambridge, MA, and has an office in San Francisco, CA.

About the role:

As CISO, you will own Lumafield's security function end-to-end—from cloud infrastructure and product security to customer data protection and regulatory compliance. This is a rare opportunity to define security culture and architecture at a high-growth company whose customers share some of the most sensitive intellectual property in the world: proprietary product designs, internal manufacturing processes, and competitive R&D data.

You will report directly to the CEO, and partner closely with Engineering, Product, Operations, and Sales to make sure security enables the business rather than slows it down.

Define and execute Lumafield's multi-year information security strategy, aligning it with business objectives and customer trust requirements

Own security architecture for Voyager, our cloud-based CT analysis platform, including data storage, access controls, API security, and multi-tenant isolation

Embed security into the SDLC by partnering with Engineering and DevOps on threat modeling, secure code review, vulnerability management, and penetration testing

Extend security best practices to Lumafield's hardware products and firmware, including the Neptune and Triton scanner families

Lead and maintain compliance certifications (SOC 2 Type II, ISO 27001) and oversee ongoing adherence to ITAR/EAR requirements across our export-controlled facility and customer engagements

Be an integral part of our enterprise sales process — handle security questionnaires, support complex sales cycles, and build trust with InfoSec teams at major manufacturers

Build and continuously test Lumafield's incident response plan; own the enterprise risk register and manage third-party vendor risk

Champion a security-first culture through training, clear policies, and acting as a pragmatic advisor to business stakeholders

10+ years of progressive experience in information security, with at least 3 years in a senior leadership role (CISO, VP of Security, or equivalent)

Demonstrated success building or significantly maturing a security program at a high-growth technology company

Deep expertise in cloud security, particularly AWS, including IAM, network security, data encryption, and cloud-native security tooling

Strong working knowledge of compliance frameworks: SOC 2, ISO 27001, CMMC, FEDRAMP, and ITAR/EAR

Track record of leading incident response for significant security events

Excellent communicator — able to translate complex security risk into clear business terms for the leadership team, customers, and cross-functional partners

Experience managing security in enterprise sales cycles, including responding to customer security questionnaires and participating in procurement reviews

Background in industrial technology, hardware/IoT security, or manufacturing sectors

Experience with medical device, aerospace, or defense industry compliance requirements

Prior experience as a first or early CISO, comfortable operating with both strategic vision and hands-on execution

Relevant certifications: CISSP, CISM, CCSP, or equivalent