Chief Information Security Officer
Urbancompass · New York City · Posted Jul 2, 2026
Apply on company site Track it in JobSkout
At Compass, our mission is to help everyone find their place in the world. Founded in 2012, we’re revolutionizing the real estate industry with our end-to-end platform that empowers residential real estate agents to deliver exceptional service to seller and buyer clients.
Role Executive Summary
Compass International Holdings is seeking a seasoned Chief Information Security Officer to own and evolve the enterprise security program.
This is an executive highly technical role at the intersection of security strategy, technology, and business — responsible for protecting Compass's platform, its agents, buyers, sellers, and the sensitive financial and personal data that flows through every transaction.
The CISO will report directly to the CTO and serve as the company's foremost authority on information security, risk management, and compliance. This leader will partner across Engineering, Product, Legal, and Finance to embed security into the DNA of how Compass builds and operates.
You will lead a distributed team of security professionals across multiple time zones to support the organization, our customers, and partners. Your day to day includes mentor and sponsorship, assessment on security and risk management from technical implementations to strategic road maps, and drive key initiatives for Enterprise Technology, Security, and Compliance.
Engineering @ Compass International Holdings
Compass is building the first modern end-to-end real estate platform by integrating agents, buyers and sellers through technology. As one of the fastest growing technology companies of our generation, in an industry larger than any other, we have an opportunity and obligation to build a world-class security team to secure the operating platform that will transform real estate.
What You'll Own
Design and drive a comprehensive, enterprise-wide information security and risk management program — covering integrity, confidentiality, and availability of all data owned, processed, or controlled by Compass and its affiliates, including Title Escrow, Brokerage, and Technology platforms
Lead all critical security domains: incident response, application security, threat intelligence, monitoring and detection, security engineering, information governance, and product security
Establish and maintain SOX-compliant internal controls and ensure ongoing CPRA compliance, with direct accountability to audit and regulatory requirements
Build and continuously mature a distributed team of security professionals, including performance management, succession planning, and organizational development
Serve as the primary security voice to the Board, executive leadership, regulators, investment partners, and external customers — including public defense of the company's security posture when required
Define the security roadmap and operating model for a company that spans agents, buyers, sellers, and technology platforms across the full real estate transaction lifecycle
Partner closely with Engineering and Product to ensure all applications and services are built on secure-by-default principles across people, processes, and technology
Strengthen third-party and vendor security controls as Compass scales its ecosystem of affiliated businesses and technology integrations
Who You Are
Technical Depth
12+ years of technical experience in software, systems, or security engineering, with a deep command of security architecture and Computer Science fundamentals
Technical roots preferred — candidates with hands-on engineering or security engineering backgrounds are strongly favored, though exceptional leaders who have built and maintained technical credibility through other means will be considered
Security Leadership
10+ years of senior security leadership experience within a complex, global technology organization — ideally in a publicly traded company with international scope
Mastery across multiple security domains with deep expertise in Computer Science and Business Systems
Demonstrated expertise across the full security stack: AppSec, cloud security, identity, GRC, threat modeling, incident response, and security operations
Hands-on experience building and operating SOX-compliant programs and deep familiarity with CPRA and related privacy regulations
Product Platform Experience
Experience in a product-led business, ideally a web product responsible for hosting and protecting sensitive customer data at scale
Cloud-native/SaaS-first fluency — deep familiarity operating in modern infrastructure environments (AWS, GCP, or Azure) with a security posture built for cloud from the ground up
Risk Business Acumen
Data and metrics-driven approach to risk — ability to quantify, prioritize, and communicate security risk using a structured, evidence-based framework
Track record of translating security strategy into measurable business value, with a data-first approach to communicating risk to non-technical stakeholders
Ability to operate …