Search all jobs
Browse jobs › Chief Information Security Officer

Chief Information Security Officer

Urbancompass · New York City · Posted Jul 2, 2026

Apply on company site   Track it in JobSkout

At Compass, our mission is to help everyone find their place in the world. Founded in 2012, we’re revolutionizing the real estate industry with our end-to-end platform that empowers residential real estate agents to deliver exceptional service to seller and buyer clients.

Role Executive Summary

Compass International Holdings is seeking a seasoned Chief Information Security Officer to own and evolve the enterprise security program.

This is an executive highly technical role at the intersection of security strategy, technology, and business — responsible for protecting Compass's platform, its agents, buyers, sellers, and the sensitive financial and personal data that flows through every transaction.

The CISO will report directly to the CTO and serve as the company's foremost authority on information security, risk management, and compliance. This leader will partner across Engineering, Product, Legal, and Finance to embed security into the DNA of how Compass builds and operates.

You will lead a distributed team of security professionals across multiple time zones to support the organization, our customers, and partners. Your day to day includes mentor and sponsorship, assessment on security and risk management from technical implementations to strategic road maps, and drive key initiatives for Enterprise Technology, Security, and Compliance.

Engineering @ Compass International Holdings

Compass is building the first modern end-to-end real estate platform by integrating agents, buyers and sellers through technology. As one of the fastest growing technology companies of our generation, in an industry larger than any other, we have an opportunity and obligation to build a world-class security team to secure the operating platform that will transform real estate.

What You'll Own

Design and drive a comprehensive, enterprise-wide information security and risk management program — covering integrity, confidentiality, and availability of all data owned, processed, or controlled by Compass and its affiliates, including Title Escrow, Brokerage, and Technology platforms

Lead all critical security domains: incident response, application security, threat intelligence, monitoring and detection, security engineering, information governance, and product security

Establish and maintain SOX-compliant internal controls and ensure ongoing CPRA compliance, with direct accountability to audit and regulatory requirements

Build and continuously mature a distributed team of security professionals, including performance management, succession planning, and organizational development

Serve as the primary security voice to the Board, executive leadership, regulators, investment partners, and external customers — including public defense of the company's security posture when required

Define the security roadmap and operating model for a company that spans agents, buyers, sellers, and technology platforms across the full real estate transaction lifecycle

Partner closely with Engineering and Product to ensure all applications and services are built on secure-by-default principles across people, processes, and technology

Strengthen third-party and vendor security controls as Compass scales its ecosystem of affiliated businesses and technology integrations

Who You Are

Technical Depth

12+ years of technical experience in software, systems, or security engineering, with a deep command of security architecture and Computer Science fundamentals

Technical roots preferred — candidates with hands-on engineering or security engineering backgrounds are strongly favored, though exceptional leaders who have built and maintained technical credibility through other means will be considered

Security Leadership

10+ years of senior security leadership experience within a complex, global technology organization — ideally in a publicly traded company with international scope

Mastery across multiple security domains with deep expertise in Computer Science and Business Systems

Demonstrated expertise across the full security stack: AppSec, cloud security, identity, GRC, threat modeling, incident response, and security operations

Hands-on experience building and operating SOX-compliant programs and deep familiarity with CPRA and related privacy regulations

Product Platform Experience

Experience in a product-led business, ideally a web product responsible for hosting and protecting sensitive customer data at scale

Cloud-native/SaaS-first fluency — deep familiarity operating in modern infrastructure environments (AWS, GCP, or Azure) with a security posture built for cloud from the ground up

Risk Business Acumen

Data and metrics-driven approach to risk — ability to quantify, prioritize, and communicate security risk using a structured, evidence-based framework

Track record of translating security strategy into measurable business value, with a data-first approach to communicating risk to non-technical stakeholders

Ability to operate …

Apply on company site