Chief Information Security Officer (CISO) Illumia | A Roper Technologies Portfolio Company Remote-Friendly About Illumia Illumia empowers education, healthcare, and corporate enterprises with secure, intelligent technology that streamlines operations and enriches experiences for everyone they serve. Formed by the merger of Transact and CBORD, Illumia is a portfolio company of Roper Technologies (NYSE: ROP) serving more than 1,750 client institutions across higher education, healthcare, corporate, and senior living markets. Illumia serves over 12 million students, facilitates over $58 billion in transactions annually, and connects more than 1,100 colleges and universities through over 300 technology and integration partners. We operate across three business units — Campus ID and Commerce, Integrated Payments, and Healthcare — with a portfolio spanning campus identity and access, commerce and payments, food and nutrition management, and data analytics. As a registered partner and ISO of Elavon (U.S. Bancorp), Illumia operates at the intersection of institutional technology and regulated financial services. Our values are Authenticity, Responsibility, Passion, and Excellence. At Illumia, we believe diverse perspectives make us stronger as a team and as a technology partner. We are committed to building an inclusive workplace where people of all backgrounds feel valued, respected, and empowered to do their best work. Position Summary The CISO is a senior technology leader responsible for Illumia’s enterprise-wide information security strategy, program, and culture. Reporting to the CTO, this role serves as the company’s top security leader — translating cyber risk into business language, protecting customer and institutional data, enabling compliant product growth, and building a world-class security organization. This is both a transformation and leadership role. The CISO will unify two legacy security programs (Transact and CBORD) into a single, cohesive operating model while maintaining continuous compliance and operational readiness. The ideal candidate thrives in complex, multi-product SaaS environments, understands how security is evolving in an AI-first world, and can operate confidently in the boardroom while remaining deeply trusted by engineering and product teams. Security Program Illumia follows NIST’s cybersecurity framework and maintains a public Security and Trust Center (trustcenter.illumiatech.com). Current certifications and compliance posture include: - SOC 2 Type I and Type II (including SOC 2+ HITRUST Type II for healthcare products) - PCI DSS v4.0.1 across multiple product lines; listed on Visa’s Global Registry of Service Providers - TX-RAMP and GovRAMP authorizations - HIPAA Security Compliance for healthcare products The CISO will inherit this foundation and be expected to evaluate, evolve, and unify it into a single enterprise-class security operation. Key Responsibilities - Define and evolve a multi-year enterprise security roadmap across all three business units, aligned to business objectives and risk appetite - Serve as primary security advisor to the executive leadership team and primary security liaison to Roper Technologies - Lead the unification of security programs, toolsets, and policies inherited from Transact and CBORD - Lead Security Operations, GRC, Application Security, and Cloud Security functions - Own SOC 2, PCI DSS, HITRUST, TX-RAMP, GovRAMP, FERPA, and HIPAA compliance programs - Secure SaaS platforms and cloud environments through secure SDLC, vulnerability management, and penetration testing programs - Partner with Engineering and Product to embed security by design without impeding delivery velocity - Establish AI security governance to manage AI tool adoption and AI-specific risks across the organization - Lead or manage security operations (SIEM, EDR, XDR, threat intelligence) through in-house, MSSP, or hybrid models - Own the incident response program and business continuity / disaster recovery testing - Oversee corporate IT security including endpoint protection, patch management, and identity hygiene - Establish cross-business unit security governance to drive consistency while accommodating domain-specific requirements - Recruit, develop, and retain a high-performing security team; manage external vendors, MSSPs, and auditors - Maintain and evolve the public Security and Trust Center Required Experience - 12+ years in information security, with 4+ years as CISO, Deputy CISO, or VP of Security - Proven leadership at a B2B SaaS or cloud-native company; experience scaling security through mergers, acquisitions, or platform consolidation - Deep expertise in cloud security architecture (AWS, Azure, and/or GCP), secure SDLC, and modern threat detection and response - Hands-on leadership of SOC 2 Type II and PCI DSS audits; PCI Level 1 experience strongly valued. HITRUST, GovRAMP, or TX-RAMP experience is a plus - Experience with FERPA, HIPAA, or other education and healthcare regulatory frameworks - Demonstrated ability to communicate security risk to non-technical executives, boards, and parent company leadership - Track record building and scaling security teams, including organizational design and vendor management - Experience in a portfolio company or PE-backed environment is a plus Education and Certifications - Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field required; Master’s or MBA preferred - CISSP, CISM, CCSP, CISA, CRISC, or CCISO strongly preferred Security Technology Experience Experience with modern security platforms across cloud security (Wiz, Prisma Cloud, or equivalent), endpoint/XDR (CrowdStrike, SentinelOne, or equivalent), SIEM/SOAR, identity/IAM, application security (SAST/DAST), GRC automation, and patch management. Familiarity with AI security governance tools and Zero Trust architecture frameworks preferred. Leadership Qualities We hire and develop people who are humble, hungry, and smart — and we hold our leaders to the highest standard across all three. - Humble: They lack excessive ego or concerns about status - Hungry: They are always looking for more — more things to do, more to learn, more responsibility to take on - Smart: They have common sense about people, dealing with others in the most effective way, and picking up on the needs and feelings of others Core Competencies - Executive presence with the ability to build trust at the C-suite level, with parent company leadership, and across business units - Strong business acumen — understands how security decisions impact revenue, customer trust, and institutional relationships - Exceptional communication: able to explain complex security concepts in plain language to diverse audiences - Collaborative leader who can influence without authority and build bridges across security, engineering, product, legal, and sales - Resilient under pressure with sound judgment in high-stakes incident scenarios - Comfortable operating in a post-merger environment where ambiguity is high and organizational norms are still being established Location Remote-friendly with regular travel expectations. Illumia’s teams are distributed across Atlanta, GA; Phoenix, AZ; Ithaca, NY; and international offices in Australia, Ireland, and India. Quarterly on-site engagement, incident response availability, and participation in Roper Technologies events (including the annual Cyber Summit) are expected. Compensation Illumia offers a competitive executive compensation package including base salary, performance-based incentive, and comprehensive benefits. Compensation will be discussed in detail during the recruitment process and will reflect the scope of the role, individual qualifications, and market data. Equal Opportunity and Accommodations Illumia is an Equal Opportunity Employer. We do not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, veteran status, genetic information, marital status, or any other characteristic protected by applicable law. We are committed to providing reasonable accommodations to qualified individuals with disabilities throughout the hiring process.