Fractional CISO (Regulated SaaS)
Verixa
Job Description
Navira Quality Systems (Verixa platform) · Remote (India-led) · Fractional / Part-Time
Part-time security leadership · ISO 27001 & SOC 2 · 9–12 month retainer · ~4–6 days/month · Remote
About Navira Quality Systems:
Navira Quality Systems is the company behind Verixa — an AI-governed Quality Management System (eQMS) purpose-built for pharmaceutical, biotech, and other regulated life-sciences organisations. Verixa brings validation, quality, documentation, and audit-readiness into one modern, compliant platform designed around 21 CFR Part 11, EU Annex 11, ISO, and emerging AI-governance expectations. We are a focused, fast-moving team building software where quality and trust are the product.
About The Role:
We're looking for a hands-on Fractional CISO to own our information-security program end-to-end and drive Verixa to ISO 27001 and SOC 2 readiness. Verixa's technical security controls are already strong and implemented in code; your mandate is to build the management system around them — policies, risk management, evidence, and governance — and lead the organisation through certification.
What You'll Do:
- Own the ISO 27001 readiness program: ISMS scope, Statement of Applicability, information-security risk register and treatment plan, asset inventory, and the supporting policy suite.
- Own SOC 2 Type I readiness: system description, management assertion, evidence pack, and auditor selection.
- Drive the security evidence program: access reviews, restore/DR and incident-response tabletops, training, vendor/subprocessor risk and DPAs, and monitoring.
- Direct penetration-test defect remediation and formal risk-acceptance decisions, with retest sign-off.
- Select and manage the certification body (ISO) and CPA firm (SOC 2), targeting a combined-audit path where possible.
- Act as security counterpart for design-partner due diligence — security questionnaires and trust narrative.
- Run a quarterly security review with the leadership team.
What we are Looking for?
- 10+ years in information security, including 2+ ISO 27001 certifications led as implementer/CISO (not audit-only).
- SOC 2 program ownership.
- Fluency across a modern SaaS / cloud-native stack.
- Strong security-policy authorship and vendor/subprocessor risk-program experience.
Nice to Have:
- Regulated life-sciences or GxP SaaS exposure.
- ISO 42001 / AI-governance awareness.
- Working knowledge of India's DPDP Act 2023 and GDPR.
- Experience presenting to enterprise pharma procurement / security teams.
Engagement Details:
- Fractional engagement on a monthly retainer (part-time security leadership).
- Term: 9–12 months through the certification window; 30-day notice.
- Commitment: ~4–6 days/month during the build, ~2–3 days/month in steady-state; occasional US audit-facing hours.
- Location: remote-first, India-led.
- Compensation: competitive retainer, commensurate with experience.
- A confidentiality agreement (NDA) is signed before access is granted.
Why This Role?
Own a certification program from scratch on a platform where security is central to the value proposition. It's a high-autonomy, high-impact fractional mandate for a builder who has taken organisations through ISO and SOC 2 before.
How to Apply?
Send your CV/profile and a short note on relevant experience to [email protected] with the subject line “Fractional CISO – Verixa”, or apply directly through this LinkedIn post. We review applications on a rolling basis.
Navira Quality Systems is an equal-opportunity organisation. We welcome applicants of all backgrounds and are committed to a fair, inclusive hiring process.
Required Skills
Similar Jobs
View all →
General Manager - Cybersecurity Governance, Resilience and Cyber Trust
BharatPe
Senior AI Defense Engineer
WilmerHale
Technical Product Manager
MetricStream
Risk Consulting - Digital Risk - Manager - Cyber
EY
Risk Consulting - Digital Risk - Senior - Cyber
EY
Similar Jobs
View all →
General Manager - Cybersecurity Governance, Resilience and Cyber Trust
BharatPe
Gurugram
Senior AI Defense Engineer
WilmerHale
Technical Product Manager
MetricStream
Bengaluru
Risk Consulting - Digital Risk - Manager - Cyber
EY
Coimbatore
Risk Consulting - Digital Risk - Senior - Cyber
EY
CoimbatoreShare
Quick Apply
Upload your resume to apply for this position