The Company
Gainsight, the world’s leading Customer Success platform, helps businesses drive efficient growth by unifying the post-sales customer journey.
Our innovative suite of solutions—including customer success, customer education, product experience, community management, and conversational AI insights—are trusted by companies of all sizes and industries, including nearly 200 publicly traded organizations.
With Gainsight, businesses can leverage AI-driven insights from real-time customer interactions to enhance engagement, improve retention, and drive expansion. Our platform makes it easier for customer success, product, and community teams to scale efficiently and gain a holistic view of their customers, driving product adoption and building thriving customer communities.
Gainsight joined the Vista Equity Partners portfolio in 2020. In 2021, we won their Excellence in Engineering award in recognition for our product and engineering advancements.
A remote-friendly company, we have offices in the US, UK, Netherlands, Israel, Japan, Poland, Mexico, and India.
Gainsight received the top spot in Glassdoor's Best Places to Work for 2023. It has also been named as one of the top 100 private cloud companies in the world by Forbes, one of the fastest-growing private companies in America by Inc. Magazine, and one of 20 Great Workplaces in Tech by Fortune Magazine.
Our Culture & Values
Gainsight is a place where innovation is shaped through collaboration, curiosity, and a shared focus on solving real-world problems. With a growing suite of products across customer success, product experience, community, education, and AI-powered relationship intelligence, we continue to evolve with the needs of our customers. When people with diverse strengths, a strong sense of community, and true passion for our mission come together, they drive greater impact and create lasting value. What underpins it all is a culture that offers the stability, trust, and support that people need - not just to do the job, but to show up as themselves and feel connected to the work they do. Gainsters love working here for several reasons. Here are a few:
Our Compensation and Benefits: At Gainsight, we believe great work happens when teammates feel fully supported.
In addition to competitive salary, we offer a comprehensive benefits package including fully covered medical premiums (employee-only), flexible PTO, 401(k) plan, dental and vision coverage, and remote work options. Additional benefits include a $10,000 lifetime fertility stipend and access to coworking spaces around the globe. You'll also enjoy dedicated Recharge Holidays - one long weekend each quarter to relax and reset.
Our Core Values: We are guided by our values and our mission to be living proof you can win in business while being Human-First. Learn more here.
Our Growth Opportunities: From mentoring to career development opportunities, we’re passionate about helping our teammates learn, grow, and thrive.
Our Parody Videos: No explanation needed. Just watch them here!
At Gainsight, our mission is to be living proof you can win in business while being human first. For more information visit . ↗
The Opportunity
The Chief Information Security Officer (CISO) will lead the enterprise-wide cybersecurity program for a globally distributed, scaling platform inclusive of both network and product security.
This executive will unify and modernize a global security organization that has historically been based in India. The CISO will drive a cohesive global strategy around security operations, standardizing risk management across legacy environments, and building a resilient, forward-looking cyber strategy including the build-out of North American capabilities, with potential expansion into European capabilities.
The CISO will serve as a strategic thought partner to the senior leadership team, driving secure innovation and enabling business growth.
Reporting To: paul sheppard,
chief financial officer
Location:
Gainsight operates in a remote environment in the U.S., so location is flexible with travel to the India offices and other senior leadership and customer meetings as required. It’s likely this person will travel to India once per quarter.
Responsibilities:
Define the Global Program and Build North American Cyber Capabilities:
Assess the current security structure, posture, and team, formulating a perspective on what is being done well today and where there are areas for improvement. Build a North American based cyber function that will collaborate with stakeholders and the cyber team in India to holistically manage a global cyber program.Strategic Leadership:
Act as a change agent and owner, collaborating across business and technology teams. Present complex security concepts and program status to executive leadership and the board. Drive consensus and foster a culture of security.Unify Cyber Programs:
Integrate and standardize cybersecurity policies, controls, and risk management across environments from multiple recent acquisitions. Ensure consistent protection, compliance, and customer messaging company-wide.Advance Application & AI Security:
Build and mature a robust application security program, with special focus on securing new AI-driven products and services. Oversee secure SDLC, penetration testing, bug bounty programs, and AI risk management.Modernize Security Operations:
Lead security operations, incident response, vulnerability management, and proactive threat hunting. Drive adoption of zero trust principles and modern security frameworks to form a more proactive security function.M&A Integration:
Oversee the integration of security programs, teams, and technologies resulting from mergers and acquisitions. Identify and mitigate risks unique to M&A activity and serve as the subject-matter-expert in security in due diligence processes.Customer Trust
Serve as Gainsight’s voice to the customer representing security programs and initiatives, staying connected as the company’s partner.
The CISO will lead and manage a diverse security team, including:
● Security Operations (SecOps): Overseeing threat detection, incident response, vulnerability management, and proactive threat hunting.
● Application Security (AppSec): Ensuring secure software development lifecycle practices, conducting penetration testing, managing bug bounty programs, and securing source code and secrets.
● Cloud Security: Securing our environments within Amazon Web Services (AWS) and Google Cloud Platform (GCP) and ensuring the security of SaaS applications.
● IT Security: Managing endpoint security, asset management, and Identity and Access Management (IAM) systems.
● Governance, Risk, and Compliance (GRC): Leading risk identification and management, developing security policies, ensuring compliance with industry standards like SOC 2 and ISO 27001 and 42001, and delivering employee security education.
This role will also involve board and senior management reporting responsibilities, communicating complex security concepts and program status to executive leadership and the board of directors.
The Candidate
Skills:
Exceptional communication skills, with the ability to effectively convey complex technical security concepts to both technical stakeholders, such as CTOs, CPOs, IT, cloud operations teams, and developers, as well as executive leadership and board.
Ability to drive change, assessing the current state of the program and managing and improving the security stack
Managerial and leadership skills including leading and scaling a team and function, managing an operational budget, and serving as the subject matter domain expert in security and tech risk
Depth in governance, risk, and compliance
○ Understands security in the context of risk-based solutioning
○ Can present complex technical concepts in risk-based language
○ Exposure to compliance frameworks such as HIPAA
Strong capabilities in Application Security, including:
○ Overseeing and conducting penetration testing to identify application vulnerabilities.
○ Managing bug bounty programs to incentivize external security researchers.
○ Implementing secure Software Development Life Cycle (SDLC) practices.
○ Performing thorough code reviews to identify and rectify security flaws.
○ Securing Source Code Management (SCM) systems.
○ Managing secrets securely within applications and infrastructure.
Knowledge:
Technical organizational transformation security expertise in:
○ M&A integration and risk management
○ Modern security operations and zero trust
○ AI security and certifications for new products and services
○ Cloud security (AWS, GCP, Azure, SaaS)
Strong expertise in incident response, encompassing:
○ Developing and maintaining best-in-class incident preparedness strategies.
○ Establishing and refining comprehensive incident response processes.
○ Creating and enforcing security policies and ensuring global regulatory compliance.
○ Collaborating effectively with insurance providers and legal counsel during and after security incidents.
○ Working with Digital Forensics and Incident Response (DFIR) providers to investigate and mitigate threats.
○ Leading business recovery efforts post-incident to minimize disruption and restore operations.
○ Serving as the voice of customer trust during and post-incident, acting as the main point-of-contact with the customer to foster a culture of trust and accountability
Proficient in security operations, including:
○ Implementing and managing vulnerability management programs to identify and remediate security weaknesses.
○ Developing and deploying advanced threat detection mechanisms.
○ Conducting proactive threat hunting to identify and neutralize hidden threats.
○ Leveraging threat intelligence to anticipate and defend against emerging attack vectors.
Knowledge, continued:
Deep understanding of Cloud Security principles and practices, with experience in:
○ Securing multi-cloud environments inclusive of Azure, Amazon Web Services (AWS), and GCP
○ Ensuring the security of SaaS applications.
Expertise in IT Security, covering:
○ Implementing and managing endpoint security solutions.
○ Developing and maintaining robust asset management and inventory systems.
○ Managing Identity and Access Management (IAM) systems.
Comprehensive knowledge of Governance, Risk, and Compliance (GRC), including:
○ Familiarity with industry standards such as SOC 2 and ISO 27001 and 42011.
○ Ability to lead the business through risk identification, analysis, and management processes.
○ Developing and implementing effective security policy management frameworks.
○ Establishing and delivering employee security education and awareness programs.
○ Creating and executing a blue-chip strategic security roadmap to match the needs of the business as the company continues tier path of growth
Experience:
10+ years of progressive leadership in cybersecurity, with a track record of success in large, global multi-product enterprise environments.
Experience managing globally diverse teams, driving a cohesive security culture across various geographies
Depth in SaaS, cloud security (AWS, GCP), application security, security operations, and governance, risk, and compliance (SOC 2, ISO 27001).
Experience partnering and integrating with technology partners.
Proven ability to lead through change, unify teams, and drive security transformation during M&A integration.
Experience working in multi-product environments, adept at managing security across diverse product portfolios.
Leadership & Cultural Qualities:
Product Security Leadership & Engineering Partnership:
o Own the company’s product security strategy, ensuring security is embedded into architecture, product development lifecycle, and platform delivery.
o Serve as a close partner to the CTO and engineering teams to align security, platform resilience, and development velocity.
o Foster a security culture that empowers engineers through developer empathy, clear standards, practical guidance, and low-friction security practices.
Executive presence with strong communication skills—able to present to board and senior leadership, and drive consensus across diverse teams.
Collaborative, influential, and able to act as a true owner and change agent.
