Chief Information Security Officer (CISO), US

About The Position

Requirements

• 7–12 years of experience in information security, with demonstrated senior leadership (e.g., CISO, Director, or Head of Security) within a SaaS or technology environment
• Strong understanding of application security and secure software development
• Strong working knowledge of compliance frameworks including ISO 27001 and SOC 2, with hands-on experience managing or achieving these certifications; solid understanding of GDPR compliance across multiple jurisdictions
• Strong communication skills with the ability to engage both technical and non-technical stakeholders
• Experience securing complex, multi-cloud environments (AWS and Azure) alongside on-premises data centre infrastructure
• Awareness of AI security practices and risks, including securing AI-powered product features and governing internal AI tool usage
• Based in or with easy access to the US East Coast or UK/Ireland, comfortable leading remote teams across the US, EU, UK, and India, and willing to travel periodically to our offices in New York, London, or Belfast

Responsibilities

• Security Strategy & Governance
• Define and execute the company’s information security strategy, roadmap, policies, and standards
• Define and enforce internal IT security policies, covering endpoint security, access management, and controls suited to a remote, globally distributed workforce
• Maintain and build upon our existing certifications (ISO 27001, SOC 2 Type II), and drive expansion of SOC 2 coverage across our full product portfolio
• Ensure compliance with GDPR and applicable data protection regulations across our EU and global client base, and support the organisation’s future pathway toward ISO 42001 for AI governance
• Application & Product Security
• Partner with Engineering to embed security into the software development lifecycle (SDLC)
• Provide guidance on secure architecture and development planning
• Oversee vulnerability management and remediation efforts
• Own the external security posture of our client-facing products and solutions, ensuring security is embedded from design through to deployment
• AI Security
• Define and implement a framework for securing AI-powered features and capabilities embedded within our products, including the security of AI agents, models, and associated infrastructure
• Govern the safe and compliant use of AI tools internally, including copilots and AI agents used by our workforce
• Client & Operational Security
• Oversee security aspects of client support operations, ensuring strong controls and responsiveness
• Act as a key escalation point for security-related client matters
• Support customer audits, security questionnaires, and due diligence processes
• Risk Management & Incident Response
• Identify, assess, and manage security risks across the business
• Lead incident response planning and execution
• Continuously improve detection and response capabilities
• Leadership & Collaboration
• Act as a trusted advisor to the CTO and broader executive leadership on security risks, strategy, and emerging threats
• Work in close partnership with the Head of IT/Operations, and collaborate across Product, Engineering, and Client teams globally to align security priorities with business objectives
• Build and scale security awareness across the organisation, including a remote and globally distributed workforce
• Grow and shape the security function over time, with the opportunity to build out direct reports as the function matures