VP, Chief Information Security Officer (CISO)

Natera

About The Position

The Vice President, Chief Information Security Officer (CISO) is responsible for defining, building, and operating the company’s global cybersecurity program as a core business function. This leader will own the end-to-end security strategy, risk posture, and investment roadmap to protect the organization’s technology platforms, intellectual property, and sensitive clinical and patient data. This role combines technical expertise with executive leadership, requiring deep knowledge in cybersecurity architecture, cloud security, and AI-driven platforms, with the ability to embed security directly into systems, data pipelines, and product development lifecycles. The CISO will translate complex cybersecurity risks into clear business terms, enabling informed decision-making at the executive and Board levels. This role will champion the use of AI-assisted security operations, intelligent automation, and advanced analytics to transform how cybersecurity is delivered across the enterprise. The CISO will drive the adoption of modern AI-enabled security tooling and architectures to improve detection fidelity, accelerate response times, and increase operational efficiency—while reducing noise, manual effort, and overall risk exposure.

Requirements

20+ years of progressive cybersecurity leadership experience.
Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or a related technical field required.
Proven experience owning and operating an enterprise-wide cybersecurity program, including strategy, execution, and governance. Strong track record of building modern, engineering-led security organizations in cloud-native environments.
Comfortable operating in high-growth, high-complexity environments. Experience building and scaling security programs in cloud-native, high-growth environments.
Deep, practical expertise across: Cloud security architecture (CSPM, CNAPP, workload security), Identity and access management (IAM, SSO, zero trust), Detection & response (SIEM, SOAR, EDR/XDR), Application and API security, Data security, encryption, and DLP, DevSecOps and secure SDLC practice
Strong balance of: technical depth (architecture, cloud, security engineering), and strategic leadership (program ownership, executive influence)
Hands-on experience implementing or operating AI-assisted security tools and automation frameworks.
Demonstrated success engaging with executive leadership and Boards on cybersecurity risk and investment decisions.
Experience developing risk-based investment strategies and prioritization frameworks. Ability to translate cybersecurity complexities into executive and Board-level communications.
Exceptional executive communication and storytelling skills.
Proven ability to influence senior leadership and drive alignment on complex risk and investment decisions.

Nice To Haves

Advanced degree (Master’s or PhD) is strongly preferred.

Responsibilities

Own and operate the end-to-end enterprise cybersecurity program, including strategy, architecture, operations, governance, and compliance.
Establish a multi-year security roadmap aligned with business priorities, technology evolution, and regulatory requirements.
Drive program maturity, ensuring continuous improvement across all domains of cybersecurity. Ensure security is integrated into enterprise planning, product development, and operational execution.
Develop and maintain a risk-based cybersecurity investment framework to prioritize initiatives and allocate resources effectively.
Lead architectural decisions across: identity and access systems, data protection and encryption strategies, network and zero-trust architectures, secure platform design for clinical and genomic systems and for agentic workflows.
Present regular updates to executive leadership on cyber risk posture, threat landscape, program maturity, incident readiness and response. Lead Board-level discussions on cybersecurity strategy, risk tolerance, and investment priorities.
Define and execute a strategy for AI-assisted cybersecurity operations, leveraging machine learning, automation, and advanced analytics to enhance detection and response capabilities.
Build a highly automated, intelligence-driven SecOps function that minimizes manual intervention and improves speed and accuracy of threat identification and remediation.
Drive adoption and optimization of modern security platforms, including: Next-generation SIEM/SOAR, CNAPP / CSPM, EDR/XDR, Identity intelligence platforms. Leverage AI/ML to improve signal-to-noise ratio in security alerts, detect anomalous behavior across security domains, and automate triage, investigation, and response workflows
Integrate AI capabilities into threat intelligence, vulnerability management, and risk analysis processes. Continuously evaluate emerging AI security tools and capabilities, balancing innovation, risk, and operational value.
Oversee enterprise security operations including monitoring, detection, and response. Lead incident response and crisis management, ensuring rapid containment and recovery.
Own compliance strategy across frameworks including SOC 2, ISO 27001, and NIST. Ensure alignment with healthcare and global data protection regulations (HIPAA, GDPR, CCPA).