Chief Information Security Officer (CISO)

About The Position

Requirements

• Bachelor's Degree required.
• 12+ years of experience in information security, privacy, and compliance leadership roles.
• Expert knowledge of global data protection regulations (e.g., GDPR, CCPA, HIPAA, DFAR, CMMC) and how to operationalize compliance through policies, access controls, and technology.
• Experience managing Data Privacy Management Platforms and implementing privacy frameworks such as ISO 27701 (Privacy Information Management System), NIST Privacy Framework, and SOC 2 Privacy Criteria.
• Strong background in data governance, consent management, and privacy-by-design principles for digital platforms.
• Technical expertise in encryption, identity & access management (IAM), secure software development (DevSecOps), and cloud security.
• Experience leading cybersecurity risk assessments, vulnerability management, and incident response programs.
• Ability to collaborate across IT, Legal, Compliance, and Business teams to align privacy and security initiatives with organizational goals.
• Exceptional communication and leadership skills, with the ability to engage executive stakeholders and drive security awareness.
• Relevant certifications such as CISSP, CISM, CIPP (US/EU), CRISC, or ISO 27001 Lead Implementer are preferred.
• High-level of commitment to a quality work product and organizational ethics, integrity and compliance.
• Ability to work effectively in a fast paced, team environment.
• Strong interpersonal skills and the ability to effectively communicate, both verbally and in writing.
• Demonstrated decision making and problem-solving skills.
• High attention to detail with the ability to multi-task and meet deadlines with minimal supervision.

Nice To Haves

• Excellent written: oral communication skills between English and Japanese.

Responsibilities

• Oversee and manage our Data Privacy Management Platform, ensuring compliance with privacy laws and security best practices.
• Develop and enforce privacy and security policies for our customer data platforms (CDPs), identity management systems, and digital marketing technologies.
• Ensure compliance with GDPR, CCPA, HIPAA, and other global privacy frameworks, working closely with Legal, IT, and Marketing teams.
• Lead incident response, breach management, and regulatory reporting, ensuring adherence to data breach notification laws.
• Conduct privacy impact assessments (PIAs) and risk assessments for new technologies and data initiatives.
• Secure engineering processes and the software development lifecycle by implementing security measures such as code review, vulnerability testing, security education, and establishing DevSecOps practices.
• Oversee third-party Information Security risk management, ensuring vendor compliance with our security and privacy requirements.
• Lead security awareness and training programs for employees, contractors, and partners.
• Regularly report on security risks, compliance status, and emerging threats.
• Work with Customer's affiliates leadership on enterprise-wide security policies and data privacy management solutions.

Benefits

• Full remote available. However, it is not assumed to be full-time, but may be a few hours per week (part time).