Chief Information Security Officer

About The Position

Requirements

• 10+ years of experience in information security, cybersecurity, with at least 5+ years in a senior leadership role
• Proven track record of incident response leadership and crisis management.
• Relevant certifications such as CISSP, CISM, CISA, ISO 27001 Lead Auditor
• Experience leading large-scale enterprise security programs and managing global teams, including leaders of leaders.
• Strong knowledge of modern enterprise security practices, including identity and access management, cloud security, endpoint security, DevSecOps, threat detection, and vulnerability management.
• Understanding of emerging AI security risks and controls, including securing AI-enabled workflows and enterprise AI platforms.
• Experience securing modern cloud and development environments across platforms such as AWS, Azure, or GCP.
• Familiarity with modern security frameworks and standards such as NIST, ISO 27001, PCI, or OWASP.
• Demonstrated ability to communicate complex security topics to executive leadership and nontechnical stakeholders.
• Experience with risk management, compliance, and regulatory requirements relevant to enterprise software companies.
• Strong business acumen, particularly in aligning security investments with financial and operational priorities.

Responsibilities

• Define and own the global cyber security strategy, aligned to business objectives and risk appetite.
• Provide senior-level leadership and act as a trusted advisor to the CTO, Operating Team, Board Cybersecurity Committee, and senior leaders.
• Lead global planning, budgeting, capability development, and vendor strategy for all security domains.
• Promote a strong security culture across all regions, embedding secure behaviors and accountability.
• Lead the design, implementation, operation, and continuous improvement of the Information Security Management System (ISMS) aligned to ISO 27001, SOC2, TISAX, and other relevant frameworks.
• Oversee global risk management, including risk assessments, control selection, and enterprise risk reporting.
• Ensure compliance with global cyber security regulations and industry standards.
• Lead the development and maintenance of global security policies, standards, and guidelines.
• Oversee third-party and supply-chain security, including vendor assessments and due diligence.
• Lead global Security Operations (SecOps), including monitoring, detection, threat intelligence, and vulnerability management.
• Establish and mature global CSIRT/CSOC capabilities, ensuring 24/7 coverage where required.
• Act as executive incident commander for major cyber events, ensuring effective response, communication, and recovery.
• Maintain incident playbooks, escalation paths, and post-incident reviews to drive continuous improvement.
• Define and oversee secure architecture, cloud security standards, and identity & access management (IAM).
• Embed security into the software development lifecycle (SDLC), including secure coding, DevSecOps, and product security reviews.
• Partner with Engineering and Technology teams to ensure secure design, encryption, and access controls across all platforms.
• Act as the senior representative for cyber security with regulators, auditors, customers, and partners.
• Oversee responses to customer and partner security assessments and due-diligence requests.
• Monitor global regulatory developments and translate them into actionable controls and programs.
• Lead and develop global teams across security operations, governance, risk, compliance, and resilience.
• Build organizational capability, succession planning, and specialist talent pipelines.
• Foster a collaborative, high-performance culture across regions and functions.