Vice President & Chief Information Security Officer

Planet•San Francisco, CA

9h•$260,500 - $325,600•Hybrid

About The Position

As the Vice President and Chief Information Security Officer (CISO), you will serve as a key executive and thought leader driving the strategic evolution of Planet’s information security landscape. You will architect a sophisticated, enterprise-wide security strategy that directly aligns with our broader business goals and anticipates the rapidly evolving AI threat landscape. As a visionary leader, you will ensure our defenses outpace both emerging technologies and sophisticated global threat actors while owning enterprise and third-party cyber risk. You will balance the confidentiality, integrity, privacy, and recoverability of Planet’s global assets with workforce productivity and agility. In this role, you will oversee departmental budgets and results while empowering a capable tier of front-line managers to execute your vision. This is a unique opportunity to build a predictive, future-proof security organization at a rapidly growing company. This is a full-time, hybrid role which will require you to work from our San Francisco office 3 days per week.

Requirements

Typically 10+ years of relevant work experience and 8+ years of leadership experience.
Deep industry and commercial awareness, accompanied by a track record of thought leadership, public speaking, and published work in the information security industry.
Ability to separate the genuinely important from the merely urgent, proactively soliciting ideas and information from multiple external and internal perspectives to forecast risk years in advance.
Ability to cultivate an approachable leadership style that values patience, empathy, and vulnerability, while understanding the impact of your leadership wake.
Experience leading a diverse group of people, setting clear expectations, and holding people accountable
Outstanding written and verbal communication skills, with a focus on explaining security topics, such as the OWASP Top 10, clearly and to a variety of audiences with varying technical sophistication.
Deep understanding of networking and web application architecture.
Experience with the operations and security facets of cloud environments (Amazon Web Services and Google Cloud Platform, primarily).
Experience with common attack scenarios across the layers of our infrastructure (cloud infrastructure, web applications and interfaces, authentication and authorization, network flows, code quality, insider threat, and the like).
Deep understanding of information security principles and common reconnaissance and exploitation frameworks.
Experience with enterprise risk management frameworks and implementing certification for SOC 2 and ISO 27001.

Nice To Haves

Understanding of a wide range of vulnerability classes including modern adversarial AI attacks, model poisoning, and LLM supply chain vulnerabilities.
Track record of architecting a multi-year security roadmap that successfully anticipated future technology disruptions.
Prior or current government security clearance.
Government national security experience.
Red team experience.

Responsibilities

Spearhead the multi-year strategic plan for information and cloud security, integrating predictive AI defense strategies.
Collaborate with business and technology teams to ensure security and compliance postures exceeding industry standards.
Influence enterprise-wide strategic direction by blending functional security goals with broader business objectives.
Empower front-line managers through delegation, selection, and continuous professional development.
Resolve highly complex business problems, transitioning the department toward proactive, strategic forecasting.
Manage departmental resources, policy, and personnel with full accountability for budget and performance results.
Architect proactive, intelligence-driven risk forecasting models and security risk management processes.
Serve as the ultimate subject matter expert for security issues, including AI governance, secure machine learning pipelines, and space/ground-station asset protection.
Orchestrate incident response and business recovery plans to safeguard critical global services.
Participate in external security certifications and manage customer security audits.
Drive security awareness training programs, ensuring that all employees are trained on information security concepts, emerging social engineering vectors (such as AI-driven phishing), and their role in safeguarding Planet.
Partner with legal and procurement to ensure information security requirements are included in vendor contracts.
Stay abreast of relevant security developments, industry-wide events, regulations, geopolitical shifts, and emerging technologies.
Coordinate development and implementation of incident response plans and procedures ensuring that business-critical services are recovered in the event of a security event, and provides direction, support, and in-house consulting in this area.
Monitor the external threat environment for emerging threats, specifically looking around corners to implement early mitigations, AI-driven counter-measures, and controls where relevant.
Manage budgetary planning for the information security function.
Act as a positive culture carrier who lives the company values and makes decisions that have a broad impact on both people and company financials.
Build and nurture external networks consisting of industry peers, ecosystem partners, vendors, government intelligence agencies, and other relevant parties.