Job Specifications
Chief Information Security Officer (CISO)
We are seeking a experienced and highly capable and strategic Chief Information Security Officer to lead our global information security strategy with a strong focus on AI security, cybersecurity risk management, application security, and regulatory compliance. This role is responsible for developing and executing a comprehensive security program that protects our data, systems, AI models, applications, and infrastructure — both cloud and on-premise — while enabling innovation and growth.
You will partner with technology, product, and business leaders to ensure security is integrated by design across our enterprise — from secure development practices to AI governance — while meeting compliance obligations such as AI Acts, Sarbanes-Oxley (SOX) and other regulatory requirements.
Location: TBC
Reports to: Directly reporting to the CIO
Your Role in our Future
The Chief Information Security Officer is entrusted with the following tasks:
Strategic Leadership
Develop and execute the enterprise-wide information security, AI security, and compliance strategy, aligning with business objectives and risk appetite
Serve as the executive sponsor for cybersecurity, application security, and infrastructure security initiatives
Champion a culture of secure innovation, embedding security and privacy considerations into product development, data science, and AI initiatives
AI & Data Security
Design and implement policies for AI model security, data governance, and AI risk management, including model poisoning, prompt injection, data leakage, and adversarial attack prevention
Establish AI model lifecycle security controls, including dataset provenance, secure training environments, and model monitoring for drift and misuse.
Collaborate with data science teams to ensure ethical AI practices and compliance with emerging AI regulations (EU AI Act, NIST AI RMF).
Cybersecurity Operations & Infrastructure Protection
Oversee threat detection, incident response, and vulnerability management for both cloud and on-premise systems
Implement and maintain on-premise security controls, including network segmentation, physical data center security, access management, and endpoint protection
Lead response to major security incidents, coordinating cross-functional teams and managing communication with regulators, customers, and partners.
Application Security & DevSecOps
Build and scale an application security program, including secure coding standards, automated code scanning, and penetration testing
Embed security into CI/CD pipelines and partner with engineering teams to ensure software security best practices
Establish secure-by-design guidelines for APIs, microservices, and cloud-native applications
Governance, Risk, Compliance & SOX
Ensure compliance with SOX Section 404 IT General Controls, including change management, logical access controls, and audit trail integrity
Collaborate with finance and internal audit teams to ensure IT control effectiveness and timely remediation of deficiencies.
Drive enterprise-wide security awareness and training programs, including secure AI usage guidelines.
Maintain compliance with other relevant regulations (GDPR, CCPA, HIPAA, PCI-DSS, etc.) and ensure robust audit readiness.
Define and monitor key risk indicators (KRIs) and security KPIs to measure program maturity.
Information Technology
Enterprise security strategy and ISMS governance (ISO 27001, NIST CSF)
AI and data security (model Protection, bias detection, secure APIs)
Develop security operations enablement across CI/CD pipelines and solution designs
Security operations, threat detection and incident response
Compliance (SOX, GDPR, PCI) and audit readiness
Business continuity and disaster recovery testing
Connections and Collaboration
VP DevOps & Platforms: Secure-by-design architecture, CI/CD security controls
VP Program Management: Security deliverables in programs & M&A integrations
VP Business Partnering: Security/compliance requirements embedded in process design
VP Digital Intelligence & AI: Secure data pipelines, monitor AI model risk
VP Infrastructure & Service Management: Identity management, network security, BC/DR
Your Profile
Qualifications Characteristics
10+ years of progressive experience in cybersecurity, with at least 5 years in senior leadership roles
Proven track record of building and leading enterprise security programs that cover cloud, on-premise, and hybrid environments
Deep expertise in application security, DevSecOps, and software security lifecycle management
Strong understanding of AI/ML security risks, model governance, and data protection practices
Experience with SOX IT General Controls, compliance testing, and working with auditors.
Strong understanding of network security, identity & access management, and physical security for on-premise environments
Excellent communication skills with ability to influence senior stakeholders and board-level execu