Job Description

Chief Information Security Officer (CISO)

We are seeking a experienced and highly capable and strategic Chief Information Security Officer to lead our global information security strategy with a strong focus on AI security, cybersecurity risk management, application security, and regulatory compliance. This role is responsible for developing and executing a comprehensive security program that protects our data, systems, AI models, applications, and infrastructure -- both cloud and on-premise -- while enabling innovation and growth.


You will partner with technology, product, and business leaders to ensure security is integrated by design across our enterprise -- from secure development practices to AI governance -- while meeting compliance obligations such as AI Acts, Sarbanes-Oxley (SOX) and other regulatory requirements.

Reports to:

Directly reporting to the CIO

Your Role in our Future

The Chief Information Security Officer is entrusted with the following tasks:

Strategic Leadership

Develop and execute the enterprise-wide information security, AI security, and compliance strategy, aligning with business objectives and risk appetite Serve as the executive sponsor for cybersecurity, application security, and infrastructure security initiatives Champion a culture of secure innovation, embedding security and privacy considerations into product development, data science, and AI initiatives

AI & Data Security

Design and implement policies for AI model security, data governance, and AI risk management, including model poisoning, prompt injection, data leakage, and adversarial attack prevention Establish AI model lifecycle security controls, including dataset provenance, secure training environments, and model monitoring for drift and misuse. Collaborate with data science teams to ensure ethical AI practices and compliance with emerging AI regulations (EU AI Act, NIST AI RMF).

Cybersecurity Operations & Infrastructure Protection

Oversee threat detection, incident response, and vulnerability management for both cloud and on-premise systems Implement and maintain on-premise security controls, including network segmentation, physical data center security, access management, and endpoint protection Lead response to major security incidents, coordinating cross-functional teams and managing communication with regulators, customers, and partners.

Application Security & DevSecOps

Build and scale an application security program, including secure coding standards, automated code scanning, and penetration testing Embed security into CI/CD pipelines and partner with engineering teams to ensure software security best practices Establish secure-by-design guidelines for APIs, microservices, and cloud-native applications

Governance, Risk, Compliance & SOX

Ensure compliance with SOX Section 404 IT General Controls, including change management, logical access controls, and audit trail integrity Collaborate with finance and internal audit teams to ensure IT control effectiveness and timely remediation of deficiencies. Drive enterprise-wide security awareness and training programs, including secure AI usage guidelines. Maintain compliance with other relevant regulations (GDPR, CCPA, HIPAA, PCI-DSS, etc.) and ensure robust audit readiness. Define and monitor key risk indicators (KRIs) and security KPIs to measure program maturity.

Information Technology

Enterprise security strategy and ISMS governance (ISO 27001, NIST CSF) AI and data security (model Protection, bias detection, secure APIs) Develop security operations enablement across CI/CD pipelines and solution designs Security operations, threat detection and incident response Compliance (SOX, GDPR, PCI) and audit readiness Business continuity and disaster recovery testing

Connections and Collaboration

VP DevOps & Platforms: Secure-by-design architecture, CI/CD security controls VP Program Management: Security deliverables in programs & M&A integrations VP Business Partnering: Security/compliance requirements embedded in process design VP Digital Intelligence & AI: Secure data pipelines, monitor AI model risk * VP Infrastructure & Service Management: Identity management, network security, BC/DR