Job Description

Chief Information Security Officer (CISO)

=============================================


We are seeking a experienced and highly capable and strategic Chief Information Security Officer to lead our global information security strategy with a strong focus on AI security, cybersecurity risk management, application security, and regulatory compliance. This role is responsible for developing and executing a comprehensive security program that protects our data, systems, AI models, applications, and infrastructure -- both cloud and on-premise -- while enabling innovation and growth.


You will partner with technology, product, and business leaders to ensure security is integrated by design across our enterprise -- from secure development practices to AI governance -- while meeting compliance obligations such as AI Acts, Sarbanes-Oxley (SOX) and other regulatory requirements.

Location:

TBC

Reports to:

Directly reporting to the CIO

Your Role in our Future

===========================


The Chief Information Security Officer is entrusted with the following tasks:

Strategic Leadership

Develop and execute the enterprise-wide information security, AI security, and compliance strategy, aligning with business objectives and risk appetite Serve as the executive sponsor for cybersecurity, application security, and infrastructure security initiatives Champion a culture of secure innovation, embedding security and privacy considerations into product development, data science, and AI initiatives

AI & Data Security

Design and implement policies for AI model security, data governance, and AI risk management, including model poisoning, prompt injection, data leakage, and adversarial attack prevention Establish AI model lifecycle security controls, including dataset provenance, secure training environments, and model monitoring for drift and misuse. Collaborate with data science teams to ensure ethical AI practices and compliance with emerging AI regulations (EU AI Act, NIST AI RMF).

Cybersecurity Operations & Infrastructure Protection

Oversee threat detection, incident response, and vulnerability management for both cloud and on-premise systems Implement and maintain on-premise security controls, including network segmentation, physical data center security, access management, and endpoint protection Lead response to major security incidents, coordinating cross-functional teams and managing communication with regulators, customers, and partners.

Application Security & DevSecOps

Build and scale an application security program, including secure coding standards, automated code scanning, and penetration testing Embed security into CI/CD pipelines and partner with engineering teams to ensure software security best practices Establish secure-by-design guidelines for APIs, microservices, and cloud-native applications

Governance, Risk, Compliance & SOX

Ensure compliance with SOX Section 404 IT General Controls, including change management, logical access controls, and audit trail integrity Collaborate with finance and internal audit teams to ensure IT control effectiveness and timely remediation of deficiencies. Drive enterprise-wide security awareness and training programs, including secure AI usage guidelines. Maintain compliance with other relevant regulations (GDPR, CCPA, HIPAA, PCI-DSS, etc.) and ensure robust audit readiness. Define and monitor key risk indicators (KRIs) and security KPIs to measure program maturity.

Information Technology

Enterprise security strategy and ISMS governance (ISO 27001, NIST CSF) AI and data security (model Protection, bias detection, secure APIs) Develop security operations enablement across CI/CD pipelines and solution designs Security operations, threat detection and incident response Compliance (SOX, GDPR, PCI) and audit readiness Business continuity and disaster recovery testing

Connections and Collaboration

VP DevOps & Platforms: Secure-by-design architecture, CI/CD security controls VP Program Management: Security deliverables in programs & M&A integrations VP Business Partnering: Security/compliance requirements embedded in process design VP Digital Intelligence & AI: Secure data pipelines, monitor AI model risk VP Infrastructure & Service Management: Identity management, network security, BC/DR

Your Profile

================

Qualifications characteristics

10+ years of progressive experience in cybersecurity, with at least 5 years in senior leadership roles Proven track record of building and leading enterprise security programs that cover cloud, on-premise, and hybrid environments Deep expertise in application security, DevSecOps, and software security lifecycle management Strong understanding of AI/ML security risks, model governance, and data protection practices Experience with SOX IT General Controls, compliance testing, and working with auditors. Strong understanding of network security, identity & access management, and physical security for on-premise environments Excellent communication skills with ability to influence senior stakeholders and board-level executives

Preferred Experience

Certifications such as CISSP, CISM, CISA, CCSK/CCSP, or relevant SANS/GIAC credentials Experience working with AI risk frameworks (e.g., NIST AI RMF, ISO/IEC 23894) and AI compliance initiatives Familiarity with zero-trust architectures, hybrid cloud security, and API security

Technical Competencies

Deep understanding of: Network and application security Cloud security (AWS, Azure, GCP) Identity and access management (IAM) Data protection and encryption Security architecture and engineering Knowledge of emerging threats, vulnerabilities, and mitigation techniques. Experience with security tools (SIEM, DLP, EDR, firewalls, etc.).

Leadership & Strategic Skills

Strategic Thinker: Anticipates emerging threats and designs proactive security strategies Business Partner: Balances risk reduction with business agility and innovation Change Agent: Embeds security into development lifecycles and business processes Crisis Leader: Leads calmly and effectively during incidents and audits

Soft Skills

High integrity and ethical standards Excellent communication, negotiation, and presentation skills Crisis management and decision-making under pressure Collaborative mindset with cross-functional teams (IT, Legal, HR, Compliance).

Desirable

Global mindset and experience working across geographies Familiarity with digital transformation and innovation in cybersecurity. * Ability to foster a culture of security awareness across the organization.