Chief Information Security Officer (CISO)

Overview

Summary

Key Responsibilities

• Develop and execute a comprehensive information security strategy aligned with business goals and risk appetite.
• Own governance, risk, and compliance (GRC): establish security policies, standards, and controls; oversee risk assessments and remediation plans.
• Lead security operations: threat detection, monitoring, incident response, forensics, and vulnerability management.
• Build and manage a security program covering application, cloud, infrastructure, identity, endpoint, and data protection.
• Oversee identity and access management, privileged access controls, MFA, and least‑privilege enforcement.
• Manage security architecture and tooling (SIEM, EDR, DLP, WAF, CASB, IAM, vulnerability scanners) and ensure secure design of systems and integrations.
• Coordinate security for cloud platforms (AWS/Azure/GCP), SaaS, and on‑prem environments including IaC security and cloud posture management.
• Lead third‑party/vendor security assessments, contractual security controls, and supply‑chain risk management.
• Drive secure development practices: threat modeling, SAST/DAST, code review, dependency scanning, and DevSecOps integration.
• Oversee data protection, encryption, key management, and privacy‑by‑design practices in collaboration with legal/privacy teams.
• Manage incident response plan, runbooks, tabletop exercises, and post‑incident reviews; report major incidents to executives and board.
• Maintain compliance with relevant standards and regulations (ISO 27001, SOC 2, PCI‑DSS, HIPAA, GDPR) and lead audits and attestations.
• Develop security awareness and training programs for all employees; foster a risk‑aware culture.
• Recruit, mentor, and develop security team members and coordinate cross‑functional security initiatives.
• Report security metrics and risk posture to the executive team and board; advise on security implications of strategic initiatives.

Qualifications

• Bachelor’s degree in Computer Science, Information Security, or related field; advanced degree preferred.
• 10+ years of progressive security experience with several years in senior leadership/management roles.
• Deep technical knowledge across cloud security, network/security architecture, identity, application security, and incident response.
• Proven experience with security frameworks and compliance regimes (ISO 27001, SOC 2, NIST, PCI, HIPAA, GDPR).
• Strong business acumen and ability to translate technical risk into business impact for executives and board members.
• Excellent communication, stakeholder management, and crisis‑management skills.
• Preferred skills
• Certifications such as CISSP, CISM, CCSP, or similar.
• Experience securing cloud‑native architectures, DevSecOps practices, and modern SaaS environments.
• Background in conducting security due diligence for M&A and managing security as part of product development.
• Familiarity with privacy regulations and working with legal/compliance teams.

Job Types: Full-time, Permanent