Chief Information Security Officer (CISO)

We are seeking a experienced and highly capable and strategic Chief Information Security Officer to lead our global information security strategy with a strong focus on AI security, cybersecurity risk management, application security, and regulatory compliance. This role is responsible for developing and executing a comprehensive security program that protects our data, systems, AI models, applications, and infrastructure — both cloud and on-premise — while enabling innovation and growth.

You will partner with technology, product, and business leaders to ensure security is integrated by design across our enterprise — from secure development practices to AI governance — while meeting compliance obligations such as AI Acts, Sarbanes-Oxley (SOX) and other regulatory requirements.

Location: TBC

Reports to: Directly reporting to the CIO

Your Role in our Future

The Chief Information Security Officer is entrusted with the following tasks:

Strategic Leadership

  • Develop and execute the enterprise-wide information security, AI security, and compliance strategy, aligning with business objectives and risk appetite
  • Serve as the executive sponsor for cybersecurity, application security, and infrastructure security initiatives
  • Champion a culture of secure innovation, embedding security and privacy considerations into product development, data science, and AI initiatives

AI & Data Security

  • Design and implement policies for AI model security, data governance, and AI risk management, including model poisoning, prompt injection, data leakage, and adversarial attack prevention
  • Establish AI model lifecycle security controls, including dataset provenance, secure training environments, and model monitoring for drift and misuse.
  • Collaborate with data science teams to ensure ethical AI practices and compliance with emerging AI regulations (EU AI Act, NIST AI RMF).

Cybersecurity Operations & Infrastructure Protection

  • Oversee threat detection, incident response, and vulnerability management for both cloud and on-premise systems
  • Implement and maintain on-premise security controls, including network segmentation, physical data center security, access management, and endpoint protection
  • Lead response to major security incidents, coordinating cross-functional teams and managing communication with regulators, customers, and partners.

Application Security & DevSecOps

  • Build and scale an application security program, including secure coding standards, automated code scanning, and penetration testing
  • Embed security into CI/CD pipelines and partner with engineering teams to ensure software security best practices
  • Establish secure-by-design guidelines for APIs, microservices, and cloud-native applications

Governance, Risk, Compliance & SOX

  • Ensure compliance with SOX Section 404 IT General Controls, including change management, logical access controls, and audit trail integrity
  • Collaborate with finance and internal audit teams to ensure IT control effectiveness and timely remediation of deficiencies.
  • Drive enterprise-wide security awareness and training programs, including secure AI usage guidelines.
  • Maintain compliance with other relevant regulations (GDPR, CCPA, HIPAA, PCI-DSS, etc.) and ensure robust audit readiness.
  • Define and monitor key risk indicators (KRIs) and security KPIs to measure program maturity.

Information Technology

  • Enterprise security strategy and ISMS governance (ISO 27001, NIST CSF)
  • AI and data security (model Protection, bias detection, secure APIs)
  • Develop security operations enablement across CI/CD pipelines and solution designs
  • Security operations, threat detection and incident response
  • Compliance (SOX, GDPR, PCI) and audit readiness
  • Business continuity and disaster recovery testing

Connections and Collaboration

  • VP DevOps & Platforms: Secure-by-design architecture, CI/CD security controls
  • VP Program Management: Security deliverables in programs & M&A integrations
  • VP Business Partnering: Security/compliance requirements embedded in process design
  • VP Digital Intelligence & AI: Secure data pipelines, monitor AI model risk
  • VP Infrastructure & Service Management: Identity management, network security, BC/DR

Your Profile

Qualifications characteristics

  • 10+ years of progressive experience in cybersecurity, with at least 5 years in senior leadership roles
  • Proven track record of building and leading enterprise security programs that cover cloud, on-premise, and hybrid environments
  • Deep expertise in application security, DevSecOps, and software security lifecycle management
  • Strong understanding of AI/ML security risks, model governance, and data protection practices
  • Experience with SOX IT General Controls, compliance testing, and working with auditors.
  • Strong understanding of network security, identity & access management, and physical security for on-premise environments
  • Excellent communication skills with ability to influence senior stakeholders and board-level executives

Preferred Experience

  • Certifications such as CISSP, CISM, CISA, CCSK/CCSP, or relevant SANS/GIAC credentials
  • Experience working with AI risk frameworks (e.g., NIST AI RMF, ISO/IEC 23894) and AI compliance initiatives
  • Familiarity with zero-trust architectures, hybrid cloud security, and API security

Technical Competencies

  • Deep understanding of:
  • Network and application security
  • Cloud security (AWS, Azure, GCP)
  • Identity and access management (IAM)
  • Data protection and encryption
  • Security architecture and engineering
  • Knowledge of emerging threats, vulnerabilities, and mitigation techniques.
  • Experience with security tools (SIEM, DLP, EDR, firewalls, etc.).

Leadership & Strategic Skills

  • Strategic Thinker: Anticipates emerging threats and designs proactive security strategies
  • Business Partner: Balances risk reduction with business agility and innovation
  • Change Agent: Embeds security into development lifecycles and business processes
  • Crisis Leader: Leads calmly and effectively during incidents and audits

Soft Skills

  • High integrity and ethical standards
  • Excellent communication, negotiation, and presentation skills
  • Crisis management and decision-making under pressure
  • Collaborative mindset with cross-functional teams (IT, Legal, HR, Compliance).

Desirable

  • Global mindset and experience working across geographies
  • Familiarity with digital transformation and innovation in cybersecurity.
  • Ability to foster a culture of security awareness across the organization.

Create job alert:

Similar Jobs

No similar positions at the moment.

All jobs
© 2025 Quadient. All rights reserved.
Who We Are Privacy Policy Terms of Use Accessibility