VP, Chief Information Security Officer

We are seeking a experienced and highly capable and strategic Chief Information Security Officer to lead our global information security strategy with a strong focus on AI security, cybersecurity risk management, application security, and regulatory compliance. This role is responsible for developing and executing a comprehensive security program that protects our data, systems, AI models, applications, and infrastructure - both cloud and on-premise - while enabling innovation and growth.

You will partner with technology, product, and business leaders to ensure security is integrated by design across our enterprise - from secure development practices to AI governance - while meeting compliance obligations such as AI Acts, Sarbanes-Oxley (SOX) and other regulatory requirements.

Location: TBC

Reports to: Directly reporting to the CIO

The Chief Information Security Officer is entrusted with the following tasks:

Strategic Leadership

• Develop and execute the enterprise-wide information security, AI security, and compliance strategy, aligning with business objectives and risk appetite
• Serve as the executive sponsor for cybersecurity, application security, and infrastructure security initiatives
• Champion a culture of secure innovation, embedding security and privacy considerations into product development, data science, and AI initiatives

AI & Data Security

• Design and implement policies for AI model security, data governance, and AI risk management, including model poisoning, prompt injection, data leakage, and adversarial attack prevention
• Establish AI model lifecycle security controls, including dataset provenance, secure training environments, and model monitoring for drift and misuse.
• Collaborate with data science teams to ensure ethical AI practices and compliance with emerging AI regulations (EU AI Act, NIST AI RMF).

Cybersecurity Operations & Infrastructure Protection

• Oversee threat detection, incident response, and vulnerability management for both cloud and on-premise systems
• Implement and maintain on-premise security controls, including network segmentation, physical data center security, access management, and endpoint protection
• Lead response to major security incidents, coordinating cross-functional teams and managing communication with regulators, customers, and partners.

Application Security & DevSecOps

• Build and scale an application security program, including secure coding standards, automated code scanning, and penetration testing
• Embed security into CI/CD pipelines and partner with engineering teams to ensure software security best practices
• Establish secure-by-design guidelines for APIs, microservices, and cloud-native applications

Governance, Risk, Compliance & SOX

• Ensure compliance with SOX Section 404 IT General Controls, including change management, logical access controls, and audit trail integrity
• Collaborate with finance and internal audit teams to ensure IT control effectiveness and timely remediation of deficiencies.
• Drive enterprise-wide security awareness and training programs, including secure AI usage guidelines.
• Maintain compliance with other relevant regulations (GDPR, CCPA, HIPAA, PCI-DSS, etc.) and ensure robust audit readiness.
• Define and monitor key risk indicators (KRIs) and security KPIs to measure program maturity.

Information Technology

• Enterprise security strategy and ISMS governance (ISO 27001, NIST CSF)
• AI and data security (model Protection, bias detection, secure APIs)
• Develop security operations enablement across CI/CD pipelines and solution designs
• Security operations, threat detection and incident response
• Compliance (SOX, GDPR, PCI) and audit readiness
• Business continuity and disaster recovery testing

Connections and Collaboration

• VP DevOps & Platforms: Secure-by-design architecture, CI/CD security controls
• VP Program Management: Security deliverables in programs & M&A integrations
• VP Business Partnering: Security/compliance requirements embedded in process design
• VP Infrastructure & Service Management: Identity management, network security, BC/DR

• 10+ years of progressive experience in cybersecurity, with at least 5 years in senior leadership roles
• Proven track record of building and leading enterprise security programs that cover cloud, on-premise, and hybrid environments
• Deep expertise in application security, DevSecOps, and software security lifecycle management
• Strong understanding of AI/ML security risks, model governance, and data protection practices
• Experience with SOX IT General Controls, compliance testing, and working with auditors.
• Strong understanding of network security, identity & access management, and physical security for on-premise environments
• Excellent communication skills with ability to influence senior stakeholders and board-level executives

Preferred Experience

• Certifications such as CISSP, CISM, CISA, CCSK/CCSP, or relevant SANS/GIAC credentials
• Experience working with AI risk frameworks (e.g., NIST AI RMF, ISO/IEC 23894) and AI compliance initiatives
• Familiarity with zero-trust architectures, hybrid cloud security, and API security
• Deep understanding of:
• Network and application security
• Cloud security (AWS, Azure, GCP)
• Identity and access management (IAM)
• Data protection and encryption
• Security architecture and engineering
• Knowledge of emerging threats, vulnerabilities, and mitigation techniques.
• Experience with security tools (SIEM, DLP, EDR, firewalls, etc.).

Leadership & Strategic Skills

• Strategic Thinker: Anticipates emerging threats and designs proactive security strategies
• Business Partner: Balances risk reduction with business agility and innovation
• Change Agent: Embeds security into development lifecycles and business processes
• Crisis Leader: Leads calmly and effectively during incidents and audits

Soft Skills

• High integrity and ethical standards
• Excellent communication, negotiation, and presentation skills
• Crisis management and decision-making under pressure
• Collaborative mindset with cross-functional teams (IT, Legal, HR, Compliance).
• Global mindset and experience working across geographies
• Familiarity with digital transformation and innovation in cybersecurity.
• Ability to foster a culture of security awareness across the organization.