Chief information security officer

The Chief Information Security Officer (CISO) is a strategic executive responsible for the vision, leadership, and execution of the company's global information security program. This role will safeguard all digital and physical information assets, manage cyber risk across the entire enterprise, and ensure resilience against an evolving threat landscape. The CISO will serve as the primary authority on cybersecurity, advising the C-suite and Board of Directors, and fostering a culture of security awareness throughout the organization.

Key Responsibilities

1. Strategic Leadership & Governance :

Develop and continuously refine a global, business-aligned cybersecurity strategy and roadmap.

Establish and chair a cross-functional Cybersecurity Governance Committee.

Define and enforce information security policies, standards, and guidelines across all business units and regions.

Present regular reports on the state of cybersecurity, threat landscape, and program effectiveness to the CEO, executive team, and Board of Directors.

2. Risk Management & Compliance :

Own the enterprise-wide cyber risk management framework, including identification, assessment, mitigation, and reporting of cyber risks.

Ensure compliance with global data protection and privacy regulations (e.g., GDPR, CCPA, etc.) and industry-specific standards (e.g., SOX, ISO 27001, NIST, PCI-DSS).

Manage cybersecurity audits and serve as the primary liaison with regulators and auditors on all security-related matters.

3. Incident Response & Business Continuity :

Serve as the ultimate commander during major cybersecurity incidents, leading the cross-functional incident response team.

Ensure incident response and business continuity plans are robust, tested, and effective.

Manage post-incident reviews and implement lessons learned to strengthen security posture.

4. Third-Party & Supply Chain Risk :

Develop and manage a comprehensive third-party risk management program to assess and monitor the security posture of vendors and partners.

Integrate security requirements into contracts and procurement processes.

5. Culture & Awareness :

Champion a pervasive and positive "security-first" culture across the entire organization.

Design and deliver ongoing, role-specific security awareness and training programs to reduce human risk.

6. Budget & Team Leadership :

Build, mentor, and lead a high-performing global cybersecurity team.

Develop and manage the annual global cybersecurity budget, ensuring efficient allocation of resources.

Qualifications & Experience

15+ years of progressive experience in information security, with at least 8+ years in a senior leadership role (e.g., CISO, Deputy CISO, Head of Security) overseeing a global program.

Proven track record of developing and executing a multi-year cybersecurity strategy in a complex, multinational corporation.

Deep, hands-on technical knowledge of security technologies, cloud security (AWS, Azure, GCP), network architecture, and Zero Trust principles.

Extensive experience in incident response and crisis management, with a proven ability to lead under pressure.

Expert knowledge of global regulatory frameworks and compliance requirements (GDPR, NIST, ISO 27001).

Demonstrated experience in presenting to and advising a Board of Directors on cyber risk.

Excellent communication, interpersonal, and influencing skills, with the ability to articulate cyber risk in business terms to non-technical stakeholders.

Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or a related field.

Highly Desirable :

Master’s degree in Business Administration (MBA) or a related technical field.

Recognized security certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CISA (Certified Information Systems Auditor).

Experience in the (Your Industry, e.g., Financial Services, Technology, Healthcare) sector.

Experience managing security through a significant digital transformation or cloud migration.

Personal Attributes

Strategic Visionary : Able to see the big picture and translate threats into business risks and opportunities.

Resilient Leader : Calm and decisive, especially during a crisis.

Influential Collaborator : Builds strong, trusted relationships with executives, technical teams, and business units.

Business Acumen : Understands the company's goals and aligns security initiatives to support them.

Continuous Learner : Stays abreast of the latest cyber threats, threat actors, and security technologies.