Chief Information Security Officer

Our client is a global leader in technology‑enabled industrial solutions supporting essential products, food protection, logistics, and digital commerce. Operating across more than 100 countries, the company is focused on building a modern, resilient, and sustainable global supply chain. The organization fosters a high‑performance culture built on accountability, innovation, and continuous improvement. They are investing heavily in digital transformation and are expanding their global cybersecurity leadership.

The organization is seeking a senior cybersecurity executive to lead the enterprise security governance program. This role owns the strategic security architecture, risk management framework, and oversight of operational cybersecurity execution across the global enterprise. This leader serves as the primary authority for information security governance, reporting directly to the Global CIO, and acts as a trusted advisor to executive leadership, the Audit Committee, and the Board.

A major priority is transitioning the enterprise to the NIST Cybersecurity Framework 2.0, with emphasis on formalizing the GOVERN function and elevating risk quantification, AI governance, and secure architectural standards.

• Build and evolve the enterprise security strategy using NIST CSF 2.0, with a focus on embedding the GOVERN function into business processes.
• Establish, maintain, and approve all global security policies including identity, network, cloud, and operational controls.
• Shift the security program from technical vulnerability metrics to financial risk modeling; manage the Enterprise Risk Register and own final approval of risk‑acceptance decisions.
• Oversee privacy and data protection governance across global operations.
• Serve as the primary liaison to Internal Audit and SOX compliance teams, ensuring clarity and sufficiency of control design and communicating effectively with auditors.

• Implement the NIST AI Risk Management Framework (AI RMF 1.0) for both traditional and generative AI systems.
• Establish testing and assurance processes for AI including trustworthiness, explainability, data integrity, and bias evaluation.
• Collaborate with data engineering teams to embed security requirements—such as RBAC and row‑level data controls—into enterprise data platforms.

• Provide independent oversight of Cyber Operations and IT Infrastructure teams, ensuring controls are operating effectively and improving detection and response performance (e.g., MTTC).
• Participate as a voting member of the Architecture Review Board with the authority to block solutions that do not meet secure‑design standards.
• Direct the Cyber Supply Chain Risk Management program, including third‑party risk assessments and digital ecosystem evaluations.

• Act as the executive authority to declare a cybersecurity incident and lead the enterprise crisis response.
• Coordinate cross‑functional response activities with Legal, Regulatory, Communications, and Insurance partners.
• Own the enterprise cyber‑incident response plan and ensure readiness across global business units, manufacturing sites, and technology teams.
• Prepare and deliver quarterly cybersecurity briefings to executive leadership and the Board, translating technical risk into business impact and strategic insights.

• Ability to drive outcomes across matrixed global teams without direct operational ownership.
• Skilled at holding IT Operations accountable for patching, configuration management, and control execution through governance—rather than command‑and‑control.

• Deep working knowledge of NIST CSF 2.0, NIST AI RMF 1.0, and global data privacy regulations (e.g., GDPR, CCPA).

• Experienced in balancing business objectives with security requirements, creating well‑structured risk‑acceptance positions, and designing compensating controls for legacy systems.

• Strong understanding of cloud architectures (preferably Azure), manufacturing/OT environments, and AI/ML platforms.
• Capable of challenging engineering and architecture teams on secure‑design principles across cloud, application, and operational technology domains.