VP, Chief Information Security Officer

Chief Information Security Officer (CISO)

We are seeking an experienced and highly capable and strategic Chief Information Security Officer to lead our global information security strategy with a strong focus on AI security, cybersecurity risk management, application security, and regulatory compliance. This role is responsible for developing and executing a comprehensive security program that protects our data systems, AI models, applications, and infrastructure both cloud and on-premise while enabling innovation and growth.

You will partner with technology, product, and business leaders to ensure security is integrated by design across our enterprise from secure development practices to AI governance while meeting compliance obligations such as AI Acts, Sarbanes-Oxley (SOX), and other regulatory requirements.

Location : TBC

Reports to : Directly reporting to the CIO

The Chief Information Security Officer is entrusted with the following tasks :

• Develop and execute the enterprise-wide information security, AI security, and compliance strategy aligning with business objectives and risk appetite
• Serve as the executive sponsor for cybersecurity, application security, and infrastructure security initiatives
• Champion a culture of secure innovation embedding security and privacy considerations into product development, data science, and AI initiatives

• Design and implement policies for AI model security, data governance, and AI risk management including model poisoning, prompt injection, data leakage, and adversarial attack prevention
• Establish AI model lifecycle security controls including dataset provenance, secure training environments, and model monitoring for drift and misuse
• Collaborate with data science teams to ensure ethical AI practices and compliance with emerging AI regulations (EU AI Act, NIST AI RMF)

• Oversee threat detection, incident response, and vulnerability management for both cloud and on‑premise systems
• Implement and maintain on‑premise security controls including network segmentation, physical data center security, access management, and endpoint protection
• Lead response to major security incidents coordinating cross‑functional teams and managing communication with regulators, customers, and partners

• Build and scale an application security program including secure coding standards, automated code scanning, and penetration testing
• Embed security into CI/CD pipelines and partner with engineering teams to ensure software security best practices
• Establish secure‑by‑design guidelines for APIs, microservices, and cloud‑native applications

• Ensure compliance with SOX Section 404 IT General Controls including change management, logical access controls, and audit trail integrity
• Collaborate with finance and internal audit teams to ensure IT control effectiveness and timely remediation of deficiencies
• Drive enterprise‑wide security awareness and training programs including secure AI usage guidelines
• Maintain compliance with other relevant regulations (GDPR, CCPA, HIPAA, PCI‑DSS, etc.) and ensure robust audit readiness
• Define and monitor key risk indicators (KRIs) and security KPIs to measure program maturity

• Enterprise security strategy and ISMS governance (ISO 27001, NIST CSF)
• AI and data security (model protection, bias detection, secure APIs)
• Develop security operations enablement across CI/CD pipelines and solution designs
• Security operations: threat detection and incident response
• Compliance (SOX, GDPR, PCI) and audit readiness
• Business continuity and disaster recovery testing

• VP Dev Ops & Platforms:
  Secure‑by‑design architecture, CI/CD security controls
• VP Program Management:
  Security deliverables in programs & M&A integrations
• VP Business Partnering:
  Security/compliance requirements embedded in process design
• VP Digital Intelligence & AI:
  Secure data pipelines, monitor AI model risk
• VP Infrastructure & Service Management:
  Identity management, network security, BC/DR