Chief Information Security Officer (CISO)

Role Overview

The Chief Information Security Officer (CISO) is responsible for leading the organization’s cybersecurity strategy, governance, and operational security programs. This role oversees the development and execution of enterprise-wide information security initiatives designed to protect systems, applications, infrastructure, and sensitive data from evolving cyber threats.

The position requires a highly experienced cybersecurity leader with expertise in governance, cloud security, incident response, risk management, and security operations within large-scale or enterprise technology environments.

Key Responsibilities

Cybersecurity Strategy & Leadership

• Define and lead the organization’s long-term cybersecurity roadmap, including strategic initiatives, risk reduction goals, and performance metrics.
• Develop cybersecurity objectives and reporting frameworks for executive leadership and key stakeholders.
• Build, lead, and mentor high-performing cybersecurity teams while promoting collaboration, accountability, and continuous improvement.
• Partner with business and technology leaders to align security initiatives with organizational objectives and transformation programs.

Security Governance & Risk Management

• Establish and enhance cybersecurity governance frameworks, standards, and operational controls.
• Ensure alignment with industry security standards, regulatory requirements, and data protection practices.
• Lead initiatives related to risk management, data protection, encryption, identity and access management, and privileged access controls.
• Support third-party security assessments and vendor risk management activities.

Security Operations & Incident Response

• Oversee enterprise security operations and incident response capabilities.
• Collaborate with operational security teams to strengthen detection, monitoring, and response processes.
• Lead the development and continuous improvement of security processes and controls to address evolving cyber threats.
• Ensure security practices are embedded across technology environments and software development processes.

Cloud & Emerging Technology Security

• Define security strategies for cloud platforms, containerized environments, automation, and emerging technologies.
• Drive implementation of cloud security best practices, including infrastructure security, continuous monitoring, and automation frameworks.
• Monitor emerging cybersecurity trends and evolving threat landscapes to proactively improve security posture.

Qualifications

Required

• Bachelor’s degree in Information Technology, Computer Science, Engineering, or a related field.
• Minimum of 15 years of experience in cybersecurity or information security within enterprise or large-scale technology environments.
• At least 7 years of leadership experience managing cybersecurity teams and organizational security programs.
• Strong knowledge of cybersecurity frameworks, standards, and compliance requirements such as NIST, ISO 27001, and related governance models.
• Deep understanding of cloud security principles, infrastructure security, automation, and modern security architectures.
• Experience leading enterprise security operations, governance, risk management, and incident response initiatives.
• Strong communication and stakeholder management skills, including the ability to engage executive leadership and simplify complex security concepts.
• Ability to evaluate emerging cybersecurity risks and adapt security programs accordingly.

Preferred

• Industry certifications such as CISSP, CISM, CISA, or equivalent cybersecurity credentials.
• Experience supporting secure software development and enterprise transformation initiatives.

Key Competencies

• Cybersecurity strategy and governance
• Executive leadership and stakeholder management
• Risk management and compliance oversight
• Security operations and incident response
• Cloud and emerging technology security
• Team leadership and organizational development
• Analytical thinking and strategic decision-making