Chief Information Security Officer (CISO)

Key Responsibilities

• Develop and implement the organizations information security strategy and roadmap, building robust security architecture and policies aligned with business needs, risk assessments, and regulatory requirements.
• Define and maintain security policies, standards, and procedures in line with business objectives and industry best practices.
• Assess emerging threats and trends and adapt security strategies accordingly.
• Identify, evaluate, and prioritize security risks across the organization.
• Develop and maintain a risk management framework to effectively mitigate identified risks.
• Manage the risk management program, including IT disaster recovery and business continuity planning.
• Oversee the design, implementation, and maintenance of security controls, technologies, and processes.
• Coordinate and lead incident response activities, ensuring timely mitigation of security incidents.
• Conduct regular security assessments and audits to ensure effectiveness and compliance.
• Ensure compliance with applicable laws, regulations, and industry standards (e.g. GDPR, HIPAA, ISO 27001), where required.
• Establish and maintain governance structures to support effective information security management.
• Liaise with internal and external auditors and regulators, providing guidance on investigations, audits, research studies, forecasts, and risk models.
• Develop and deliver security awareness programs for employees.
• Provide security training to IT staff and relevant stakeholders.
• Establish, control, and monitor the information security budget, ensuring alignment with agreed indicators.
• Execute additional tasks as assigned by senior management.

Qualifications

• Bachelors degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Masters degree in a relevant discipline is preferred.
• 10–15 years of experience across risk management, information security, and IT roles.
• 5–10 years in a senior management role within an information security function.
• Recognized information security certifications (e.g. CISSP, CISM).
• Languages: Professional proficiency in English and French.

Required Skills

• Strong business orientation with an understanding of business operations and strategic alignment.
• Solid knowledge of cybersecurity frameworks and technologies, including NIST, ISO, CIS Controls, SIEM, IDS/IPS, DLP, encryption, and cloud security.
• Excellent leadership, communication, and stakeholder management skills, including the ability to present to and work with C-level executives.
• Strong analytical and problem-solving skills, with the ability to make risk-based decisions in a fast-paced environment.
• Proven experience in leading, developing, and managing diverse cybersecurity teams.
• Strong planning, organization, and prioritization skills, with adherence to deadlines.
• Innovative, strategic thinker with a strong solution-oriented mindset.