Chief Information Security Officer

Chief Information Security Officer

Enterprise Risk and Data Security

This role is for a senior security leader who wants real ownership of enterprise risk and data protection. Someone who understands how security, technology, and business decisions intersect at scale and who can shape that intersection with clarity and judgement.

You will lead risk management and data security for a global organization where data, cloud platforms, and emerging technologies are central to how the business operates. The expectation is not to slow the organization down, but to help it move forward with a clear understanding of risk, impact, and tradeoffs.

The opportunity

Enterprise cyber risk and data protection are evolving quickly. Static risk registers, disconnected controls, and siloed ownership no longer work. This role exists to modernize how risk is identified, prioritized, and resolved, and to establish a cohesive, enterprise-wide approach to protecting data throughout its lifecycle.

You will lead a small but high-impact organization responsible for strategic risk management and reduction, supplier and third-party security, and enterprise data security including protection, classification, resilience, and data loss prevention. Your teams will work closely with technology, legal, privacy, and business partners to ensure security decisions are practical, measurable, and aligned to business outcomes.

What you will be responsible for

You will define and lead the company's approach to technology and cyber risk, data protection, and data governance. This includes:

* Setting the vision, operating model, and roadmap for enterprise risk management and data security
* Building and leading global teams across risk, supplier security, and data protection
* Establishing governance forums that drive clear decisions and accountability
* Translating technical risk into business impact for executive leadership and the board
* Maintaining trust through accurate, actionable, and credible risk reporting
* Enabling informed risk decisions without unnecessary friction or bureaucracy

How you will make an impact

Risk management that resolves risk
You will oversee the modernization of risk management so it focuses on remediation and outcomes, not just tracking. Your teams will identify and score risk, prioritize based on impact and likelihood, and drive solutions through to completion in partnership with technology and business leaders.

Enterprise data protection by design
You will define and own the enterprise data protection strategy across discovery, classification, governance, and control. This includes structured and unstructured data, cloud platforms, SaaS applications, endpoints, data lakes, and analytics environments.

You will be the executive authority on data risk, ensuring regulatory, legal, and business requirements are translated into practical, enforceable policies and controls.

Governance that scales with the business
You will establish and oversee data governance frameworks covering ownership, stewardship, lifecycle management, retention, and disposition. Governance will be embedded into day-to-day operations and designed to scale across hybrid and multi-cloud environments.

Security that supports innovation
You will partner closely with architecture, engineering, product, and business teams to enable secure innovation. This includes emerging technologies, cloud migrations, AI and analytics platforms, and third-party relationships.

What kind of leader succeeds in this role

This role suits someone with strong technical depth who is equally comfortable operating at executive level. You understand how security controls are built and operated, but you also understand how business decisions are made and how risk is weighed against opportunity.

You are able to navigate disagreement, make independent judgments, and lead through influence. You focus on outcomes, not theater, and you are comfortable being accountable for difficult decisions.

You have built and led global teams, developed senior talent, and established credibility across technology, security, legal, and business communities.

Background and experience

* Extensive experience in information security, cyber risk, and data protection at enterprise scale
* Senior leadership experience owning enterprise-wide security or risk functions
* Hands-on understanding of cloud platforms, identity and access management, data security, DevSecOps, and third-party risk
* Experience translating regulatory and framework requirements into operational controls
* Strong executive communication skills with experience presenting to boards and senior leadership

Formal qualifications, certifications, and frameworks are important, but sound judgment, technical credibility, and leadership presence are essential.

Why this role is different

You will not inherit a static program. You will shape how enterprise risk and data protection work going forward. You will have the mandate to modernize, to simplify, and to focus on real risk reduction. You will work with leaders who expect partnership, challenge, and clarity.

If you are a security leader who wants meaningful ownership, visible impact, and the opportunity to leave a lasting mark on how risk and data protection are done, this role offers that platform.