This role oversees security governance, risk management, compliance, and incident readiness, while working closely with engineering, product, legal, MIS and other teams to embed security across the organisation and support customer trust and business growth.
Key Responsibilities
Develop and maintain the companys information security strategy, policies, and long-term roadmap. Both for production environments and for internal business by overseeing security of enterprise systems.
Lead security risk assessments, mitigation planning, and ongoing security monitoring.
Lead incident response planning, preparedness, and execution.
Manage security governance, including controls, documentation, and audit readiness.
Ensure compliance with relevant standards and regulations such as SOC 2, ISO 27001, GDPR, and emerging AI frameworks.
Direct security architecture reviews and support secure development practices across product and engineering teams.
Ensure security is integrated into engineering culture and delivery without hindering velocity, while aligning platform security with engineering practices and production resiliency requirements.
Oversee vendor security, penetration testing, and third-party risk management.
Serve as the primary security contact for customers, partners, auditors, and regulators, and own the security aspects of the companys products, in alignment with business and customers needs.
Provide regular updates to executive leadership on security posture, risks, and priorities.
Requirements: Extensive experience in information security leadership, including prior ownership of a security program at scale at SaaS companies.
Strong understanding of security frameworks, cloud security, risk management, and secure software development.
Expertise in security governance, threat modeling, and compliance frameworks (SOC 2, ISO 27001, GDPR, and emerging AI regulations).
Proven ability to manage incidents, lead cross-functional teams, and implement organisation-wide security practices.
Effective communicator with experience supporting enterprise customers and executive stakeholders.
Proven ability to represent the companys security posture to enterprise customers, partners, auditors, and regulators.
Relevant certifications (CISSP, CISM, or equivalent) preferred.
Experience as CISO in a publicly traded company or IPO planning is preferred.
This position is open to all candidates.