At OneSpan, we specialize in digital identity and anti-fraud solutions that create exceptional and secure experiences.
OneSpan is seeking a Chief Information Security Officer (CISO) to lead our cybersecurity vision, ensuring the protection of our products, data, and customers.
As CISO, you’ll spearhead our security strategy, manage enterprise-wide risk, and oversee compliance while fostering a culture of proactive security. You'll work alongside executive leadership, R&D teams, and our AI Working Group to implement cutting-edge security practices that align with industry standards and regulations.
If you thrive in a fast-paced, collaborative environment and have a passion for securing digital transformation, we’d love to hear from you.
What You'll Do:
Strategy and Leadership:
· Develop and communicate the organization's cybersecurity strategy, vision, and goals to executive management, board members, and employees
· Oversee the Cybersecurity Steering Committee consisting of executive management and other key stakeholders and provide quarterly updates to the Audit Committee.
· Provide leadership and guidance to the information security team, fostering a culture of accountability, transparency, and proactive continuous improvement in cybersecurity practices
· Advise R&D on maintaining effective tooling to ensure secure end to end delivery of product to customer utilizing defense in-depth Product Security and Cloud Security
· Serve as Info Sec expert in AI Working Group Risk Management:
· Identify, assess, prioritize, and manage cybersecurity risks to the organization's information assets
· Develop and maintain the organization's IT Risk management framework, policies, procedures, register and standards
Security Operations:
· Oversee the operation of the security operations center, security solutions, including the deployment, monitoring, and maintenance of infrastructure, intrusion detection/prevention systems, and endpoint security solutions.
· Lead Security incident response planning and execution to mitigate potential threats and minimize impact
· Oversee vulnerability management efforts across the enterprise and lead efforts to mitigate risk and maintain established security posture.
Compliance and Audit:
· Ensure the organization's compliance with relevant regulations, laws, and standards pertaining to information security
· Collaborate with internal and external auditors to conduct regular security assessments, audits and successful recertification of SOC2, ISO 27001/27018
Training and Awareness:
· Promote security awareness and coordinate security training programs for employees at all levels of the organization.
· Foster a culture of proactive cybersecurity awareness and accountability throughout the organization
Vendor and Third-Party Risk Management:
· Evaluate, monitor, and manage risks associated with third-party vendors and service providers
· Ensure contracts include appropriate security requirements and conduct regular assessments of vendor security practices
Budget Management:
· Develop and manage the information security budget, ensuring optimal allocation of resources and investments in line with organizational priorities
· Legal Support
· Review, redline, comment, negotiate information security provisions in customer and/or contracts
· Take ownership of customer escalation related to security provisions and facilitate proper resolution.
What you have:
- Proven experience (8+ years) in a mid-senior level information security management role
· Degree in Computer Science, Information Technology, or a related field (advanced degree preferred)
· Professional Security certifications such as CISSP, CISM, or CISA
· Experience with certification of common information security management frameworks, such as SOC2, ISO 27001 and NIST
· Strong understanding of cybersecurity technologies, risk management frameworks, and global regulatory requirements (GDPR, CCPA, NIS2, DORA)
· Experience in a Global SAAS company
· Experience with cloud and hybrid security principles and practices
· Track record of successfully building and leading high-performing global cybersecurity teams
· Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
#LI-HW1
#LI-LS1
#LI-Remote