Jobs · himalayas
Chief Information Security Officer
Keystone AI · United States · Posted 17d ago
About the role
Job Description: Title: Chief Information Security Officer (CISO) Location: Remote – USA Reports to: Chief Technology Officer The Role: JD Power is seeking an enterprise-level security leader to serve as Chief Information Security Officer (CISO). As a member of the Technology Leadership Team, the CISO is the enterprise-wide owner of global cyber security, information risk, and resilience, providing strategic leadership across all regions to protect clients, systems, data, intellectual property, and brand reputation. The CISO defines and executes the global security strategy, leads security operations and governance, ensures compliance with international regulations and standards, and acts as the organization's senior authority on cyber risk The Impact You Will Have in This Role: As Chief Information Security Officer, you will be the driving force behind protecting JD Power’s clients, systems, data, and brand across every region. By defining and executing the global security strategy, maturing governance and security operations, and embedding a strong security culture, you will reduce enterprise risk while enabling the business to innovate and grow with confidence. You will serve as the organization's senior authority on cyber risk—providing the CTO, Operating Team, Board, regulators, and customers with assurance that security is a strategic enabler rather than a barrier. What You’ll Be Doing in This Role: Global Security Strategy & Leadership Own Global Security Strategy: Define and own the global cyber security strategy, aligned to business objectives and risk appetite. Advise Senior Leadership: Provide senior-level leadership and act as a trusted advisor to the CTO, Operating Team, Board Cybersecurity Committee, and senior leaders. Lead Planning & Investment: Lead global planning, budgeting, capability development, and vendor strategy for all security domains. Build a Security Culture: Promote a strong security culture across all regions, embedding secure behaviors and accountability. Governance, Risk Management & Compliance Operate the ISMS: Lead the design, implementation, operation, and continuous improvement of the Information Security Management System (ISMS) aligned to ISO 27001, SOC2, TISAX, and other relevant frameworks. Manage Enterprise Risk: Oversee global risk management, including risk assessments, control selection, and enterprise risk reporting. Compliance: Ensure compliance with global cyber security regulations and industry standards. Maintain Policies & Standards: Lead the development and maintenance of global security policies, standards, and guidelines. Govern Third-Party Risk: Oversee third-party and supply-chain security, including vendor assessments and due diligence. Security Operations, Threat Management & Incident Response Lead Security Operations: Lead global Security Operations (SecOps), including monitoring, detection, threat intelligence, and vulnerability management. Mature CSIRT/CSOC Capabilities: Establish and mature global CSIRT/CSOC capabilities, ensuring 24/7 coverage where required. Command Major Incidents: Act as executive incident commander for major cyber events, ensuring effective response, communication, and recovery. Drive Continuous Improvement: Maintain incident playbooks, escalation paths, and post-incident reviews to drive continuous improvement. Cloud, Application & Product Security Define Secure Architecture: Define and oversee secure architecture, cloud security standards, and identity & access management (IAM). Embed Security in the SDLC: Embed security into the software development lifecycle (SDLC), including secure coding, DevSecOps, and product security reviews. Partner with Engineering: Partner with Engineering and Technology teams to ensure secure design, encryption, and access controls across all platforms. Regulatory, Customer & External Engagement Represent Security Externally: Act as the senior representative for cyber security with regulators, auditors, customers, and partners. Manage Security Assessments: Oversee responses to customer and partner security assessments and due-diligence requests. Track Regulatory Change: Monitor global regulatory developments and translate them into actionable controls and programs. People Leadership & Organizational Development Lead Global Teams: Lead and develop global teams across security operations, governance, risk, compliance, and resilience. Build Organizational Capability: Build organizational capability, succession planning, and specialist talent pipelines. Foster High Performance: Foster a collaborative, high-performance culture across regions and functions. Qualifications of this Role: 10+ years of experience in information security, cybersecurity, with at least 5+ years in a senior leadership role Proven track record of incident response leadership and crisis management. Relevant certifications such as CISSP, CISM, CISA, ISO 27001 Lead Auditor Experience leading large-scale enterprise security progra
Read the full posting on himalayas →
FAQ
Is the Chief Information Security Officer role at Keystone AI remote?+
This Chief Information Security Officer position is listed as remote (United States).
What is the salary for the Chief Information Security Officer role at Keystone AI?+
The listing states Estimated 131k-280k USD.
What seniority level is this Chief Information Security Officer role?+
This is a unknown level position.
How do I apply for the Chief Information Security Officer role at Keystone AI?+
Use the "Apply on himalayas" button to open the original posting on himalayas, where you can submit your application directly to Keystone AI.