What are the responsibilities and job description for the Chief Information Security Officer position at OneSpan?
At OneSpan, we specialize in digital identity and anti-fraud solutions that create exceptional and secure experiences.
OneSpan is seeking a Chief Information Security Officer (CISO) to lead our cybersecurity vision, ensuring the protection of our products, data, and customers.
As CISO, you’ll spearhead our security strategy, manage enterprise-wide risk, and oversee compliance while fostering a culture of proactive security. You'll work alongside executive leadership, R&D teams, and our AI Working Group to implement cutting-edge security practices that align with industry standards and regulations.
If you thrive in a fast-paced, collaborative environment and have a passion for securing digital transformation, we’d love to hear from you.
What You'll Do
Strategy and Leadership:
OneSpan is seeking a Chief Information Security Officer (CISO) to lead our cybersecurity vision, ensuring the protection of our products, data, and customers.
As CISO, you’ll spearhead our security strategy, manage enterprise-wide risk, and oversee compliance while fostering a culture of proactive security. You'll work alongside executive leadership, R&D teams, and our AI Working Group to implement cutting-edge security practices that align with industry standards and regulations.
If you thrive in a fast-paced, collaborative environment and have a passion for securing digital transformation, we’d love to hear from you.
What You'll Do
Strategy and Leadership:
- Develop and communicate the organization's cybersecurity strategy, vision, and goals to executive management, board members, and employees
- Oversee the Cybersecurity Steering Committee consisting of executive management and other key stakeholders and provide quarterly updates to the Audit Committee.
- Provide leadership and guidance to the information security team, fostering a culture of accountability, transparency, and proactive continuous improvement in cybersecurity practices
- Advise R&D on maintaining effective tooling to ensure secure end to end delivery of product to customer utilizing defense in-depth Product Security and Cloud Security
- Serve as Info Sec expert in AI Working Group Risk Management:
- Identify, assess, prioritize, and manage cybersecurity risks to the organization's information assets
- Develop and maintain the organization's IT Risk management framework, policies, procedures, register and standards
- Oversee the operation of the security operations center, security solutions, including the deployment, monitoring, and maintenance of infrastructure, intrusion detection/prevention systems, and endpoint security solutions.
- Lead Security incident response planning and execution to mitigate potential threats and minimize impact
- Oversee vulnerability management efforts across the enterprise and lead efforts to mitigate risk and maintain established security posture.
- Ensure the organization's compliance with relevant regulations, laws, and standards pertaining to information security
- Collaborate with internal and external auditors to conduct regular security assessments, audits and successful recertification of SOC2, ISO 27001/27018
- Promote security awareness and coordinate security training programs for employees at all levels of the organization.
- Foster a culture of proactive cybersecurity awareness and accountability throughout the organization
- Evaluate, monitor, and manage risks associated with third-party vendors and service providers
- Ensure contracts include appropriate security requirements and conduct regular assessments of vendor security practices
- Develop and manage the information security budget, ensuring optimal allocation of resources and investments in line with organizational priorities
- Legal Support
- Review, redline, comment, negotiate information security provisions in customer and/or contracts
- Take ownership of customer escalation related to security provisions and facilitate proper resolution.
- Proven experience (8 years) in a mid-senior level information security management role
- Degree in Computer Science, Information Technology, or a related field (advanced degree preferred)
- Professional Security certifications such as CISSP, CISM, or CISA
- Experience with certification of common information security management frameworks, such as SOC2, ISO 27001 and NIST
- Strong understanding of cybersecurity technologies, risk management frameworks, and global regulatory requirements (GDPR, CCPA, NIS2, DORA)
- Experience in a Global SAAS company
- Experience with cloud and hybrid security principles and practices
- Track record of successfully building and leading high-performing global cybersecurity teams
- Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
