VP & Chief Information Security Officer

Job Description :

Reporting to the Chief Information Officer, the Vice President & Chief Information Security Officer (CISO) is a key executive leader who acts as a strategic business partner and enabler of scalable growth, not just a technical guardian. This leader will design and execute an adaptive, automated, and business-integrated cybersecurity strategy that protects the company's information assets while proactively positioning security as a competitive advantage.

The CISO will evolve the company's security posture by embedding automation and a "secure by design" culture into all operational and product development processes. Reporting to the highest level of leadership, this role is responsible for translating technical risks into quantifiable business impacts, ensuring continuous compliance, and driving a company‑wide security mindset. The CISO will build a resilient and innovative security organization that accelerates, rather than hinders, a high‑growth business, all while building and maintaining trust with customers, partners, and the market.

Design and implement a scalable security strategy and governance model that aligns with business objectives, is adaptable, and anticipates the unique risks and requirements of hypergrowth.

Design and execute a forward‑looking cybersecurity strategy that supports innovation while maintaining customer trust and competitive differentiation, proactively positioning security as a competitive advantage that builds and sustains stakeholders’ trust at scale.

In partnership with Compliance Team, maintain and enhance compliance posture across multiple frameworks including SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, and CCPA 2.0.

Establish automated, risk‑based security governance frameworks and controls that scale effortlessly with the business, enabling decentralized and informed decision‑making.

Lead enterprise‑wide threat detection, vulnerability management (TVM), and incident response programs with measurable effectiveness metrics.

Instantiate security‑as‑code and automated frameworks for architecture, engineering, and operations to eliminate manual toil and support hypergrowth.

Improve an operationalized proactive cyber resilience program focused on minimizing business impact during and after a security event.

Lead the evolution of the SOC, leveraging automation and threat intelligence to achieve 24/7 coverage with maximum efficiency, and transition it toward a data‑driven security‑as‑a‑service model.

Define and track business‑oriented security metrics and key risk indicators (KRIs) that directly inform business leaders on risk exposure and the effectiveness of security investments.

Drive continuous improvement in mean time to detect (MTTD) and mean time to respond (MTTR).

Build a continuous compliance framework, using automation to maintain real‑time audit readiness and demonstrate control effectiveness with minimal friction for product and engineering teams.

Embed security and privacy by design into the product development lifecycle, enabling rapid innovation while meeting and exceeding customer expectations.

Lead enterprise risk assessment programs and maintain a comprehensive risk register with clear mitigation strategies.

Develop a risk quantification program to translate technical risks into business impacts and inform data‑driven investment decisions for the executive team and board.

Act as a strategic business partner to the CEO, C‑suite, and board, using deep business acumen to align security with Flexential’s growth objectives.

Equip the sales and customer success teams to confidently communicate our security story, turning our security posture into a key enabler for winning and retaining enterprise customers.

Scale security culture throughout the organization by empowering all teams to own their security, moving from a centralized security gatekeeper model to a decentralized security enablement model.

Represent Flexential externally with customers, prospects, regulators,…