Chief Information Security Officer
Apply NowCompany: OneSpan Inc.
Location: Boston, MA 02115
Description:
At OneSpan, we specialize in digital identity and anti-fraud solutions that create exceptional and secure experiences.
OneSpan is seeking a Chief Information Security Officer (CISO) to lead our cybersecurity vision, ensuring the protection of our products, data, and customers.
As CISO, you'll spearhead our security strategy, manage enterprise-wide risk, and oversee compliance while fostering a culture of proactive security. You'll work alongside executive leadership, R&D teams, and our AI Working Group to implement cutting-edge security practices that align with industry standards and regulations.
If you thrive in a fast-paced, collaborative environment and have a passion for securing digital transformation, we'd love to hear from you.
What You'll Do:
Strategy and Leadership:
Develop and communicate the organization's cybersecurity strategy, vision, and goals to executive management, board members, and employees
Oversee the Cybersecurity Steering Committee consisting of executive management and other key stakeholders and provide quarterly updates to the Audit Committee.
Provide leadership and guidance to the information security team, fostering a culture of accountability, transparency, and proactive continuous improvement in cybersecurity practices
Advise R&D on maintaining effective tooling to ensure secure end to end delivery of product to customer utilizing defense in-depth Product Security and Cloud Security
Serve as Info Sec expert in AI Working Group Risk Management:
Identify, assess, prioritize, and manage cybersecurity risks to the organization's information assets
Develop and maintain the organization's IT Risk management framework, policies, procedures, register and standards
Security Operations:
Oversee the operation of the security operations center, security solutions, including the deployment, monitoring, and maintenance of infrastructure, intrusion detection/prevention systems, and endpoint security solutions.
Lead Security incident response planning and execution to mitigate potential threats and minimize impact
Oversee vulnerability management efforts across the enterprise and lead efforts to mitigate risk and maintain established security posture.
Compliance and Audit:
Ensure the organization's compliance with relevant regulations, laws, and standards pertaining to information security
Collaborate with internal and external auditors to conduct regular security assessments, audits and successful recertification of SOC2, ISO 27001/27018
Training and Awareness:
Promote security awareness and coordinate security training programs for employees at all levels of the organization.
Foster a culture of proactive cybersecurity awareness and accountability throughout the organization
Vendor and Third-Party Risk Management:
Evaluate, monitor, and manage risks associated with third-party vendors and service providers
Ensure contracts include appropriate security requirements and conduct regular assessments of vendor security practices
Budget Management:
Develop and manage the information security budget, ensuring optimal allocation of resources and investments in line with organizational priorities
Legal Support
Review, redline, comment, negotiate information security provisions in customer and/or contracts
Take ownership of customer escalation related to security provisions and facilitate proper resolution.
What you have:
- Proven experience (8+ years) in a mid-senior level information security management role
Degree in Computer Science, Information Technology, or a related field (advanced degree preferred)
Professional Security certifications such as CISSP, CISM, or CISA
Experience with certification of common information security management frameworks, such as SOC2, ISO 27001 and NIST
Strong understanding of cybersecurity technologies, risk management frameworks, and global regulatory requirements (GDPR, CCPA, NIS2, DORA)
Experience in a Global SAAS company
Experience with cloud and hybrid security principles and practices
Track record of successfully building and leading high-performing global cybersecurity teams
Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
#LI-HW1
#LI-LS1
#LI-Remote
OneSpan is seeking a Chief Information Security Officer (CISO) to lead our cybersecurity vision, ensuring the protection of our products, data, and customers.
As CISO, you'll spearhead our security strategy, manage enterprise-wide risk, and oversee compliance while fostering a culture of proactive security. You'll work alongside executive leadership, R&D teams, and our AI Working Group to implement cutting-edge security practices that align with industry standards and regulations.
If you thrive in a fast-paced, collaborative environment and have a passion for securing digital transformation, we'd love to hear from you.
What You'll Do:
Strategy and Leadership:
Develop and communicate the organization's cybersecurity strategy, vision, and goals to executive management, board members, and employees
Oversee the Cybersecurity Steering Committee consisting of executive management and other key stakeholders and provide quarterly updates to the Audit Committee.
Provide leadership and guidance to the information security team, fostering a culture of accountability, transparency, and proactive continuous improvement in cybersecurity practices
Advise R&D on maintaining effective tooling to ensure secure end to end delivery of product to customer utilizing defense in-depth Product Security and Cloud Security
Serve as Info Sec expert in AI Working Group Risk Management:
Identify, assess, prioritize, and manage cybersecurity risks to the organization's information assets
Develop and maintain the organization's IT Risk management framework, policies, procedures, register and standards
Security Operations:
Oversee the operation of the security operations center, security solutions, including the deployment, monitoring, and maintenance of infrastructure, intrusion detection/prevention systems, and endpoint security solutions.
Lead Security incident response planning and execution to mitigate potential threats and minimize impact
Oversee vulnerability management efforts across the enterprise and lead efforts to mitigate risk and maintain established security posture.
Compliance and Audit:
Ensure the organization's compliance with relevant regulations, laws, and standards pertaining to information security
Collaborate with internal and external auditors to conduct regular security assessments, audits and successful recertification of SOC2, ISO 27001/27018
Training and Awareness:
Promote security awareness and coordinate security training programs for employees at all levels of the organization.
Foster a culture of proactive cybersecurity awareness and accountability throughout the organization
Vendor and Third-Party Risk Management:
Evaluate, monitor, and manage risks associated with third-party vendors and service providers
Ensure contracts include appropriate security requirements and conduct regular assessments of vendor security practices
Budget Management:
Develop and manage the information security budget, ensuring optimal allocation of resources and investments in line with organizational priorities
Legal Support
Review, redline, comment, negotiate information security provisions in customer and/or contracts
Take ownership of customer escalation related to security provisions and facilitate proper resolution.
What you have:
- Proven experience (8+ years) in a mid-senior level information security management role
Degree in Computer Science, Information Technology, or a related field (advanced degree preferred)
Professional Security certifications such as CISSP, CISM, or CISA
Experience with certification of common information security management frameworks, such as SOC2, ISO 27001 and NIST
Strong understanding of cybersecurity technologies, risk management frameworks, and global regulatory requirements (GDPR, CCPA, NIS2, DORA)
Experience in a Global SAAS company
Experience with cloud and hybrid security principles and practices
Track record of successfully building and leading high-performing global cybersecurity teams
Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
#LI-HW1
#LI-LS1
#LI-Remote