Vice President CISO

1. Own Security Risk Posture and Outcomes  

• Establish and maintain an integrated, fact-based view of the organization's security risk posture that spans enterprise IT, cloud, and operational technology environments. Synthesize technical risk signals into a coherent view of business and operational impact. 

• Ensure risk posture is translated into prioritized action aligned to actual business and operational risk 

2. Drive execution across cloud, IT, and OT environments 

• Define security and control models appropriate to each environment, recognizing the distinct constraints and risk profiles of cloud, enterprise IT, and operational technology 

• Establish clear ownership, accountability, and decision rights across the distributed execution model, ensuring security outcomes are owned beyond the InfoSec organization across InfoSec, IT, and Business functions 

• Influence resource and investment prioritization across IT and business to ensure security requirements are addressed at the right level  

• Measure and report on execution effectiveness — tracking control implementation, remediation velocity, and residual risk reduction over time 

3. Establish and operate a risk-based security operating model that drives consistent, prioritized, and measurable security outcomes across the enterprise 

• Define and socialize a risk appetite and tolerance framework in partnership with executive leadership — establishing the calibration point for all security prioritization decisions  

• Build a risk-based investment and prioritization framework that allocates security resources based on risk reduction outcomes, not tool deployment or compliance checkbox completion  

4. Mature the security program from reactive to proactive across protection, detection, response, and recovery capabilities 

5. Build and Lead a High-Accountability Security Organization 

• Establish a clear expectation for ownership, delivery, and measurable outcomes 

• Drive a culture of accountability, prioritization and execution discipline across the security function 

6. Communicate clearly with Executive Leadership and Board 

• Present clear, fact-based views of risk posture 

• Articulate technical issues into business impact, prioritization decisions 

• Provide transparency on progress, trade-offs and limitations 

Success in this role will be measured by clear, fact-based visibility into risk posture, effective prioritization of security efforts, and demonstrable improvements in control effectiveness across environments across environments.  

• You are a strategic and pragmatic security leader who balances strategy with execution 

• You are comfortable operating in complex, heterogeneous environments with competing priorities and constraints 

• You challenge assumptions and drive clarity and prioritization 

• You focus on outcomes over activity 

• You can operate effectively in ambiguous environments 

• Executive-level leadership in cybersecurity within large, global enterprises 

• Strong experience in: 

• OT / Manufacturing / Industrial environments 

• Cybersecurity architecture, risk management and regulatory compliance 

• Demonstrated ability to build, develop, and retain high-performing security teams — recruiting strong talent, structuring organizations to match operating models, and developing security leaders capable of owning outcomes independently 

• Demonstrated ability to drive execution and establish risk-based prioritization frameworks 

• Experience building and adapting zero-trust principles in complex hybrid environments including OT 

• Proven track record of improving control effectiveness, not just deploying tools.   

• Strong communication and stakeholder engagement skills, including Board-level reporting 

• Certifications such as CISSP, CISM, or CISA 

• Experience working with international regulatory bodies and cross-border data protection laws 

• M&A security experience