Chief Information Security Officer

About the position

At OneSpan, we specialize in digital identity and anti-fraud solutions that create exceptional and secure experiences. OneSpan is seeking a Chief Information Security Officer (CISO) to lead our cybersecurity vision, ensuring the protection of our products, data, and customers. As CISO, you’ll spearhead our security strategy, manage enterprise-wide risk, and oversee compliance while fostering a culture of proactive security. You'll work alongside executive leadership, R&D teams, and our AI Working Group to implement cutting-edge security practices that align with industry standards and regulations. If you thrive in a fast-paced, collaborative environment and have a passion for securing digital transformation, we’d love to hear from you.

Responsibilities

• Develop and communicate the organization's cybersecurity strategy, vision, and goals to executive management, board members, and employees
• Oversee the Cybersecurity Steering Committee consisting of executive management and other key stakeholders and provide quarterly updates to the Audit Committee
• Provide leadership and guidance to the information security team, fostering a culture of accountability, transparency, and proactive continuous improvement in cybersecurity practices
• Advise R&D on maintaining effective tooling to ensure secure end to end delivery of product to customer utilizing defense in-depth Product Security and Cloud Security
• Serve as Info Sec expert in AI Working Group
• Identify, assess, prioritize, and manage cybersecurity risks to the organization's information assets
• Develop and maintain the organization's IT Risk management framework, policies, procedures, register and standards
• Oversee the operation of the security operations center, security solutions, including the deployment, monitoring, and maintenance of infrastructure, intrusion detection/prevention systems, and endpoint security solutions
• Lead Security incident response planning and execution to mitigate potential threats and minimize impact
• Oversee vulnerability management efforts across the enterprise and lead efforts to mitigate risk and maintain established security posture
• Ensure the organization's compliance with relevant regulations, laws, and standards pertaining to information security
• Collaborate with internal and external auditors to conduct regular security assessments, audits and successful recertification of SOC2, ISO 27001/27018
• Promote security awareness and coordinate security training programs for employees at all levels of the organization
• Foster a culture of proactive cybersecurity awareness and accountability throughout the organization
• Evaluate, monitor, and manage risks associated with third-party vendors and service providers
• Ensure contracts include appropriate security requirements and conduct regular assessments of vendor security practices
• Develop and manage the information security budget, ensuring optimal allocation of resources and investments in line with organizational priorities
• Review, redline, comment, negotiate information security provisions in customer and/or contracts
• Take ownership of customer escalation related to security provisions and facilitate proper resolution

Requirements

• Proven experience (8+ years) in a mid-senior level information security management role
• Degree in Computer Science, Information Technology, or a related field (advanced degree preferred)
• Professional Security certifications such as CISSP, CISM, or CISA
• Experience with certification of common information security management frameworks, such as SOC2, ISO 27001 and NIST
• Strong understanding of cybersecurity technologies, risk management frameworks, and global regulatory requirements (GDPR, CCPA, NIS2, DORA)
• Experience in a Global SAAS company
• Experience with cloud and hybrid security principles and practices
• Track record of successfully building and leading high-performing global cybersecurity teams
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams