Chief Information Security Officer
Posted 22 hours 55 minutes ago by DNEG DNEG Group
Permanent
Not Specified
Other
London, United Kingdom
Job Description
The CISO will lead the global information security program at DNEG, implementing strategies that safeguard sensitive data and ensure compliance with industry standards. You will design and steer cybersecurity frameworks that align with business objectives while fostering a security-conscious organisational culture. This critical leadership position ensures our company remains resilient against evolving cyber threats and ensures information confidentiality, integrity, and availability.
Key ResponsibilitiesLeadership and Team Management:
- Build, lead, and mentor a high-performing global cybersecurity team, with a focus on fostering talent and collaboration across multiple regions, including India.
- Champion a culture of security awareness across all levels of the organisation, integrating security as a core aspect of the business's values.
- Ensure security strategies align with broader business objectives, partnering closely with senior leadership, including the CEO and CTO.
Strategy Development and Execution:
- Design, implement, and continuously evolve a comprehensive global information security strategy.
- Apply a holistic approach to security management, aligning cybersecurity initiatives with DNEG's business goals, including creative processes and client relationships.
- Lead the development and maturation of the Information Security Management System (ISMS), ensuring alignment with industry best practices like the Motion Picture Association's Trusted Partner Network (TPN).
Risk Management and Compliance:
- Develop and execute risk management strategies, identifying and mitigating potential threats while ensuring compliance with regulations like GDPR, NIS, ISO 27001, and SOC 2.
- Create and maintain Third Party Risk Management (TPRM) processes, ensuring intellectual property protection in accordance with client contractual requirements.
- Implement policies that address global privacy mandates and ensure business resilience, including those adapted for hybrid and remote working models.
Incident Response and Crisis Management:
- Architect and lead a robust incident response plan to handle security breaches effectively.
- Act as the primary point of contact during security incidents, overseeing investigations, remediation efforts, and communication with key stakeholders.
Security Architecture and Operations:
- Oversee the development of a resilient security architecture, ensuring the protection of critical assets and IP.
- Integrate cutting-edge security technologies (e.g., SIEM, EDR/XDR, firewalls, IDS/IPS) and implement Zero Trust frameworks to enhance overall security posture.
- Lead the selection and implementation of security solutions that align with DNEG's operational requirements, including cloud security management and development lifecycle integration.
Collaboration and Reporting:
- Provide regular security updates and risk assessments to executive leadership, offering actionable insights on improving security.
- Collaborate with IT and legal teams to ensure seamless integration of security protocols into business processes.
- Act as a liaison with external regulatory bodies, auditors, and clients to ensure adherence to security and compliance standards.
- 10+ years of experience in information security leadership, including proven success as a CISO or senior security executive.
- Comprehensive understanding of information security frameworks such as NIST, ISO 27001, and TPN.
- Expertise in risk management, cybersecurity governance, and incident response, with hands-on experience in advanced security technologies.
- Proven track record of balancing security and business priorities, ensuring pragmatic solutions that drive operational efficiency and security resilience.
- Strong leadership skills, with experience managing global, cross-functional teams, including those in India and other key regions.
- Ability to communicate complex technical security topics to non-technical stakeholders, with a focus on gaining executive buy-in for strategic security initiatives.