Regional Security Officer

Our Client is a fast-growing, international product company building its own SaaS platform for enterprise customers across multiple markets. Security and data protection are not support functions here — they are strategic, board-level priorities.

We are looking for an experienced Group CISO / DPO who will own and execute the global information security and data protection strategy, working closely with the Board, executive leadership, and key stakeholders across the organization.

This role has a direct impact on product strategy, technology direction, compliance posture, and long-term customer trust.

🧭 Your responsibilities

• Own and execute the group-wide information security and data protection strategy across all subsidiaries

• Define, implement and maintain security and privacy governance in a multi-entity, international setup

• Act as a strategic advisor to the Board and executive leadership on cyber risk, compliance, and security investments

• Lead cyber defense operations, including SOC, incident response, threat intelligence, and crisis management

• Own and continuously improve Business Continuity and Disaster Recovery frameworks

• Oversee GDPR, NIS2 and global privacy compliance, acting as the official Data Protection Officer (DPO)

• Drive risk assessments, DPIAs, penetration testing and vulnerability remediation programs

• Ensure security-by-design and privacy-by-design across products, platforms, and technology

• Own compliance with ISO 27001, SOC 2, PCI DSS and client security assurance processes (RFPs, audits, due diligence)

• Build and promote a security-first and privacy-first culture across Product, Engineering, Legal, HR, and Operations

• Lead and mentor security and privacy teams and coordinate local security champions across regions

🧠 Your profile

• 10+ years of experience in senior information security roles, including 5+ years as CISO, Security Officer, DPO or equivalent

• Proven experience in SaaS or product-driven technology organizations

• Strong, hands-on expertise in GDPR and global privacy regulations; formal DPO experience is a strong asset

• Deep knowledge of ISO 27001, SOC 2, PCI DSS, NIS2 and related security frameworks

• Solid background in cloud security (Azure and/or AWS, Kubernetes, CI/CD pipelines)

• Practical experience with risk management, incident response, DPIAs and crisis management

• Experience working in international, multi-entity organizations

• Excellent communication skills and confidence working with Board members, C-level executives, regulators and enterprise clients

• Relevant certifications are highly valued (e.g. CISSP, CISM, CISA, CCISO, CIPP/E, CIPM)

• Fluent English is required; German or French is a strong plus

🚀 Why this role?

• Real influence on product strategy, technology and business growth

• Security and data protection with true board-level visibility

• International scope and high-impact decision-making

• Opportunity to shape long-term security and privacy maturity in a growing SaaS organization

TQLO Sp. z o.o. – Employment Agency (KRAZ No. 33580)