CISO (Chief Information Security Officer)

✍🏽 About Writer

Writer is the full-stack generative AI platform delivering transformative ROI for the world’s leading enterprises. Named one of the top 50 companies in AI by Forbes and one of the best places to work by Inc. Magazine, Writer empowers hundreds of customers like Accenture, Intuit, L’Oreal, Mars, Salesforce, and Vanguard to transform the way they work. 

Writer’s fully integrated solution makes it easy to deploy secure and reliable AI applications and agents that solve mission-critical business challenges.  Our suite of development tools is powered by Palmyra – Writer’s state-of-the-art family of LLMs — alongside our industry-leading graph-based RAG and customizable AI guardrails. 

Founded in 2020 with office hubs in San Francisco, New York City, Austin, Chicago, and London, our team of over 250 employees thinks big and moves fast, and we’re looking for smart, hardworking builders and scalers to join us on our journey to create a better future of work.

📐 About this role 

As the Chief Information Security Officer (CISO), you'll be at the forefront of developing and implementing a robust information security strategy to safeguard our data, systems, and infrastructure. You'll lead a team of security professionals, collaborate with cross-functional teams, and ensure compliance with regulatory requirements. This role is pivotal in protecting our company’s assets and maintaining the trust of our customers and partners.

This role reports to the CTO.

🦸🏻‍♀️ Your responsibilities :

Strategy and policy development:

• Craft and execute a comprehensive information security strategy and policies tailored to the unique challenges of a generative AI SaaS environment.

• Develop and drive a cybersecurity framework, implementing initiatives to secure the organization's cyber and technology assets.

• Think holistically about information security, focusing on CIA (confidentiality, integrity, availability) and CISSP domains (security and risk management, asset security, security architecture and engineering, communications and network security, identity and access management, security assessment and testing, security operations, software development security).

• Continuously assess and manage the organization's cyber and technology risk posture.

• Evaluate the current security posture and recommend improvements.

Risk Management:

• Conduct regular risk assessments and vulnerability analyses, with a focus on AI models, data privacy, and cloud infrastructure.

• Educate and manage technology risk in collaboration with business leaders.

• Implement and oversee the cyber governance, risk, and compliance (GRC) process.

Incident Response:

• Develop and maintain a robust incident response plan, including procedures for handling AI-related security incidents.

• Lead the response to security incidents, ensuring effective investigation, containment, and recovery.

• Communicate with stakeholders during and after security incidents to maintain transparency and trust.

Compliance and Audits:

• Ensure compliance with relevant laws, regulations, and industry standards (e.g., GDPR, HIPAA, PCI DSS, SOC 2).

• Coordinate with external auditors and regulatory bodies.

• Conduct internal audits and assessments, with a focus on data privacy and AI ethics.

• Manage the cyber governance, risk, and compliance (GRC) process.

Team Leadership:

• Lead and mentor a team of security professionals, fostering a culture of security awareness and continuous improvement.

• Collaborate with other departments, including Product, Engineering, and Customer Success, to integrate security into all aspects of the business.

• Develop and implement ongoing security awareness training and education for all users.

Technology and Infrastructure:

• Oversee the selection and implementation of cutting-edge security technologies and tools, with a focus on AI and cloud security.

• Ensure the security of the company’s IT infrastructure, including networks, applications, and data.

• Manage relationships with security vendors and partners, particularly those specializing in AI and SaaS security.

• Think broadly about product architecture, deployment options, third-party components, software, supply chain, cloud infrastructure, locations, and configuration.

• Stay informed about market trends, customer requirements, competitive gaps, and future-proofing strategies.

Stakeholder Engagement:

• Communicate security strategies and risks to the executive team and board of directors.

• Collaborate with external partners, including law enforcement and industry groups.

• Engage with customers and partners to build trust and ensure security requirements are met, especially in the context of AI and data privacy.

• Develop, justify, and evaluate cybersecurity investments.

Operational Excellence:

• Lead cybersecurity operations and implement disaster recovery protocols and business continuity plans to ensure business resilience.

• Develop and implement secure processes and systems to prevent, detect, mitigate, and recover from cyberattacks.

• Ensure the implementation of internal controls and a robust compliance regimen.

• Manage internal processes, including privileged access and company security.

⭐️ Is This You?

• 15+ years of experience in information security, with deep expertise in hardware, software, networks, databases, security, cloud computing, and other relevant domains.

• 8+ years of experience leading, coaching, and building high-performing teams.

• Hands-on experience with enterprise-level tools such as Google Workspace, Chrome Enterprise Premium, Rippling MDM, and SentinelOne.

• Proven ability to negotiate and manage vendor contracts, achieving significant cost savings on annual software and hardware expenditures.

• Experience in developing and implementing security protocols to improve compliance audit scores.

• Demonstrated experience managing IT budgets of at least $1M annually.

• A degree in information systems, computer science, engineering, or equivalent experience.

• Excellent communication, leadership, and teamwork skills, with the ability to influence, negotiate, and collaborate across different departments.

• A strategic thinker with a customer-oriented approach and a passion for continuous learning and innovation.

Curious to learn more about who we are and how we operate? Visit us here

🍩 Benefits & perks

• Generous PTO, plus company holidays

• Medical, dental, and vision coverage for you and your family

• Paid parental leave for all parents (12 weeks)

• Fertility and family planning support

• Early-detection cancer testing through Galleri

• Flexible spending account and dependent FSA options

• Health savings account for eligible plans with company contribution

• Annual work-life stipends for:

  • Home office setup, cell phone, internet

  • Wellness stipend for gym, massage/chiropractor, personal training, etc.

  • Learning and development stipend

• Company-wide off-sites and team off-sites

• Competitive compensation, company stock options and 401k

Writer is an equal-opportunity employer and is committed to diversity. We don't make hiring or employment decisions based on race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other basis protected by applicable local, state or federal law. Under the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

By submitting your application on the application page, you acknowledge and agree to Writer's Global Candidate Privacy Notice.