Regional Security Officer

Our Client is a fast-growing, international product company building its own SaaS platform for enterprise customers across multiple markets. Security and data protection are not support functions here — they are strategic, board-level priorities. We are looking for an experienced Group CISO / DPO who will own and execute the global information security and data protection strategy, working closely with the Board, executive leadership, and key stakeholders across the organization. This role has a direct impact on product strategy, technology direction, compliance posture, and long-term customer trust. 🧭 Your responsibilities • Own and execute the group-wide information security and data protection strategy across all subsidiaries • Define, implement and maintain security and privacy governance in a multi-entity, international setup • Act as a strategic advisor to the Board and executive leadership on cyber risk, compliance, and security investments • Lead cyber defense operations, including SOC, incident response, threat intelligence, and crisis management • Own and continuously improve Business Continuity and Disaster Recovery frameworks • Oversee GDPR, NIS2 and global privacy compliance, acting as the official Data Protection Officer (DPO) • Drive risk assessments, DPIAs, penetration testing and vulnerability remediation programs • Ensure security-by-design and privacy-by-design across products, platforms, and technology • Own compliance with ISO 27001, SOC 2, PCI DSS and client security assurance processes (RFPs, audits, due diligence) • Build and promote a security-first and privacy-first culture across Product, Engineering, Legal, HR, and Operations • Lead and mentor security and privacy teams and coordinate local security champions across regions 🧠 Your profile • 10+ years of experience in senior information security roles, including 5+ years as CISO, Security Officer, DPO or equivalent • Proven experience in SaaS or product-driven technology organizations • Strong, hands-on expertise in GDPR and global privacy regulations; formal DPO experience is a strong asset • Deep knowledge of ISO 27001, SOC 2, PCI DSS, NIS2 and related security frameworks • Solid background in cloud security (Azure and/or AWS, Kubernetes, CI/CD pipelines) • Practical experience with risk management, incident response, DPIAs and crisis management • Experience working in international, multi-entity organizations • Excellent communication skills and confidence working with Board members, C-level executives, regulators and enterprise clients • Relevant certifications are highly valued (e.g. CISSP, CISM, CISA, CCISO, CIPP/E, CIPM) • Fluent English is required; German or French is a strong plus 🚀 Why this role? • Real influence on product strategy, technology and business growth • Security and data protection with true board-level visibility • International scope and high-impact decision-making • Opportunity to shape long-term security and privacy maturity in a growing SaaS organization TQLO Sp. z o.o. – Employment Agency (KRAZ No. 33580)