Chief Information Security Officer

Job Description:

Title:               Chief Information Security Officer (CISO)

Location:        Remote – USA

Reports to:     Chief Technology Officer

The Role:  

JD Power is seeking an enterprise-level security leader to serve as Chief Information Security Officer (CISO). As a member of the Technology Leadership Team, the CISO is the enterprise-wide owner of global cyber security, information risk, and resilience, providing strategic leadership across all regions to protect clients, systems, data, intellectual property, and brand reputation.

The CISO defines and executes the global security strategy, leads security operations and governance, ensures compliance with international regulations and standards, and acts as the organization's senior authority on cyber risk

The Impact You Will Have in This Role: 

As Chief Information Security Officer, you will be the driving force behind protecting JD Power’s clients, systems, data, and brand across every region. By defining and executing the global security strategy, maturing governance and security operations, and embedding a strong security culture, you will reduce enterprise risk while enabling the business to innovate and grow with confidence. You will serve as the organization's senior authority on cyber risk—providing the CTO, Operating Team, Board, regulators, and customers with assurance that security is a strategic enabler rather than a barrier.

What You’ll Be Doing in This Role:

Global Security Strategy & Leadership

• Own Global Security Strategy: Define and own the global cyber security strategy, aligned to business objectives and risk appetite.

• Advise Senior Leadership: Provide senior-level leadership and act as a trusted advisor to the CTO, Operating Team, Board Cybersecurity Committee, and senior leaders.

• Lead Planning & Investment: Lead global planning, budgeting, capability development, and vendor strategy for all security domains.

• Build a Security Culture: Promote a strong security culture across all regions, embedding secure behaviors and accountability.

Governance, Risk Management & Compliance

• Operate the ISMS: Lead the design, implementation, operation, and continuous improvement of the Information Security Management System (ISMS) aligned to ISO 27001, SOC2, TISAX, and other relevant frameworks.

• Manage Enterprise Risk: Oversee global risk management, including risk assessments, control selection, and enterprise risk reporting.

• Compliance: Ensure compliance with global cyber security regulations and industry standards.

• Maintain Policies & Standards: Lead the development and maintenance of global security policies, standards, and guidelines.

• Govern Third-Party Risk: Oversee third-party and supply-chain security, including vendor assessments and due diligence.

Security Operations, Threat Management & Incident Response

• Lead Security Operations: Lead global Security Operations (SecOps), including monitoring, detection, threat intelligence, and vulnerability management.

• Mature CSIRT/CSOC Capabilities: Establish and mature global CSIRT/CSOC capabilities, ensuring 24/7 coverage where required.

• Command Major Incidents: Act as executive incident commander for major cyber events, ensuring effective response, communication, and recovery.

• Drive Continuous Improvement: Maintain incident playbooks, escalation paths, and post-incident reviews to drive continuous improvement.

Cloud, Application & Product Security

• Define Secure Architecture: Define and oversee secure architecture, cloud security standards, and identity & access management (IAM).

• Embed Security in the SDLC: Embed security into the software development lifecycle (SDLC), including secure coding, DevSecOps, and product security reviews.

• Partner with Engineering: Partner with Engineering and Technology teams to ensure secure design, encryption, and access controls across all platforms.

Regulatory, Customer & External Engagement

• Represent Security Externally: Act as the senior representative for cyber security with regulators, auditors, customers, and partners.

• Manage Security Assessments: Oversee responses to customer and partner security assessments and due-diligence requests.

• Track Regulatory Change: Monitor global regulatory developments and translate them into actionable controls and programs.

People Leadership & Organizational Development

• Lead Global Teams: Lead and develop global teams across security operations, governance, risk, compliance, and resilience.

• Build Organizational Capability: Build organizational capability, succession planning, and specialist talent pipelines.

• Foster High Performance: Foster a collaborative, high-performance culture across regions and functions.

Qualifications of this Role:

• 10+ years of experience in information security, cybersecurity, with at least 5+ years in a senior leadership role

• Proven track record of incident response leadership and crisis management.

• Relevant certifications such as CISSP, CISM, CISA, ISO 27001 Lead Auditor

• Experience leading large-scale enterprise security programs and managing global teams, including leaders of leaders.

• Strong knowledge of modern enterprise security practices, including identity and access management, cloud security, endpoint security, DevSecOps, threat detection, and vulnerability management.

• Understanding of emerging AI security risks and controls, including securing AI-enabled workflows and enterprise AI platforms.

• Experience securing modern cloud and development environments across platforms such as AWS, Azure, or GCP.

• Familiarity with modern security frameworks and standards such as NIST, ISO 27001, PCI, or OWASP.

• Demonstrated ability to communicate complex security topics to executive leadership and nontechnical stakeholders.

• Experience with risk management, compliance, and regulatory requirements relevant to enterprise software companies.

• Strong business acumen, particularly in aligning security investments with financial and operational priorities.

This position has a starting salary range of $250,000 - $275,000 USD per year. This is the range we reasonably and in good faith expect to pay for the role at the time of posting. An employee’s pay within the range is determined by a number of factors, including relevant skills, education, qualifications, experience, performance, business or organizational needs, and geographic location.

Company Mission

Our mission in the market we serve is clear. To power every auto-related decision through proprietary data, advanced analytics, deep industry expertise, and seamless workflows that connect insight to action.

Our Values

We POWER Our Customer's Success

We are Innovative, Collaborative and Grounded in Data

We Make Things Easy

We Get It Done

We Start with Trust & Prove it Everyday

JD Power is committed to employing a diverse workforce. Qualified applicants will receive consideration without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity, gender expression, veteran status, or disability. 

Should you require accommodations during the recruitment and selection process, please reach out to tarecruitment@jdpa.com. 

JD Power does not disclose your personal data to unauthorized third parties. However, as a global corporation consisting of multiple affiliated companies in various countries, JD Power has international sites and JD Power uses resources located throughout the world. JD Power may from time to time also use third parties to act on JD Power’s behalf. You agree to the fact that to the extent necessary your personal data may be transferred and/or disclosed to any company within JD Power group of companies as well as to third parties acting on JD Power’s behalf, including also transfers to servers and databases outside the country where you provided JD Power with your personal data. Such transfers may include for example transfers and/or disclosures outside the European Economic Area and in the United States of America. If you are a California or United Kingdom resident, additional disclosures about the information we collect and how we use that information can be found by clicking here.

To all recruitment agencies: JD Power does not accept unsolicited agency resumes and we are not responsible for any fees related to unsolicited resumes.