Role Overview
The CISO will be the strategic lead for safeguarding the integrity, confidentiality, and availability of data, systems, and operations across its global digital taxation platform. As a senior executive, the CISO will ensure that security is embedded in the architecture, products, operations, and deployment of services and solutions delivered to governments and digital service providers worldwide.
This is a high-visibility role: you will interact with national tax authorities, regulators, international stakeholders, and internal leadership to drive trust and resilience across all operations.
Key Responsibilities
Strategy & Vision
* Define and lead a global information security vision aligned with the mission to support fair and secure digital taxation across jurisdictions.
* Translate business objectives, regulatory frameworks, and threat landscapes into actionable security and risk strategies.
* Shape the security culture: champion awareness, training, and security-first thinking from engineering to client-facing teams.
Governance, Risk & Compliance
* Develop and maintain security policies, standards, and controls, tailored for cross jurisdictional compliance (e.g. GDPR, DORA, local tax/financial regulations).
* Lead periodic risk and security assessments (e.g. penetration testing, threat modeling, audit readiness) for all product modules (registration, returns, payment, analytics).
* Oversee third-party / vendor risk management, especially for integrations with government tax systems or external data sources.
* Serve as the principal liaison with regulators, audit bodies, and government clients on security posture, compliance audits, certifications, and assurance. Play a critical role in obtaining ISO and Security certifications for the business.
Security Architecture & Operations
* Oversee secure design, architecture, and deployment of Digital Infrastructure Products across cloud, hybrid and on-premise infrastructure.
* Ensure strong identity and access management, encryption (in transit and at rest), and cryptographic key management.
* Lead security operations functions: threat detection, incident response, forensic investigations, resiliency planning, and business continuity across geographies.
* Integrate security into development pipelines (DevSecOps), ensuring secure coding, automated checks, and security validation across modules.
Data Protection & Sovereignty
* Given the nature of taxpayer data, ensure strict data protection, anonymization, pseudonymization, and compliance with data sovereignty rules in each jurisdiction.
* Manage encryption, key ownership (ideally with governments or clients having master key control), and secure data lifecycle (ingestion → storage→ archival / deletion).
* Work closely with product, data engineering, and analytics teams to ensure that AI / machine learning components ingest and process data in a privacy-preserving, secure fashion.
Stakeholder & Board Engagement
* Regularly brief the CEO, executive leadership, and Board on security posture, risk exposure, mitigation plans, and strategic initiatives.
* Provide trusted security counsel to government clients, tax authorities, and partners, both pre-deployment and post-onboarding.
* Represent the business at relevant industry/ regulatory forums, conferences, and working groups on digital tax, fintech security, and cloud risk.
Implementation &Support
* Support client onboarding from a security lens, reviewing integration designs, API contracts, data exchange, and client-side infrastructure (where applicable).
* Oversee security assurance of integration points to government systems, existing tax / financial infrastructure, and third-party systems.
* Provide guidance and oversight to internal and government staff training, audits, and capability-building efforts.
Global Operations & Travel
* Because the business operates globally and integrates with client systems in multiple countries, expect periodic travel to client sites, government offices, industry events, and international regulatory forums.
* Lead cross-border coordination during security incidents or crisis scenarios, ensuring alignment across legal, regulatory, and local operations teams.
Skills& Experience
* Senior leadership experience (CISO or equivalent) in an environment serving governments, public sector, financial services, or regulated fintechs, ideally with global / cross-border exposure.
* In-depth knowledge of international regulatory frameworks (GDPR, DORA, local tax/ financial regulatory requirements, cross-border data transfer frameworks).
* Strong track record in securing cloud-native / hybrid systems, identity and access management, encryption & key management, threat detection, incident response, resilience, and secure development.
* Experience in data-sensitive environments, particularly dealing with personally identifiable data, government data, or regulated data flows.
* Awareness of AI / ML security considerations (adversarial risk, data leakage, model privacy) is highly desirable.
* Strong ability to communicate technical risk to non-technical stakeholders (executives, governments, regulators).
* Proven experience in vendor / third-party risk management, contract-level security negotiation, and audits.
* Relevant certifications (e.g. CISSP, CISM,CRISC, CCSP) or equivalent equivalent track record.
Personal Attributes
* Strategic yet pragmatic: able to see the big picture but also roll up sleeves when necessary.
* Collaborative across cultures and domains: able to engage with governmental, regulatory, technical, and business teams.
* High integrity, credible under scrutiny, and calm under pressure.
* Passion for public service, transparency, fairness, and the ethical dimension of technology.
* Comfortable as a public-facing spokesperson (for clients, regulatory bodies, forums).