Chief Information Security Officer (CISO)

Job Type: Location Type: Remote: open to residents of specific US states

 

Job Requirements

Who We Are:

Quest Global delivers world-class end-to-end engineering solutions by leveraging our deep industry knowledge and digital expertise. By bringing together technologies and industries, alongside the contributions of diverse individuals and their areas of expertise, we are able to solve problems better, faster. This multi-dimensional approach enables us to solve the most critical and large-scale challenges across the aerospace & defense, automotive, energy, hi-tech, healthcare, medical devices, rail and semiconductor industries.

We are looking for humble geniuses, who believe that engineering has the potential to make the impossible possible; innovators, who are not only inspired by technology and innovation, but also perpetually driven to design, develop, and test as a trusted partner for Fortune 500 customers. As a team of remarkably diverse engineers, we recognize that what we are really engineering is a brighter future for us all. If you want to contribute to meaningful work and be part of an organization that truly believes when you win, we all win, and when you fail, we all learn, then we’re eager to hear from you.

The achievers and courageous challenge-crushers we seek, have the following characteristics and skills:

Overview:

We are seeking an experienced Chief Information Security Officer (CISO) to lead data privacy, compliance, and cybersecurity initiatives.

The CISO will ensure our adherence to global data protection regulations (e.g., GDPR, CCPA, HIPAA, DFAR, CMMC) while implementing robust security frameworks (ISO 27001, NIST, SOC 2).

This role will also be responsible for our Data Privacy Management Platform, ensuring secure and compliant data handling across digital platforms, customer data systems, and marketing technologies.

The ideal candidate has deep expertise in data governance, access controls, privacy impact assessments (PIAs), and third-party risk management.

They will lead our efforts in integrating privacy-by-design principles into software development, ensuring that security and compliance are embedded across all business operations.

Work Experience

Responsibilities:

• Oversee and manage our Data Privacy Management Platform, ensuring compliance with privacy laws and security best practices.
• Develop and enforce privacy and security policies for our customer data platforms (CDPs), identity management systems, and digital marketing technologies.
• Ensure compliance with GDPR, CCPA, HIPAA, and other global privacy frameworks, working closely with Legal, IT, and Marketing teams.
• Lead incident response, breach management, and regulatory reporting, ensuring adherence to data breach notification laws.
• Conduct privacy impact assessments (PIAs) and risk assessments for new technologies and data initiatives.
• Secure engineering processes and the software development lifecycle by implementing security measures such as code review, vulnerability testing, security education, and establishing DevSecOps practices.
• Oversee third-party Information Security risk management, ensuring vendor compliance with our security and privacy requirements.
• Lead security awareness and training programs for employees, contractors, and partners.
• Regularly report on security risks, compliance status, and emerging threats.
• Work with Customer’s affiliates leadership on enterprise-wide security policies and data privacy management solutions.

Qualifications:

Education and Experience:

• Bachelor’s Degree required
• 12+ years of experience in information security, privacy, and compliance leadership roles.

Required Skills:

• Expert knowledge of global data protection regulations (e.g., GDPR, CCPA, HIPAA, DFAR, CMMC) and how to operationalize compliance through policies, access controls, and technology.
• Experience managing Data Privacy Management Platforms and implementing privacy frameworks such as ISO 27701 (Privacy Information Management System), NIST Privacy Framework, and SOC 2 Privacy Criteria.
• Strong background in data governance, consent management, and privacy-by-design principles for digital platforms.
• Technical expertise in encryption, identity & access management (IAM), secure software development (DevSecOps), and cloud security.
• Experience leading cybersecurity risk assessments, vulnerability management, and incident response programs.
• Ability to collaborate across IT, Legal, Compliance, and Business teams to align privacy and security initiatives with organizational goals.
• Exceptional communication and leadership skills, with the ability to engage executive stakeholders and drive security awareness.
• Relevant certifications such as CISSP, CISM, CIPP (US/EU), CRISC, or ISO 27001 Lead Implementer are preferred.
• High-level of commitment to a quality work product and organizational ethics, integrity and compliance
• Ability to work effectively in a fast paced, team environment
• Strong interpersonal skills and the ability to effectively communicate, both verbally and in writing
• Demonstrated decision making and problem-solving skills
• High attention to detail with the ability to multi-task and meet deadlines with minimal supervision

Good to Have:

• Excellent written: oral communication skills between English and Japanese

Work Type-Part Time

Full remote available. However, it is not assumed to be full-time, but may be a few hours per week(part time)

Note : Candidates presented for this role must be authorized to work in the United States, with valid work visa