chief information security officer (saas, perm).

The hiring company is looking for a strategic and hands-on Chief Information Security Officer (CISO) to build their security posture from the ground up and instill a culture of security by design and for the growth of their cutting-edge SaaS platform

about the job.As the first CISO, you will be the architect of the security vision. You will not just be a policy maker but a builder—responsible for securing our AI models, cloud infrastructure, and customer data. You will balance the need for speed and innovation with the necessity of rigorous compliance and risk management. This is a unique opportunity to define what "AI Security" looks like in a modern tech stack.

• Design, implement, and maintain a comprehensive information security program roadmap aligned with business objectives.
• Conduct regular risk assessments, threat modeling, and vulnerability scans to identify and mitigate risks to our AI models and SaaS infrastructure.
• Lead the charge on achieving and maintaining critical certifications (SOC 2 Type II, ISO 27001, GDPR, CCPA, HIPAA, etc.) relevant to our market.
• Manage third-party risk by vetting vendors, partners, and AI/LLM providers.
• Develop strategies to protect our proprietary AI models against adversarial attacks (e.g., prompt injection, model inversion, data poisoning).
• Embed security into the SDLC (Software Development Life Cycle) and CI/CD pipelines. Ensure "Security by Design" principles are applied to all new features.
• Oversee data governance strategies to ensure the ethical and secure handling of training data and user inputs.
• Harden our cloud environment (AWS/GCP/Azure), implementing best practices for IAM, network security, and container security (Kubernetes/Docker)
• Establish a 24/7 incident response plan. Lead the team through simulations (tabletop exercises) and real-world security incidents.
• Oversee internal security protocols, including Zero Trust architecture, MDM, and access controls for a distributed/remote workforce.

skills & experiences required.

• 10+ years in information security, with at least 3+ years in a leadership role (Director/VP/CISO) at a SaaS or technology company.
• Deep understanding of the specific security challenges facing Generative AI and LLMs (Large Language Models)
• Hands-on experience with cloud-native security tools, API security, and modern DevSecOps practices. You should be comfortable reading code and architecture diagrams.
• Proven track record of leading a startup through its first SOC 2 or ISO 27001 audit.
• You are comfortable working in a startup environment where you need to roll up your sleeves and build processes from scratch, rather than just managing existing ones.
• Experience with privacy-preserving technologies (e.g., Differential Privacy, Federated Learning).
• Relevant certifications: CISSP, CISM, CCSP, or OSCP.

If you’re interested in this exciting opportunity please don’t delay and click APPLY NOW for more information you can reach out to Wendy Fung at wendy.fung@randstad.com.hk with the resume.