Chief Information Security Officer

Summary

Join Xsolla as their Chief Information Security Officer (CISO) to lead and scale their global information security and compliance strategy. As CISO, you will safeguard products, platforms, infrastructure, and customer data across all regions. This strategic leadership role requires collaboration with executive leadership, engineering, legal, compliance, and product teams. Your mission is to align Xsolla’s security and compliance posture with its business objectives, ensuring world-class protection while enabling innovation and operational agility. You will report directly to the CTO. This role offers a significant opportunity to shape the security landscape of a global gaming company.

Requirements

• 10+ years of progressive leadership experience in cybersecurity and compliance, ideally in SaaS or enterprise technology environments
• Deep expertise in cloud-native security (AWS/GCP), application security, data protection, and risk management
• Direct experience managing compliance programs across multiple frameworks (PCI DSS, SOC 1/2, GDPR, ISO 27001, etc.)
• Proven ability to scale security programs globally while aligning with business and product objectives
• Strong communication and executive reporting skills
• Experience leading secure development and DevSecOps practices in high-growth environments

Responsibilities

• Define, drive, and continuously evolve Xsolla’s enterprise-wide information security and compliance strategy
• Serve as the primary executive owner of cybersecurity risk management and cybersecurity incident response
• Advise the executive team on security risks, priorities, and investment decisions
• Align security initiatives with company objectives, regulatory requirements, and customer trust commitments
• Build, lead, and mentor a world-class security organization, including security operations, application security, and GRC (governance, risk & compliance)
• Promote a culture of security-first thinking across all levels of the organization
• Oversee security for private and public cloud infrastructure (AWS/GCP), SaaS applications, corporate IT, and development environments
• Embed secure development practices into SDLC, CI/CD pipelines, DevSecOps, and infrastructure-as-code
• Lead proactive threat modeling, secure code reviews, vulnerability management, and threat detection initiatives
• Ensure a robust and tested incident response and disaster recovery framework
• Own Xsolla’s compliance programs, including PCI DSS, SOC 1, SOC 2, GDPR, CCPA, and other applicable frameworks and regulations
• Lead regular audits, risk assessments, and gap analyses to ensure ongoing compliance
• Collaborate with Legal, IT, and external auditors to ensure policies and procedures align with evolving regulatory and industry requirements
• Establish a company-wide risk management framework to identify, assess, mitigate, and monitor cybersecurity and compliance risks
• Evaluate, implement, and manage security and compliance tooling across infrastructure, endpoints, and applications
• Engage and manage third-party vendors for audits, penetration testing, threat intelligence, and managed services
• Standardize scalable processes for vulnerability remediation and compliance monitoring
• Translate security and compliance risks into business terms and effectively communicate them to executive leadership and stakeholders
• Deliver regular reports, metrics, and board-level updates on security posture, risk, and compliance

Preferred Qualifications

• Experience in the gaming industry, fintech, or B2B platform services
• Familiarity with tools such as Palo Alto Networks, Google Cloud Security Command Center (SCC), AWS Security Hub / AWS GuardDuty, or other cloud and code security platforms
• Professional certifications: CISSP, CISM, CCSP, CISA, or similar
• Deep understanding of global data privacy regulations and cross-border data handling

Benefits

• 100% company-paid medical, dental, and vision plans
• Unlimited Flexible Time Off
• Personalized career roadmap for each employee
• Professional development through training and educational opportunities