Chief Information Security Officer (CISO)

Chief Information Security Officer (CISO)

Full-Time 70100 - 100000 £ / year (est.) Home office (partial)
B

At a Glance

  • Tasks: Lead global security initiatives and protect sensitive digital assets in a cutting-edge tech environment.
  • Company: Join Brahma AI, a leader in enterprise media technology and AI-driven solutions.
  • Benefits: Enjoy competitive salary, hybrid work options, and opportunities for global travel.
  • Other info: Be part of a dynamic team driving security as a commercial enabler in the AI era.
  • Why this job: Make a real impact by securing innovative technologies that shape the future of media.
  • Qualifications: 12+ years in information security with leadership experience in fast-paced tech environments.

The predicted salary is between 70100 - 100000 £ per year.

Description

Location: US (West or East Coast), UK, or Europe / Hybrid, with global travel across US, UK, UAE, and

  • India operations
  • Position Overview

Brahma AI is recruiting a highly technical, forward-thinking Chief Information Security Officer (CISO) to lead our global security, trust, and identity governance initiatives.

Brahma AI operates enterprise Media Asset Management (MAM) and AI-driven Digital Asset Management at global scale, managing over 100 million assets and 100 PB archives for some of the world’s largest organisations.

This is where our customers’ most valuable content lives, and where security is paramount.

Building on that foundation, our technology delivers high-fidelity, Hollywood-grade photorealistic digital humans (ATMAN) and multi- language voice synthesis (VAANI) for leading enterprises in healthcare, retail, sports, and entertainment, adding further complexity around sensitive source assets and identity governance.

This executive position works closely with the Chief Technology Officer (CTO), Chief Executive Officer (CEO), and the wider executive leadership team.

Overseeing our global security posture across engineering, product, and multi-cloud environments, the CISO will build automated, developer-enabling security architectures in place of traditional gate-heavy enterprise controls.

In this role, you will define our MLSec Ops strategy, govern zero-trust identity frameworks, guide global privacy compliance (including HIPAA, GDPR, and India’s DPDP Act), and establish the enterprise trust certifications that power our commercial growth.

This is a hands-on security leadership role first.

Brahma AI operates some of the most sensitive technology in the industry: highly realistic, photorealistic digital replicas of real people.

Protecting our models, our data, our infrastructure, and the likenesses entrusted to us is the job, and you will build and lead the global security organization to execute on it.

Trust, governance, and certification programs are how that protection becomes a commercial asset.

  • Core Strategic Objectives
  • Drive Security as a
  • Commercial

Enabler: Implement automated compliance and governance pipelines that accelerate product velocity and lower time-to-market for digital human solutions while upholding rigorous security standards.

  • Govern MLSec
  • Ops

Strategy: Architect and oversee the secure machine learning lifecycle from ingestion to serving, defining custom control frameworks for model registries, training data validation, and automated deployment pipelines.

  • Protect
  • Digital

Identities: Own the security of Brahma AI’s digital human technologies, covering likeness protection, misuse prevention, consent management, and content provenance.

  • Build
  • Enterprise

Trust: Lead Brahma AI’s trust and compliance posture across ISO/IEC 42001, SOC 2 Type 2, C2PA, and TPN, ensuring alignment with global regulatory frameworks including HIPAA, GDPR, and India’s DPDP Act.

Support customer security reviews and investor due diligence.

Harden Multi-Cloud & Enterprise

Environments: Maintain continuous posture monitoring and zero- trust perimeters across our multi-cloud footprint (AWS, GCP, and Azure) and physical facilities.

Define Identity & Access

Architecture: Enforce low-friction Identity and Access Management (IAM), Privileged Access Management (PAM), and automated secrets management across continuous delivery pipelines.

  • Technical and Operational Responsibilities
  • 1. Generative AI Security, MLSec Ops, and Content Protection
  • Oversee the design and maturation of the MLSec Ops architecture, establishing standards for automated gate controls, model registry signing, versioned data lineage, and pre-deployment adversarial testing.
  • Establish defenses against adversarial AI threats including prompt injection, model extraction, data and model poisoning, and misuse of generative APIs, validated through continuous AI red team exercises.
  • Drive the integration of content authenticity standards (C2PA) and media protection mechanisms, including forensic watermarking, DRM, and encryption, directly into core media pipelines.
  • Lead security and governance of digital human and synthetic media technologies: likeness protection, consent-driven identity registries for ATMAN digital likenesses (in partnership with Product and Legal), and authenticity controls.
  • Direct the evaluation and adoption of contemporary, AI-powered security tooling to continuously test, detect, monitor, and recover from software vulnerabilities.2.

Multi-Cloud, Infrastructure, and Application Security.

  • Establish continuous, automated security posture management across GCP, AWS, and Azure, prioritizing engineering self-remediation.
  • Define enterprise access governance, IAM policy, and zero-trust perimeters to prevent unauthorized access and ensure strict multi-tenant isolation.
  • Ensure automated, low-latency security scanning (SAST, DAST, container checks) is seamlessly integrated into CI/CD workflows without creating development bottlenecks.
  • Provide security policy oversight and governance for physical facilities, on-premise datacenters, and GPU infrastructure to maintain compliance with TPN and ISO standards.
  • 3. AI Governance, Risk Delegation, and Compliance
  • Lead the strategy to achieve and maintain primary certifications, specifically ISO/IEC 42001 and SOC 2 Type 2, while maintaining secondary certifications (TPN Gold Shield, ISO 27001).
  • In partnership with Legal and Product teams, guide organizational compliance for regulated client verticals, ensuring adherence to HIPAA, GDPR, India’s DPDP Act, and emerging global AI frameworks.
  • Operationalize a delegated risk management framework that enables business units to evaluate and accept operational risks within clear, automated governance guardrails.
  • Lead security due diligence for mergers, acquisitions, and strategic partnerships, and support investor and customer due diligence processes.
  • 4. Threat Operations, Incident Response, and Resilience
  • Oversee enterprise Incident Response (IR) playbooks covering data breaches, unauthorized access, identity spoofing, and synthetic media misuse.
  • Sponsor threat modelling and red team exercises targeting cloud perimeters, generative APIs, IAM, and biometric validation systems.
  • Maintain threat intelligence capabilities to proactively guard against external attacks and unauthorized misuse of Brahma AI models or digital identities.
  • Own business continuity and crisis management planning across cloud, on-premise, and production environments.
  • 5. Executive and Board Governance
  • Present cybersecurity and AI risk posture to the Board, executive leadership, investors, and enterprise customers.
  • Maintain enterprise cyber and AI risk registers, risk dashboards, and security scorecards that give leadership a clear, quantified view of posture and progress.

Experience and Qualifications

  • Professional Background
  • Minimum of 12 years of progressive experience in information security, including at least 4 years as a CISO or Head of Security within a fast-paced Saa S, AI-native, or advanced media technology organization.
  • Demonstrated experience building, scaling, and leading global security teams across regions and time zones, spanning security engineering, operations, and compliance functions.
  • Proven track record of building and executing automated security programs that support rapid code release cycles without introducing organizational friction.
  • Demonstrated experience achieving and maintaining SOC 2 Type 2, ISO/IEC 27001, and TPN certifications; experience leading an ISO/IEC 42001 implementation is a strong plus.
  • Proven experience governing security across hybrid, multi-cloud environments (AWS and GCP experience required; Azure and physical datacenter experience is beneficial).
  • Experience presenting security and risk posture to boards, investors, and enterprise customers.
  • Technical Skills and Knowledge
  • Deep expertise in identity governance, zero-trust architectures, IAM/PAM frameworks, and enterprise key management.
  • Strong understanding of media security technologies, including DRM, forensic watermarking, AES encryption, and digital signatures.
  • Strategic understanding of machine learning development pipelines, container orchestration, model registries, C2PA specifications, adversarial ML threats, and AI-driven security automation tools.
  • Comprehensive knowledge of global data privacy and security frameworks, including HIPAA, GDPR, India’s DPDP Act, and MPA Content Security Best Practices.

About BRAHMA AI

BRAHMA AI is the next generation of enterprise media technology formed through the integration of Prime Focus Technologies and Metaphysic.

By combining CLEAR®, CLEAR® AI, ATMAN, and VAANI into one ecosystem, BRAHMA AI enables enterprises to manage, create, and distribute content with intelligence, security, and efficiency.

Proven, scalable, and enterprise-tested, BRAHMA AI is helping global organizations accelerate growth, efficiency, and creative impact in the AI-powered era.

Chief Information Security Officer (CISO) employer: BRAHMA

Brahma AI is an exceptional employer that fosters a dynamic and innovative work culture, where employees are empowered to lead and grow within their roles. With a strong focus on cutting-edge technology and collaboration, the company offers ample opportunities for professional development, particularly in the rapidly evolving fields of AI and media technology. Located in a vibrant tech hub, Brahma AI provides a unique environment that encourages creativity and teamwork, making it an ideal place for those seeking meaningful and rewarding employment.

B

Contact Details:

BRAHMA Recruitment Team

StudySmarter Expert Advice🤫

We think this is how you could land Chief Information Security Officer (CISO)

Get Involved in the Cybersecurity Community

Diving into the cybersecurity community is key for landing that full-time gig. Join forums like Reddit's r/cybersecurity or attend local meetups to connect with industry veterans and other job seekers. Networking is everything in this field—don’t just be a passive lurker!

Show Off Your Skills with Capture the Flag Competitions

Participate in Capture the Flag (CTF) competitions; these are not just a fun way to boost your skills but also a chance to showcase your talent to potential employers. Many companies, including BRAHMA, love seeing candidates who actively engage in these challenges.

Tailor Your Online Presence

Make sure your LinkedIn and any professional profiles reflect your cybersecurity expertise. Share your projects, whether they’re personal or from a previous role, to catch the eye of hiring managers. This is how they’ll find your passion and commitment to the field!

Apply Directly Through BRAHMA

Don’t forget to head straight to our website and check out any openings for cybersecurity roles at BRAHMA. Applying directly can sometimes give you an edge, especially if you can mention that you've been following our work or engaging in the community.

We think you need these skills to ace Chief Information Security Officer (CISO)

Information Security Management
Zero-Trust Architecture
Identity and Access Management (IAM)
Privileged Access Management (PAM)
Compliance with HIPAA, GDPR, and India's DPDP Act
ISO/IEC 42001 Certification
SOC 2 Type 2 Certification

Some tips for your application 🫡

Show off your technical skills:In cybersecurity, it's crucial to highlight your technical prowess. Make sure your CV showcases specific skills like network security, penetration testing, or threat analysis. If you have relevant certifications (like CEH or CISSP), pop those on the front page to grab attention!

Tailor your portfolio for the role:Even for a full-time role, a portfolio can set you apart. If you've worked on any cybersecurity projects—be it CTF challenges, security assessments, or research papers—include these in your application. This demonstrates not just your skills, but also your hands-on experience!

Use real-world examples:When writing your cover letter, don’t just stick to your qualifications. Share real-world examples of how you’ve tackled security issues or vulnerabilities. This gives the hiring team at BRAHMA insight into your practical problem-solving abilities and makes your application memorable.

Demonstrate your passion for cybersecurity:Cybersecurity is an ever-evolving field, so show us that you’re always learning! Mention any recent courses, webinars, or industry events you’ve attended. This not only exhibits your enthusiasm but also signals to BRAHMA that you’re committed to staying ahead in the game.

How to prepare for a job interview at BRAHMA

Sharpen Your Technical Skills

For a role in cybersecurity, it’s essential to be up-to-date with the latest tools and techniques. Brush up on your knowledge of firewalls, intrusion detection systems, and vulnerability assessment tools. Be ready to discuss specific scenarios where you’ve applied these skills, as hands-on experience can really set us apart in interviews.

Prepare for Scenario-Based Questions

Expect the interviewers at BRAHMA to throw in some hypothetical situations to see how you’d handle them. Think about common security breaches or incidents and be prepared to explain how you would respond. This not only shows your problem-solving skills but also your understanding of real-world cybersecurity challenges.

Highlight Your Certifications

Certifications like CompTIA Security+, CISSP, or CEH can give you a significant edge in a full-time role in cybersecurity. Make sure to mention these during your interview and be prepared to discuss what you learned through those certifications and how they relate to the position at BRAHMA.

Show Your Passion for Cybersecurity

Since you’re going for a full-time gig, showing genuine enthusiasm for the field can make all the difference. Share any personal projects, blogs, or communities you’re part of that relate to cybersecurity. This not only showcases your passion but also your commitment to staying engaged in this ever-evolving field.