Vice President Information Security

Join to apply for the Vice President Information Security role at CarltonOne CarltonOne is a global B2B technology leader, part of the Goldman Sachs portfolio, helping organizations worldwide reward and inspire exceptional people. Our solutions empower employees to be more productive, sales teams to perform at their best, and customers to stay engaged and loyal. Our platform powers the global engagement industry, enabling companies to deliver impactful employee recognition, customer loyalty, rewards, sales, and channel incentive programs. We partner with over 450 clients, 500 vendors, and serve 14 million members across 185 countries. Beyond engagement, every CarltonOne solution drives our eco-action mission: funding tree planting to help restore the planet. To date, we’ve funded over 20 million trees and are on track to plant millions more each year. About the Opportunity CarltonOne is seeking a Vice President, Information Security & Cyber Risk to define, scale, and operationalize our global security strategy. This executive will own the company’s security vision across IT Security, Application Security, Information Security, and Cyber Risk — ensuring that trust, resilience, and regulatory compliance are at the core of everything we build. You’ll be responsible for setting the strategic direction for security, building a best-in-class security program, and leading a team that protects our global technology ecosystem, customer data, and intellectual property. This is a transformational leadership role with a mandate to mature security practices, align with global regulatory standards, and support CarltonOne’s continued growth at scale. Responsibilities Strategic Security Leadership Define and execute CarltonOne’s enterprise security strategy across information security, application security, and cyber risk. Serve as the executive authority on security posture, providing clear and actionable recommendations to the CTO and other senior executives. Establish and evolve security governance frameworks, ensuring alignment with global regulatory requirements and industry best practices. Build a culture of security awareness across the organization through executive engagement, training programs, and clear communication. Application & Information Security Lead the strategy and implementation of secure software development practices (SSDLC), embedding security from ideation through deployment. Partner closely with Engineering and Product teams to integrate security tooling, threat modeling, vulnerability management, and code analysis throughout the development lifecycle. Own the protection of CarltonOne’s data and information assets, including data classification, access controls, encryption standards, and incident response frameworks. Drive periodic application security assessments, penetration testing, and red team exercises to proactively identify and mitigate risks. Develop and implement cloud security strategies as CarltonOne migrates to cloud environments. Ensure secure architecture, identity management, and compliance for cloud-based services and infrastructure. Collaborate with engineering teams to embed cloud security best practices into design and deployment. Oversee enterprise cyber risk management programs — identifying, assessing, prioritizing, and mitigating risks across infrastructure, applications, and third parties. Develop and maintain risk registers, metrics, and executive dashboards to inform decision-making at the highest levels. Ensure compliance with relevant standards and regulations, including SOC 2, ISO 27001, PCI-DSS, GDPR, and other international privacy and security frameworks. Lead security audits and certification processes, ensuring successful completion with minimal operational friction. Establish and maintain world-class incident response and business continuity programs, ensuring rapid detection, response, and recovery from cyber threats. Oversee 24/7 security operations, including monitoring, threat intelligence, detection engineering, and vulnerability response. Serve as executive lead during security incidents, coordinating communications, investigations, and post-incident reviews. AI & Data Governance Define and enforce governance policies for AI systems and data usage, ensuring ethical, secure, and compliant practices across all AI-driven initiatives. Collaborate with product and engineering teams to integrate AI risk management into development lifecycles. Establish frameworks for responsible AI, data privacy, and transparency in alignment with global standards. Leadership & Team Development Build, mentor, and lead a high‑performing global security team spanning information security, application security, and risk functions. Foster a culture of accountability, collaboration, and continuous improvement. Drive measurable operational excellence through KPIs, maturity models, and executive reporting. Qualifications 12+ years of progressive experience in information security, including at least 5 years in senior leadership roles (CISO, VP, or equivalent) within a SaaS or high‑growth technology environment. Deep expertise across information security domains, including secure application development, threat detection, data protection, governance, risk, and compliance. Proven track record building and maturing security programs at scale — including governance frameworks, SSDLC practices, and risk management methodologies. Strong understanding of security and privacy regulatory frameworks (SOC 2, ISO 27001, PCI‑DSS, GDPR, CCPA, etc.). Exceptional communication skills with the ability to influence executive stakeholders and translate technical risks into business impact. Experience leading audits, certifications, and regulatory interactions. Professional certifications such as CISSP, CISM, CISA, CCSP, or equivalent strongly preferred. Benefits Competitive salary and benefits package. Health, dental, and vision coverage. Access to employee benefits portal for exclusive discounts. Monthly company‑wide events, celebrations, and team activities. Bravo reward points program for recognition and appreciation. Convenient office location close to public transit. How to Apply If this great opportunity looks rewarding to you, let’s connect. Our online application will give you the option to apply to this role directly. Diversity & Inclusion We value diversity and inclusion and encourage all qualified people to apply. If we can make this easier through accommodation in the recruitment process, or if you need assistance to accommodate a disability, please contact us with the “Help” button in the application. We will review applications, with priority given to those who have completed the assessment, and look forward to hearing from you. Seniority level Executive Employment type Full‑time Job function Information Technology Industries IT Services and IT Consulting #J-18808-Ljbffr