Job Description

ABOUT YOU

Xsolla is seeking an experienced and visionary Chief Information Security Officer (CISO) to lead and scale our global information security and compliance strategy . As CISO , you will be responsible for safeguarding our products, platforms, infrastructure, and customer data across all regions . This is a strategic leadership role, essential to maintaining the trust of our partners and users as we grow and innovate in the global gaming ecosystem .

You will report directly to the CTO and work cross-functionally with executive leadership, engineering, legal, compliance, and product teams . Your mission is to align Xsolla’s security and compliance posture with its business objectives, ensuring world-class protection while enabling innovation and operational agility .

• Define, drive, and continuously evolve Xsolla’s enterprise-wide information security and compliance strategy.
• Serve as the primary executive owner of cybersecurity risk management and cybersecurity incident response.
• Advise the executive team on security risks, priorities, and investment decisions.
• Align security initiatives with company objectives, regulatory requirements, and customer trust commitments.
• Build, lead, and mentor a world-class security organization, including security operations, application security, and GRC (governance, risk & compliance).
• Promote a culture of security-first thinking across all levels of the organization.
• Oversee security for private and public cloud infrastructure (AWS/GCP), SaaS applications, corporate IT, and development environments.
• Embed secure development practices into SDLC, CI/CD pipelines, DevSecOps, and infrastructure-as-code.
• Lead proactive threat modeling, secure code reviews, vulnerability management, and threat detection initiatives.
• Ensure a robust and tested incident response and disaster recovery framework.
• Own Xsolla’s compliance programs, including PCI DSS, SOC 1, SOC 2, GDPR, CCPA, and other applicable frameworks and regulations.
• Lead regular audits, risk assessments, and gap analyses to ensure ongoing compliance.
• Collaborate with Legal, IT, and external auditors to ensure policies and procedures align with evolving regulatory and industry requirements.
• Establish a company-wide risk management framework to identify, assess, mitigate, and monitor cybersecurity and compliance risks.
• Evaluate, implement, and manage security and compliance tooling across infrastructure, endpoints, and applications.
• Engage and manage third-party vendors for audits, penetration testing, threat intelligence, and managed services.
• Standardize scalable processes for vulnerability remediation and compliance monitoring.
• Translate security and compliance risks into business terms and effectively communicate them to executive leadership and stakeholders.
• Deliver regular reports, metrics, and board-level updates on security posture, risk, and compliance.

• 10+ years of progressive leadership experience in cybersecurity and compliance, ideally in SaaS or enterprise technology environments.
• Deep expertise in cloud-native security (AWS/GCP), application security, data protection, and risk management.
• Direct experience managing compliance programs across multiple frameworks (PCI DSS, SOC 1/2, GDPR, ISO 27001, etc.).
• Proven ability to scale security programs globally while aligning with business and product objectives.
• Strong communication and executive reporting skills.
• Experience leading secure development and DevSecOps practices in high-growth environments.

• Experience in the gaming industry, fintech, or B2B platform services.
• Familiarity with tools such as Palo Alto Networks, Google Cloud Security Command Center (SCC), AWS Security Hub / AWS GuardDuty, or other cloud and code security platforms.
• Professional certifications: CISSP, CISM, CCSP, CISA, or similar.
• Deep understanding of global data privacy regulations and cross-border data handling.

Job Tags

Similar Jobs