Chief Information Security Officer (Remote)

Chief Information Security Officer (CISO)

We believe in the power and joy of learning. At Cengage Group, our employees have a direct impact in helping students around the world discover the power and joy of learning. We are bonded by our shared purpose driving innovation that helps millions of learners improve their lives and achieve their dreams through education. Our culture values inclusion, engagement, and discovery. Our business is driven by our strong culture, and we know that creating an inclusive workplace is absolutely essential to the success of our company and our learners, as well as our individual well-being. We recognize the value of diverse perspectives in everything we do, and strive to ensure employees of all levels and backgrounds feel empowered to voice their ideas and bring their authentic selves to work. We achieve these priorities through programs, benefits, and initiatives that are integrated into the fabric of how we work every day. To learn more, please see Cengage Group's Inclusion and Belonging .

The Chief Information Security Officer (CISO) is a senior technology executive accountable for protecting Cengage Group's digital assets, data confidentiality, and technology infrastructure from cyber threats while ensuring compliance with regulatory requirements. This leader defines and delivers the enterprise information security strategy, building a robust and resilient security posture that enables business innovation while mitigating risk. The CISO combines deep technical expertise with executive leadership, shaping the company's security vision while driving excellence in security operations, risk management, and governance. This role balances strategic vision, business partnership, and organizational influence to ensure security becomes an enabler of digital transformation rather than a barrier to progress. As a critical member of the IT leadership team, reporting to the CIO, this role serves as the primary authority on cybersecurity matters and partners closely with business leaders, legal, compliance, and the board to align security investments with enterprise priorities and risk appetite.

Key Responsibilities

Enterprise Security Strategy & Risk Leadership

Define and deliver the enterprise information security strategy, aligned with business priorities, digital transformation initiatives, and the company's risk tolerance in a PE-backed environment preparing for liquidity events.

• Lead the development and implementation of comprehensive security programs encompassing cyber defense, data protection, identity and access management, security operations, and threat intelligence.
• Conduct enterprise-wide risk assessments, identify vulnerabilities across the technology estate, and prioritize remediation efforts to reduce risk exposure while enabling business agility.
• Serve as the primary cybersecurity advisor to the CIO, executive leadership team, and board of directors, translating technical risks into business impact and providing strategic recommendations on security investments.
• Drive security architecture decisions that balance protection with performance, cost efficiency, and user experience across cloud, on-premises, and hybrid environments.

Cyber Defense & Security Operations

Governance, Compliance & Data Protection

Ensure compliance with industry standards, regulatory requirements, and data protection laws including GDPR, CCPA, FERPA, SOC 2, ISO 27001, and other relevant frameworks for the education technology sector.

Business Partnership & Security Enablement

Serve as a trusted partner to business executives, ensuring security investments and controls enable business innovation while appropriately managing risk.

Leadership & Talent Development

Qualifications

15+ years of progressive leadership in information security, cybersecurity, or risk management, with 5+ years in senior director, VP, or CISO roles. Proven track record developing and implementing enterprise security programs in global, complex organizations, preferably in education technology, SaaS, or regulated industries. Extensive knowledge of information security principles, cybersecurity frameworks (NIST, ISO 27001, CIS Controls), and risk management practices with demonstrable success reducing organizational risk. Deep expertise in security technologies including firewalls, intrusion detection / prevention systems, SIEMs, identity and access management (IAM), cloud security platforms, and encryption protocols. Solid understanding of data privacy regulations (GDPR, CCPA, FERPA) and compliance requirements with experience managing audits and regulatory relationships. Experience securing cloud infrastructure (AWS, Azure, GCP) and implementing cloud-native security architectures in multi-cloud and hybrid environments. Demonstrated ability to lead incident response programs, manage security breaches, and coordinate with legal, communications, and executive teams during crisis situations. Exceptional leadership skills with a history of developing high-performing, distributed security teams across multiple disciplines and geographies. Strong business sense and communication skills, with the ability to influence C-suite leaders and board members by translating technical security concepts into business risk and value propositions. Experience working in PE-backed technology companies preferred, with understanding of security requirements for M&A due diligence, integration, and preparing for liquidity events. Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or equivalent strongly preferred. Familiarity with DevSecOps practices, secure software development, ethical hacking, and penetration testing techniques valued. Understanding of artificial intelligence and machine learning applications in security, including emerging threats and defensive capabilities in AI-powered systems.

Cengage Group is committed to working with broad talent pools to attract and hire strong and most qualified individuals. Our job applicants are considered regardless of race, national origin, religion, sex, sexual orientation, genetic information, disability, age, veteran status, and any other classification protected by applicable federal, state, provincial or local laws. Cengage is also committed to providing reasonable accommodations for qualified individuals with disabilities including during our job application process. If you are an applicant with a disability and require reasonable accommodation in our job application process, please contact us at accomodations.ta@cengage.com or at +1 (617) 289-7917.

About Cengage Group

Cengage Group, a global education technology company serving millions of learners, provides affordable, quality digital products and services that equip students with the skills and competencies needed to be job ready. For more than 100 years, we have enabled the power and joy of learning with trusted, engaging content, and now, integrated digital platforms.

#J-18808-Ljbffr