Ciso Opportunity At Cengage Group
We believe in the power and joy of learning. At Cengage Group, our employees have a direct impact in helping students around the world discover the power and joy of learning. We are bonded by our shared purpose driving innovation that helps millions of learners improve their lives and achieve their dreams through education. Our culture values inclusion, engagement, and discovery. Our business is driven by our strong culture, and we know that creating an inclusive workplace is absolutely essential to the success of our company and our learners, as well as our individual well-being. We recognize the value of diverse perspectives in everything we do, and strive to ensure employees of all levels and backgrounds feel empowered to voice their ideas and bring their authentic selves to work. We achieve these priorities through programs, benefits, and initiatives that are integrated into the fabric of how we work every day.
The Chief Information Security Officer (CISO) is a senior technology executive accountable for protecting Cengage Group's digital assets, data confidentiality, and technology infrastructure from cyber threats while ensuring compliance with regulatory requirements. This leader defines and delivers the enterprise information security strategy, building a robust and resilient security posture that enables business innovation while mitigating risk. The CISO combines deep technical expertise with executive leadership, shaping the company's security vision while driving excellence in security operations, risk management, and governance. This role balances strategic vision, business partnership, and organizational influence to ensure security becomes an enabler of digital transformation rather than a barrier to progress. As a critical member of the IT leadership team, reporting to the CIO, this role serves as the primary authority on cybersecurity matters and partners closely with business leaders, legal, compliance, and the board to align security investments with enterprise priorities and risk appetite.
Key Responsibilities
- Enterprise Security Strategy & Risk Leadership
Define and deliver the enterprise information security strategy, aligned with business priorities, digital transformation initiatives, and the company's risk tolerance in a PE-backed environment preparing for liquidity events.
Lead the development and implementation of comprehensive security programs encompassing cyber defense, data protection, identity and access management, security operations, and threat intelligence.Conduct enterprise-wide risk assessments, identify vulnerabilities across the technology estate, and prioritize remediation efforts to reduce risk exposure while enabling business agility.Serve as the primary cybersecurity advisor to the CIO, executive leadership team, and board of directors, translating technical risks into business impact and providing strategic recommendations on security investments.Drive security architecture decisions that balance protection with performance, cost efficiency, and user experience across cloud, on-premises, and hybrid environments.Cyber Defense & Security OperationsOversee security incident detection, response, and recovery programs, ensuring swift identification and mitigation of potential breaches with minimal business disruption.
Manage the security architecture, tools, and technologies deployed across the organization's IT infrastructure, including firewalls, intrusion detection / prevention systems, SIEMs, endpoint protection, and encryption protocols.Lead security operations center (SOC), threat hunting capabilities, and vulnerability management programs that proactively identify and remediate security weaknesses.Develop and maintain incident response playbooks, disaster recovery plans, and business continuity protocols that ensure organizational resilience against emerging threats.Monitor security metrics, threat landscape trends, and attack patterns to continuously evolve defensive capabilities and inform executive decision-making on security posture.Governance, Compliance & Data ProtectionEnsure compliance with industry standards, regulatory requirements, and data protection laws including GDPR, CCPA, FERPA, SOC 2, ISO 27001, and other relevant frameworks for the education technology sector.
Coordinate with legal, compliance, privacy, and regulatory teams to maintain certifications, manage audits, and respond to regulatory inquiries with appropriate documentation and evidence.Develop and enforce security policies, procedures, standards, and protocols that align with business goals, regulatory obligations, and industry guidelines.Be responsible for data classification, data loss prevention (DLP), and privacy programs that protect sensitive student, employee, and company information across all systems and geographies.Manage security audits, compliance assessments, and third-party risk evaluations, ensuring vendors and partners meet security requirements and contractual obligations.Business Partnership & Security EnablementServe as a trusted partner to business executives, ensuring security investments and controls enable business innovation while appropriately managing risk.
Collaborate with product, engineering, and DevOps teams to integrate security measures into software development lifecycles through DevSecOps practices and secure-by-design principles.Partner with IT leadership on technology modernization initiatives including cloud migration, digital transformation, and AI / ML adoption, ensuring security is embedded from inception.Communicate security value and risk posture at the executive and board levels, linking security investments to business outcomes including revenue protection, regulatory compliance, and competitive differentiation.Champion security awareness and cultural transformation across the enterprise, promoting shared responsibility for security rather than viewing it as solely an IT function.Leadership & Talent DevelopmentLead and inspire a global security team including security architects, security engineers, SOC analysts, governance / risk / compliance specialists, and security operations professionals.
Establish career pathways, competencies, and training programs that elevate security capability and develop next-generation cybersecurity leaders.Champion a culture of accountability, collaboration, continuous learning, and innovation within the security organization.Act as an executive sponsor for security awareness training programs for employees at all levels, promoting a culture of cybersecurity across the organization.Build strategic relationships with peer CISOs, industry groups, law enforcement, and threat intelligence communities to stay ahead of emerging threats and share best practices.Qualifications
15+ years of progressive leadership in information security, cybersecurity, or risk management, with 5+ years in senior director, VP, or CISO roles.Proven track record developing and implementing enterprise security programs in global, complex organizations, preferably in education technology, SaaS, or regulated industries.Extensive knowledge of information security principles, cybersecurity frameworks (NIST, ISO 27001, CIS Controls), and risk management practices with demonstrable success reducing organizational risk.Deep expertise in security technologies including firewalls, intrusion detection / prevention systems, SIEMs, identity and access management (IAM), cloud security platforms, and encryption protocols.Solid understanding of data privacy regulations (GDPR, CCPA, FERPA) and compliance requirements with experience managing audits and regulatory relationships.Experience securing cloud infrastructure (AWS, Azure, GCP) and implementing cloud-native security architectures in multi-cloud and hybrid environments.Demonstrated ability to lead incident response programs, manage security breaches, and coordinate with legal, communications, and executive teams during crisis situations.Exceptional leadership skills with a history of developing high-performing, distributed security teams across multiple disciplines and geographies.Strong business sense and communication skills, with the ability to influence C-suite leaders and board members by translating technical security concepts into business risk and value propositions.Experience working in PE-backed technology companies preferred, with understanding of security requirements for M&A due diligence, integration, and preparing for liquidity events.Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or equivalent strongly preferred.Familiarity with DevSecOps practices, secure software development, ethical hacking, and penetration testing techniques valued.Understanding of artificial intelligence and machine learning applications in security, including emerging threats and defensive capabilities in AI-powered systems.Cengage Group is committed to working with broad talent pools to attract and hire strong and most qualified individuals. Our job applicants are considered regardless of race, national origin, religion, sex, sexual orientation, genetic information, disability, age, veteran status, and any other classification protected by applicable federal, state, provincial or local laws. Cengage is also committed to providing reasonable accommodations for qualified individuals with disabilities including during our job application process. If you are an applicant with a disability and require reasonable accommodation in our job application process, please contact us at accommodations.ta@ or at +1 (6
