Deputy CISO
EU: Senior-level role (20+ years), Technical + Leadership blend(We are currently seeking a Deputy CISO for our office in Gothenburg, Sweden)Role Summary:The Jeppesen ForeFlight (Jepp FF) Deputy CISO — EU will be the senior security leader partnering with local business leads and customers, providing vision for the site and ensuring security meets business needs. This role is responsible for translating global security strategy into regional execution and managing regulatory and customer assurance requirements across the EU region.
The Deputy CISO will drive secure architecture and engineering practices across cloud and product platforms. The role is both strategic and hands-on: advising the business and customers, leading incident readiness and regulatory engagements, and providing technical leadership. The person in this role is a player-coach who builds awareness, increases knowledge, and drives adoption of cloud technologies by communicating consumer and technical benefits to gain buy-in. They will apply system architecture and AI / cloud security concepts and techniques to inform major technical decisions and to shape technical vision, strategy, and system architecture.
They must have a technical background with experience building and operating high-quality, secure software at scale in a 24x7 global, multi-cloud SaaS environment. They are effective communicators and influencers, comfortable speaking to CxOs and senior executives as well as diverse audiences of software engineers and product managers. They make data-driven decisions and act as mentors for other technologists when necessary. They understand the challenges of organizational change and the nuances of adopting new technologies and development practices.Key responsibilities:• Partner with Global CISO, peers and regional leaders to define and execute the EU security strategy and roadmap.
Conduct business vs. key security risk analysis.• Drive Secure Software Development Life Cycle (SSDLC) adoption: threat modeling, SAST/DAST workflows, pen testing, supply chain security, container and IaC scanning.• Oversee MSSP working with service providers, defining / reviewing SOC use cases, and managing incident response.• Define and govern AI/ML security and agentic secure architecture.• Drive network security, vulnerability management, PSIRT, BCP/DR, DLP, and threat intelligence.• Lead governance of the Planning & Operations ISMS (until merged into a single Jeppesen ForeFlight ISMS) for the Gothenburg site related to information security matters.• Lead regulatory compliance and liaison activities across the EU region, Sweden, Gothenburg (data protection, critical infrastructure regulators) and support global compliance programs (e.g., GDPR, SOC, ISO 27001, as applicable).• Own customer assurance for security and privacy: respond to security questionnaires, enable customer audits, and present security posture to customers and partners.• Define and validate security requirements, architecture, and design constraints for cloud migrations and production operations, ensuring cloud solutions meet needs for alerting, monitoring, HA, DR, CI/CD, operations, and information security.
Assess migration feasibility, maintain architecture artifacts, and define cloud security principles, patterns, and standards.• Act as a trusted advisor: oversee migrations into production for correctness, provide technical guidance to teams and vendors, and communicate clearly with business and technical stakeholders. Driving cloud excellence and automation, promotes reuse and inner sourcing, and helps standardize secure, scalable platform implementations.• Define and govern secure architecture standards for AI/ML, identity and access, and platform security; review and approve high risk designs.• Provide leadership and hands-on capability for security engineering initiatives: cloud security controls, automated compliance, logging/monitoring, and CI/CD security.• Oversee incident response and readiness: runbooks, tabletop exercises, and lead regional major incident coordination.• Mentor and build local security capability: hiring, training, and establishing communities of practice with product and engineering teams.• Manage third party risk for critical vendors and support procurement/security reviews.Required experience & skills:• 20+ years in information security with progressive leadership and hands-on engineering experience.• 15 years’ experience among Security roles and builder/developer roles.• Experience in regulatory and compliance engagements within EU markets and for Sweden/Gothenburg site (e.g., EU and Swedish data rules, regional regulators).• Hands-on experience on cloud architecture, secure SaaS architecture/design, Strong cloud security expertise in AWS/Azure/GCP (architecture and security controls).• Experience with AI/ML security and agentic security (MCP, A2A protocol security).• Demonstrated track record implementing and operationalizing SSDLC across engineering organizations (threat modeling, SAST/DAST, SBOM).• Deep practical experience with DevSecOps, CI/CD pipelines, container and serverless security, and IaC security.• Hands-on experience with identity systems and CIAM Okta/Auth0 (OAuth2, OIDC, SAML, delegated auth, SCIM).• Experience with security assurance processes: customer audits, SOC/ISO/PCI readiness, pen testing, and remediation cycles.• Experience with Vulnerability Management and IT security (firewalls, proxies, WAF)• Incident response leadership experience and ability to lead major incident communications with customers and regulators.• Strong stakeholder skills: ability to influence engineering, product, legal, sales, and executive teams.• Excellent written and verbal communication skills for technical and non-technical audiences; comfortable presenting to customers and boards.• Regional experience across EU time zones and cultural/linguistic awareness.• Proven experience to research, advise, compare and recommend technology solutions; ability to demonstrate and maintain method of keeping current on new technologiesBehavioral competencies:• Strategic thinker with strong execution bias.• Customer-focused, high integrity, and diplomatic under pressure.• Collaborative leader who can mentor engineers and influence senior stakeholders.• Comfortable with ambiguity and driving change in fast-growing environmentsPreferred Qualifications:.• Relevant certifications: CISSP, CISM, CCSK, AWS/Azure/GCP Security Specialty, GIAC (GCIH/GWAPT/GASF), or equivalent, ISO 27K LA/LI• Strong interpersonal, communication, and organizational skills.• Experience enabling an organization focused on business outcomes.• Ability to inspire and lead.Typical Education & Experience:• Bachelor’s or Master’s or PhD in computer science, Engineering, or related field (or equivalent experience).• Education/experience typically acquired through advanced technical education (e.g.
Bachelor) and typically 20 or more years' related work experience or an equivalent combination of technical education and experience• Please apply by sending your CV in English.Relocation: This position does not offer relocation. Candidates must live in the immediate area or relocate at their own expense.Important information regarding this requisition: This requisition is for a locally hired position in SWEDEN. Candidates must have current legal authorization to live and work in Sweden. Benefits and pay are determined at the local level and are not part of Boeing U.S.
based payroll.Visa Sponsorship: Employer will initiate the visa application; however, the successful candidate will cover the cost of visa.Please apply by sending your CV in English.
