Head of CISO Office

The expected salary for this position: 30 400 - 45 000 PLN if the successor is hired in PL

The NL salary scale 14 conditions apply if the successor is hired in NL.

The financial ranges specified in the announcement are adjusted and may differ from the range specified in the remuneration regulations.

The head of the CISO office is accountable for running the operating system of the Global CISO organization.

This role ensures that CISO strategy is translated into disciplined execution, that leadership decisions are well-framed and followed through, and that outputs to senior management, boards, and regulators are consistently executive-ready.

This is a first-line leadership role with direct accountability for results.

Amsterdam Netherlands, Katowice Poland

Reports directly to the Global Chief Information Security Officer (CISO)

1. Strategy Execution & Oversight
   • Own and maintain the integrated Global CISO roadmap across countries and security domains
   • Strategic priorities are translated into clear, time-bound roadmaps
   • Delivery progress is tracked consistently across countries and domains
   • Missed milestones and delivery risks are identified early
   • Leaders are held to account when commitments are not met
   • Escalations are fact based, timely, and decision oriented
   • Identify and manage cross-domain and cross-country dependencies
   • Track quarterly outcomes against strategic priorities
2. Operating Governance of the CISO Office
   • Defining how decisions are prepared, framed, and followed through
   • Design and maintain the enterprise operating cadence of the CISO organization, independent of the Global CISO's personal meeting schedule
   • Define and maintain decision and information standards for leadership forums, ensuring consistent decision-making and follow-through across the Global CISO organization
   • Define agenda standards and decision-framing expectations
   • Ensure leadership forums result in decisions and actions, not status updates
   • Provide execution transparency on decisions taken in leadership forums, regardless of where the decisions are made
   • Define and enforce escalation thresholds and decision rights
3. Executive Quality & Readiness Gate
   • Enforce a mandatory executive-readiness gate for all materials submitted to:
     • The Global CISO
     • Boards
     • Regulators
     • Audit
     • Senior management
   • Ensure peer review is completed before Global CISO review
   • Enforce use of approved templates and narratives
   • Materials are clear, concise, and decision-oriented.
4. Metrics Operating Model
   • Ensure consistent production, aggregation, and reporting of metrics across countries and domains
   • Maintain executive dashboards and board-level views
   • Flag late, missing, or inconsistent data
   • Translate metrics into decision-enabling executive narratives
5. Security Awareness
   • Define and execute a 2026 security awareness road map
   • Scaling awareness consistently across:
     • Countries
     • Business units
     • Leadership levels
   • Adapting awareness to a threat landscape that is faster, more precise, and more targeted.
   • Ensuring awareness moves beyond training to measurable behavioral change
   • Leading the Security Awareness team and associated capabilities
6. Cyber Exercise Program & Preparedness
   • Designing and running exercises that test defined processes, standards, cross-country coordination
   • Ensuring lessons learned are captured and translated into improvements driving consistency and preparedness between country CISO's and domain CISO's
   • Supporting leadership confidence in crisis readiness
7. Leadership of the CISO Office
   • Lead and develop the CISO Office team, including:
     • Execution Enablement
     • Global exercises function
     • Security awareness team
     • Business analyst(s) (templates, dashboards, executive views)

• 10+ years in cybersecurity, technology, or complex regulated environments
• Experience operating at enterprise / group level in a matrix organization
• Strong background in execution management, operating models, or chief-of-staff-type roles
• Proven ability to work with senior executives and challenge constructively
• Experience supporting board-level or regulator-facing outputs
• High comfort operating with ambiguity and incomplete information

• Experience in financial services or other highly regulated industries
• Exposure to ECB / DORA / audit-driven environments
• Experience working across multiple countries or regions

• Ability to translate strategy into execution
• Strong judgment on what needs escalation vs what does not
• Ability to enforce standards without formal authority
• Exceptional clarity of thought and communication
• Comfort saying "this is not executive-ready"
• Ability to operate independently of the CISO's day-to-day involvement

• Execution against strategy is predictable and transparent
• Leadership forums result in clear decisions and actions
• Materials reaching the CISO are consistently executive-ready
• The CISO spends less time on tactical follow-ups
• Boards and regulators see a coherent, consistent story