Security Engineering Lead

About CXG

Founded in 2006, CXG is a global business with 12 offices across four continents and 70 countries, employing over 250 professionals. We specialize in strategic solutions that elevate customer experience and impact performance for over 230 iconic premium and luxury brands, always evolving, elevating, and transforming experiences while bringing brand promises to life.

The Opportunity: Security Engineering Lead

We are seeking a Security Engineering Lead to own and continuously improve CXG's security posture across all platforms, including cloud, enterprise systems, applications, AI solutions, and third-party services. This is a hands-on leadership role that combines governance, engineering validation, automation, and client-facing security representation. The ideal candidate will embed security into architecture, development workflows, AI adoption, and operational practices in a scalable and structured way, ensuring security acts as a business enabler, not a blocker.

Key Responsibilities

• Security Governance & Risk: Own and maintain the ISMS aligned with ISO 27001. Manage risk assessment frameworks, policies, and security KPIs. Ensure alignment with client security requirements and drive continuous maturity improvement.
• Vulnerability Management & Testing: Operate a structured vulnerability management program, conduct internal scans, and coordinate external penetration testing. Validate remediation, track resolution progress, and provide structured reporting on risk posture.
• Application & DevSecOps Security: Define secure coding standards and security gates. Implement SAST, DAST, and dependency scanning. Integrate security into CI/CD pipelines and review high-risk features, validating remediation.
• Cloud, Infrastructure & Enterprise Security: Define and validate cloud security baselines. Review IAM models, network segmentation, firewall, and WAF controls. Ensure encryption, logging, monitoring, and least-privilege principles. Lead Microsoft 365, Defender, endpoint, and identity security governance with hands-on ownership of enterprise security controls.
• AI & Tool Security Governance: Assess security implications of new tools and AI platforms. Define guardrails for responsible AI and data usage. Ensure secure-by-design technology adoption.
• Third-Party & Vendor Security: Assess vendor security posture prior to adoption. Maintain vendor risk framework. Respond to client security questionnaires and due diligence. Support contract-level security discussions.
• Incident Response & Preparedness: Maintain incident response plans and escalation procedures. Coordinate security incidents across environments. Lead post-incident reviews and corrective actions.
• Security Culture & Enablement: Promote security awareness and best practices. Train teams on secure development and operations. Continuously improve automation and controls.

What You Will Bring

Experience:

• 5+ years in cybersecurity, cloud security, or security engineering.
• Proven experience securing cloud and SaaS environments.
• Hands-on vulnerability management and penetration testing coordination.
• Experience implementing automated security controls.
• Experience with enterprise identity and endpoint security platforms.
• Vendor security assessment experience.
• ISO 27001 or similar governance exposure.
• Experience interacting with clients on security matters.

Technical Skills:

• Strong cloud security and architecture validation expertise.
• Network security, firewall, and web application protection knowledge.
• DevSecOps and CI/CD security integration.
• Application vulnerability assessment capability.
• AI and third-party tool risk evaluation.

Soft Skills:

• Strong ownership mindset.
• Risk-based decision making.
• Clear communicator with technical and non-technical stakeholders.
• Comfortable in client-facing discussions.
• Structured and composed during incidents.
• Automation and continuous improvement oriented.

Key Skills/Competency

• Cybersecurity leadership
• Cloud security
• ISO 27001 governance
• Vulnerability management
• DevSecOps
• Incident response
• Third-party risk management
• AI security
• Identity and endpoint security
• Security automation