Chief Security Officer @ Bottle Lab

The Chief Security Officer (CSO) is responsible for the strategic leadership, direction, and oversight of all corporate security functions. This includes information security, physical security, risk management, incident response, compliance, and business continuity. The CSO will work closely with executive leadership and cross-functional teams to ensure the company s assets, employees, and data are protected.

1. Enterprise Security Leadership
Own and evolve SmartQ s global security strategy covering cyber, infrastructure, product, data, and field security.
Act as a strategic partner to product, engineering, and business teams, enabling innovation while maintaining strong security.
Serve as the primary representative for security audits, stakeholder reviews, and compliance programs (SOC 2, ISO 27001, GDPR, Compass standards).
2. Infrastructure & Endpoint Security
Drive secure development practices and zero-trust architecture across cloud environments (AWS/GCP).
Lead configuration and monitoring of SIEM tools, firewalls, endpoint protection (Trend Micro, Zscaler), mobile device management (Intune), and enterprise patch and compliance tools (Tanium, OS license validation, AV coverage).
Review codebases, infrastructure-as-code templates, and DevSecOps pipelines.
Lead endpoint security hardening for enterprise laptops/desktops and POS/kiosk devices, ensuring full visibility and compliance.

3. Compliance & Risk Governance
Design and implement internal security controls, vulnerability assessments, and threat intelligence frameworks.
Oversee third-party security evaluations, vendor compliance, and deployment of governance tools (SQ Lens).
Build operational compliance dashboards for real-time tracking of endpoint compliance (AV, patch, OS licensing, Zscaler).
Ensure adherence to Compass Group, global, and regional data protection regulations.
4. Crisis Management & Incident Response
Build a company-wide incident response program and conduct periodic drills.
Lead incident response teams during breaches, ensuring rapid mitigation and transparent reporting.
Maintain clear playbooks for POS, cloud, and field environments.

5. Security Awareness & Culture Building
Build and mentor the InfoSec team.
Champion a security-first culture through training programs, phishing simulations, and awareness campaigns.
Drive targeted security awareness for field users (POS operators, kitchen staff, warehouse) ensuring operational teams understand and follow security best practices.

Qualifications:
Bachelor s degree in computer science, Engineering, or a related field (or equivalent experience).
15+ years in information security or cybersecurity leadership roles.
Proven experience in cloud security, compliance audits, and vendor governance.
Deep understanding of SOC 2, ISO 27001, GDPR frameworks.
Proficiency in tools like SIEM, DLP, EDR, IAM, and secure SDLC practices.
Certifications such as CISSP, CISM, CISA, or ISO 27001 LA.
Strong communication skills and experience working with global teams and enterprise clients.
Prior experience in high-growth B2B tech, consumer tech, retail, POS, or kiosk systems.
Understanding of AI/ML security risks and modern data governance models.

:
.