Head of Security

POSITION DESCRIPTION:

Valsoft's Edelweiss Software Group is seeking an experienced and business-savvy Head of Security to lead the Information Security function for several portfolios within a global holding organization composed of multiple diverse subsidiaries across industries, geographies, and risk profiles. This leader will be responsible for driving consistent, risk-aware, and efficient security practices across the group, and will play a pivotal role in adapting security programs to the nuanced needs of each subsidiary. 

This role requires strategic leadership and hands-on execution. The Head of Security will collaborate closely with the Global CISO, while directly supporting the group's leadership to ensure that security maturity evolves in alignment with the group's business goals. 

KEY RESPONSIBILITIES:

• Translate HQ’s baseline standards into a tailored security roadmap 

• Develop and maintain a security maturity model scaled to the subsidiaries’ size and complexity 

• Define tiers of subsidiaries by risk, industry, and data sensitivity to drive differentiated strategies 

• Create and maintain a library of group-level policies, templates, and standards (e.g., IR plan, password policy) 

• Facilitate adoption of policies across subsidiaries with appropriate localization 

• Establish and manage a policy update cadence with version control 

• Provide or recommend shared tooling across the group 

• Negotiate contracts with preferred security vendors and manage licensing agreements 
• Build lightweight security engineering support, whether internal or outsourced 
• Participate in M&A evaluations to assess the cybersecurity posture of targets 
• Advise investment teams on cyber risk exposure and hidden liabilities 
• Conduct annual or biannual security self-assessments across subsidiaries. 
• Consolidate results into quarterly dashboards for group leadership and HQ. 
• Publish and maintain a group-wide incident response playbook. 
• Serve as the first escalation point for incidents at the subsidiary level. 
• Coordinate post-incident reviews and group-level communication. 
• Help subsidiaries pursue and maintain compliance (e.g., SOC 2, ISO 27001, GDPR, HIPAA). 
• Maintain a centralized view of compliance status across the group. 
• Assist with customer/vendor security questionnaires and audits. 
• Triage critical vulnerabilities and incidents across subsidiaries. 
• Escalate material risks to HQ or Group X executives as needed. 
• Maintain a group-wide risk register and coordinate prioritization. 

REQUIRED/MINIMUM QUALIFICATIONS:

• 10+ years of experience in cybersecurity, with leadership roles across multiple business units or portfolio companies. 

• Proven ability to work cross-functionally with engineering, operations, legal, and executive stakeholders. 

• Deep familiarity with security standards and certifications (e.g., SOC 2, ISO 27001) 

• Demonstrated experience in multi-entity environments such as holding companies, private equity, or decentralized organizations. 

• Strong communication, negotiation, and influencing skills. 

PREFERRED QUALIFICATIONS:

• Empathy for the business: Understands startup vs. mature subsidiary dynamics. 

• Influence without authority: Excels at driving outcomes through relationships, not mandates. 

• Operational fluency: Balances strategic vision with hands-on delivery. 

• Program management: Leads repeatable assessments, tooling, and remediation efforts. 

• Adaptability: Able to flex approaches across subsidiaries with varying maturity. 

WHY JOIN US?This is a high-impact leadership opportunity to build and shape a scalable security program across a dynamic and diverse group of companies. You'll work with forward-thinking executives; help safeguard innovative businesses and collaborate with a global security team, all while enjoying flexibility and autonomy. 

Ready to join a collaborative and innovative team where you can make an immediate impact?